Analysis Report

Overview

General Information

Joe Sandbox Version:	19.0.0
Analysis ID:	288656
Start time:	14:20:55
Joe Sandbox Product:	Cloud
Start date:	08.06.2017
Overall analysis duration:	0h 5m 30s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://toitvert.net/ok
Analysis system description:	Windows 7 (Office 2010 v14.0.4, Java 1.8.0_40, Flash 16.0.0.305, Acrobat Reader 11.0.08, Internet Explorer 11, Chrome 55, Firefox 43)
Number of analysed new started processes analysed:	4
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies	HCA enabled EGA enabled
Detection:	MAL
Classification:	mal48.phis.win@3/53@20/9
HCA Information:	Failed
EGA Information:	Failed
Cookbook Comments:	Browsing: http://toitvert.net/ok Browsing link: https://www.capbilcap.ca/update-login/update/Login///customer_center/customer-IDPP00C635/myaccount/signin/?country.x=US&locale.x=en_US# Browsing link: https://www.capbilcap.ca/update-login/update/Login///customer_center/customer-IDPP00C635/myaccount/signin/?country.x=US&locale.x=en_US# Browsing link: https://www.capbilcap.ca/update-login/update/Login///customer_center/customer-IDPP00C635/myaccount/signin/?country.x=US&locale.x=en_US# Browsing link: https://www.capbilcap.ca/update-login/update/Login///customer_center/customer-IDPP00C635/myaccount/signin/?country.x=US&locale.x=en_US# Browsing link: https://www.capbilcap.ca/update-login/update/Login///customer_center/customer-IDPP00C635/myaccount/signin/?country.x=US&locale.x=en_US#
Warnings:	Show All Exclude process from analysis (whitelisted): WmiApSrv.exe, dllhost.exe Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtDeviceIoControlFile calls found.

Detection

Strategy	Score	Range	Reporting	Detection
Threshold	48	0 - 100	Report FP / FN

Confidence

Strategy	Score	Range	Further Analysis Required?	Confidence
Threshold	5	0 - 5	false

Classification

Analysis Advice

Sample has a GUI, but Joe Sandbox has not found any clickable buttons, likely requires more UI automation

Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis

Signature Overview

Click to jump to signature section

Phishing:

META author tag missing

Show sources

Source: https://www.capbilcap.ca/update-login/update/Login///customer_center/customer-IDPP00C635/myaccount/signin/?country.x=US&locale.x=en_US

HTTP Parser: No <meta name="author".. found

META copyright tag missing

Show sources

Source: https://www.capbilcap.ca/update-login/update/Login///customer_center/customer-IDPP00C635/myaccount/signin/?country.x=US&locale.x=en_US

HTTP Parser: No <meta name="copyright".. found

HTML title does not match URL

Show sources

Source: https://www.capbilcap.ca/update-login/update/Login///customer_center/customer-IDPP00C635/myaccount/signin/?country.x=US&locale.x=en_US

HTTP Parser: Title: Log in to your PayPal Account does not match URL

HTML body contains low number of good links

Show sources

Source: https://www.capbilcap.ca/update-login/update/Login///customer_center/customer-IDPP00C635/myaccount/signin/?country.x=US&locale.x=en_US

HTTP Parser: Number of links: 0

Invalid T&C link found

Show sources

Source: https://www.capbilcap.ca/update-login/update/Login///customer_center/customer-IDPP00C635/myaccount/signin/?country.x=US&locale.x=en_US

HTTP Parser: Invalid link: Privacy

Networking:

Downloads files

Show sources

Source: C:\Program Files\Internet Explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HXM17S7C

Downloads files from webservers via HTTP

Show sources

Source: global traffic	HTTP traffic detected: GET /ok HTTP/1.1Accept: text/html, application/xhtml+xml, /Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: toitvert.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /ok/ HTTP/1.1Accept: text/html, application/xhtml+xml, /Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: toitvert.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /ok/checkout/index.php HTTP/1.1Accept: text/html, application/xhtml+xml, /Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: toitvert.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoHost: www.bing.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoHost: toitvert.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /ok/checkout/backup.php?id=559ee777881d937881aa34e49b305b2d559ee777881d937881aa34e49b305b2d HTTP/1.1Accept: text/html, application/xhtml+xml, /Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: toitvert.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBQmECJms4f7i5EbxtN7NbzQCBwAdAQUUa8kJpz0aCJXgCYrO0ZiFXsezKUCE1oAA8Zm6fJL4TjOQgEAAQADxmY%3D HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Microsoft-CryptoAPI/6.1Host: ocsp.msocsp.com
Source: global traffic	HTTP traffic detected: GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Microsoft-CryptoAPI/6.1Host: ocsp.usertrust.com
Source: global traffic	HTTP traffic detected: GET /MFIwUDBOMEwwSjAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEQDwHUvue3yjezwFZqwFlyRY HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Microsoft-CryptoAPI/6.1Host: ocsp.comodoca.com
Source: global traffic	HTTP traffic detected: GET /pki/crl/products/tspca.crl HTTP/1.1Cache-Control: max-age = 900Connection: Keep-AliveAccept: /If-Modified-Since: Sat, 24 May 2014 05:04:54 GMTIf-None-Match: "8ab194b3d77cf1:0"User-Agent: Microsoft-CryptoAPI/6.1Host: crl.microsoft.com
Source: global traffic	HTTP traffic detected: GET /pki/crl/products/MicRooCerAut2011_2011_03_22.crl HTTP/1.1Cache-Control: max-age = 900Connection: Keep-AliveAccept: /If-Modified-Since: Wed, 07 Dec 2016 06:01:02 GMTIf-None-Match: "cc8e404a4f50d21:0"User-Agent: Microsoft-CryptoAPI/6.1Host: crl.microsoft.com
Source: global traffic	HTTP traffic detected: GET /pki/crl/products/MicRooCerAut2011_2011_03_22.crl HTTP/1.1Cache-Control: max-age = 900Connection: Keep-AliveAccept: /If-Modified-Since: Wed, 07 Dec 2016 06:01:02 GMTIf-None-Match: "cc8e404a4f50d21:0"User-Agent: Microsoft-CryptoAPI/6.1Host: crl.microsoft.com
Source: global traffic	HTTP traffic detected: GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1Cache-Control: max-age = 900Connection: Keep-AliveAccept: /If-Modified-Since: Mon, 21 Nov 2016 06:01:26 GMTIf-None-Match: "ea9ee7b1bc43d21:0"User-Agent: Microsoft-CryptoAPI/6.1Host: crl.microsoft.com
Source: global traffic	HTTP traffic detected: GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1Cache-Control: max-age = 900Connection: Keep-AliveAccept: /If-Modified-Since: Mon, 12 Dec 2016 06:00:18 GMTIf-None-Match: "7254ef33d54d21:0"User-Agent: Microsoft-CryptoAPI/6.1Host: crl.microsoft.com
Source: global traffic	HTTP traffic detected: GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1Cache-Control: max-age = 900Connection: Keep-AliveAccept: /If-Modified-Since: Wed, 02 Nov 2016 05:01:26 GMTIf-None-Match: "82c52e2ac634d21:0"User-Agent: Microsoft-CryptoAPI/6.1Host: crl.microsoft.com

Found strings which match to known social media urls

Show sources

Source: iexplore.exe	String found in binary or memory: <FavoriteIcon>http://search.yahoo.com/favicon.ico</FavoriteIcon> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <FavoriteIcon>http://search.yahoo.com/favicon.ico</FavoriteIcon> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <SuggestionsURL>http://sugg-ie.fr.search.yahoo.com/os?market=fr&appid=ie8&command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <SuggestionsURL>http://sugg-ie.hk.search.yahoo.com/os?market=hk&appid=ie8&command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <SuggestionsURL>http://sugg-ie.id.search.yahoo.com/os?market=id&appid=ie8&command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <SuggestionsURL>http://sugg-ie.in.search.yahoo.com/os?market=in&appid=ie8&command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <SuggestionsURL>http://sugg-ie.it.search.yahoo.com/os?market=it&appid=ie8&command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <SuggestionsURL>http://sugg-ie.mx.search.yahoo.com/os?market=mx&appid=ie8&command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <SuggestionsURL>http://sugg-ie.my.search.yahoo.com/os?market=my&appid=ie8&command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <SuggestionsURL>http://sugg-ie.nz.search.yahoo.com/os?market=nz&appid=ie8&command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <SuggestionsURL>http://sugg-ie.ph.search.yahoo.com/os?market=ph&appid=ie8&command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <SuggestionsURL>http://sugg-ie.sg.search.yahoo.com/os?market=sg&appid=ie8&command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <SuggestionsURL>http://sugg-ie.th.search.yahoo.com/os?market=th&appid=ie8&command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <SuggestionsURL>http://sugg-ie.tw.search.yahoo.com/os?market=tw&appid=ie8&command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <SuggestionsURL>http://sugg-ie.uk.search.yahoo.com/os?market=uk&appid=ie8&command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <SuggestionsURL>http://sugg-ie.vn.search.yahoo.com/os?market=vn&appid=ie8&command={searchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://fr.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://fr.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://fr.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://fr.search.yahoo.com/search?p={searchTerms}&type=</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://hk.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://hk.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://hk.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://hk.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://hk.search.yahoo.com/search?p={searchTerms}&type=</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://id.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://id.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://id.search.yahoo.com/search?p={searchTerms}&type=</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://in.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://in.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://in.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://in.search.yahoo.com/search?p={searchTerms}&type=</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://it.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://it.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://it.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://it.search.yahoo.com/search?p={searchTerms}&type=</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://kr.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://kr.search.yahoo.com/ei=UTF-8&fr=yie8ms&p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://kr.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://kr.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://kr.search.yahoo.com/search?p={searchTerms}&type=</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://kr.searchcenter.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://malaysia.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://malaysia.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://malaysia.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://malaysia.search.yahoo.com/search?p={searchTerms}&type=</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://mx.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://mx.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://mx.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://nz.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://nz.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://nz.search.yahoo.com/search?p={searchTerms}&type=</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://ph.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://ph.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://ph.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://ph.search.yahoo.com/search?p={searchTerms}&type=</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://sg.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://sg.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://sg.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://sg.search.yahoo.com/search?p={searchTerms}&type=</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://th.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://th.search.yahoo.com/search?p={searchTerms}&type=</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://tw.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://tw.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://tw.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://tw.search.yahoo.com/search?p={searchTerms}&type=</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://uk.search.yahoo.com/search?ei=UTF-8&fr=yie7c&p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://uk.search.yahoo.com/search?ei=UTF-8&fr=yie8ms&p={searchTerms}</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://uk.search.yahoo.com/search?p={searchTerms}&type=</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://vn.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://vn.search.yahoo.com/search?p={searchTerms}&type=</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <FavoriteIcon>http://search.yahoo.co.jp/favicon.ico</FavoriteIcon> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <FavoriteIcon>http://search.yahoo.com/favicon.ico</FavoriteIcon> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <FavoriteIcon>http://www.facebook.com/favicon.ico</FavoriteIcon> equals www.facebook.com (Facebook)
Source: iexplore.exe	String found in binary or memory: <FavoriteIcon>http://www.myspace.com/favicon.ico</FavoriteIcon> equals www.myspace.com (Myspace)
Source: iexplore.exe	String found in binary or memory: <FavoriteIcon>http://www.rambler.ru/favicon.ico</FavoriteIcon> equals www.rambler.ru (Rambler)
Source: iexplore.exe	String found in binary or memory: <URL>http://br.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://de.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://es.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://espanol.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://fr.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://in.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://it.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://kr.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://ru.search.yahoo.com</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://sads.myspace.com/</URL> equals www.myspace.com (Myspace)
Source: iexplore.exe	String found in binary or memory: <URL>http://search.cn.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://search.yahoo.co.jp</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://tw.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://uk.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: <URL>http://www.facebook.com/</URL> equals www.facebook.com (Facebook)
Source: iexplore.exe	String found in binary or memory: <URL>http://www.rambler.ru/</URL> equals www.rambler.ru (Rambler)
Source: iexplore.exe	String found in binary or memory: <SuggestionsURL>http://ie.search.yahoo.com/os?command={SearchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: Free Hotmail.url equals www.hotmail.com (Hotmail)
Source: iexplore.exe	String found in binary or memory: arch.yahoo.com/search?p={searchTerms}&type=</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: login.yahoo.com equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: login.yahoo.com0 equals www.yahoo.com (Yahoo)
Source: iexplore.exe	String found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)

Performs DNS lookups

Show sources

Source: unknown

DNS traffic detected: queries for: api.bing.com

Urls found in memory or binary data

Show sources

Source: iexplore.exe	String found in binary or memory: file:///
Source: iexplore.exe	String found in binary or memory: file:///c:/jbxinitvm.au3
Source: iexplore.exe	String found in binary or memory: file:///c:/users/user/appdata/local/microsoft/windows/temporary%20internet%20files/content.ie5
Source: iexplore.exe	String found in binary or memory: file:///c:/users/user/desktop/chip_update_pack_32bit.zip
Source: iexplore.exe	String found in binary or memory: file://192.168.1.2/all/customscript.au3?h
Source: iexplore.exe	String found in binary or memory: file://192.168.1.2/all/customscript.au3kh
Source: iexplore.exe	String found in binary or memory: ftp://
Source: iexplore.exe	String found in binary or memory: http://
Source: iexplore.exe	String found in binary or memory: http://%s.com
Source: iexplore.exe	String found in binary or memory: http://.exe
Source: iexplore.exe	String found in binary or memory: http://amazon.fr/
Source: iexplore.exe	String found in binary or memory: http://api.bing.com/qsml.aspx?query=
Source: iexplore.exe	String found in binary or memory: http://ariadna.elmundo.es/
Source: iexplore.exe	String found in binary or memory: http://ariadna.elmundo.es/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://arianna.libero.it/
Source: iexplore.exe	String found in binary or memory: http://arianna.libero.it/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://asp.usatoday.com/
Source: iexplore.exe	String found in binary or memory: http://asp.usatoday.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://auone.jp/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://auto.search.msn.com/response.asp?mt=
Source: iexplore.exe	String found in binary or memory: http://br.search.yahoo.com/
Source: iexplore.exe	String found in binary or memory: http://browse.guardian.co.uk/
Source: iexplore.exe	String found in binary or memory: http://browse.guardian.co.uk/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://busca.buscape.com.br/
Source: iexplore.exe	String found in binary or memory: http://busca.buscape.com.br/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://busca.estadao.com.br/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://busca.igbusca.com.br/
Source: iexplore.exe	String found in binary or memory: http://busca.igbusca.com.br//app/static/images/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://busca.orange.es/
Source: iexplore.exe	String found in binary or memory: http://busca.uol.com.br/
Source: iexplore.exe	String found in binary or memory: http://busca.uol.com.br/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://buscador.lycos.es/
Source: iexplore.exe	String found in binary or memory: http://buscador.terra.com.br/
Source: iexplore.exe	String found in binary or memory: http://buscador.terra.com/
Source: iexplore.exe	String found in binary or memory: http://buscador.terra.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://buscador.terra.es/
Source: iexplore.exe	String found in binary or memory: http://buscar.ozu.es/
Source: iexplore.exe	String found in binary or memory: http://buscar.ya.com/
Source: iexplore.exe	String found in binary or memory: http://busqueda.aol.com.mx/
Source: iexplore.exe	String found in binary or memory: http://cdp1.public-trust.com/crl/omniroj-
Source: iexplore.exe	String found in binary or memory: http://cdp1.public-trust.com/crl/omniroot2025.crl0
Source: iexplore.exe	String found in binary or memory: http://cerca.lycos.it/
Source: iexplore.exe	String found in binary or memory: http://cgi.search.biglobe.ne.jp/
Source: iexplore.exe	String found in binary or memory: http://cgi.search.biglobe.ne.jp/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://clients5.google.com/complete/search?hl=
Source: iexplore.exe	String found in binary or memory: http://cn.bing.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://cn.bing.com/search?q=
Source: iexplore.exe	String found in binary or memory: http://cnet.search.com/
Source: iexplore.exe	String found in binary or memory: http://cnweb.search.live.com/results.aspx?q=
Source: iexplore.exe	String found in binary or memory: http://corp.naukri.com/
Source: iexplore.exe	String found in binary or memory: http://corp.naukri.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://crl.comodo.net/utn-userfirst-hardware.crl0q
Source: iexplore.exe	String found in binary or memory: http://crl.comodoca.com/comodo
Source: iexplore.exe	String found in binary or memory: http://crl.comodoca.com/comodorsacertificationauthorit
Source: iexplore.exe	String found in binary or memory: http://crl.comodoca.com/comodorsacertificationauthority.crl0q
Source: iexplore.exe	String found in binary or memory: http://crl.comodoca.com/cpanelinccertificationauthority.crl0
Source: iexplore.exe	String found in binary or memory: http://crl.comodoca.com/utn-userfirst-hardware.crl06
Source: iexplore.exe	String found in binary or memory: http://crl.entrust.net/2048ca.crl0
Source: iexplore.exe	String found in binary or memory: http://crl.entrust.net/server1.crl0
Source: iexplore.exe	String found in binary or memory: http://crl.pkioverheid.nl/domorganisatielatestcrl-g2.crl0
Source: iexplore.exe	String found in binary or memory: http://crl.pkioverheid.nl/domovlatestcrl.crl0
Source: iexplore.exe	String found in binary or memory: http://crl.usertrust.c
Source: iexplore.exe	String found in binary or memory: http://crl.usertrust.com/addtrustexternalcaroot.crl05
Source: iexplore.exe	String found in binary or memory: http://crl.usertrust.com/utn-userfirst-object.crl0)
Source: iexplore.exe	String found in binary or memory: http://crt.comodoca.com/comodorsaaddtrustca.crt0$
Source: iexplore.exe	String found in binary or memory: http://crt.comodoca.com/cpanelinccertificationauthority.crt0$
Source: iexplore.exe	String found in binary or memory: http://crt.comodoca.com/cpanelinccertificationauthority.crt0$x4
Source: iexplore.exe	String found in binary or memory: http://crt.comodoca.com/utnaddtrustserverca.crt0$
Source: iexplore.exe	String found in binary or memory: http://cs.wikipedia.org/
Source: iexplore.exe	String found in binary or memory: http://cs.wikipedia.org/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://cs.wikipedia.org/w/api.php?action=opensearch&format=xml&search=
Source: iexplore.exe	String found in binary or memory: http://cybertrust.omniroot.com/repository.cfm0
Source: iexplore.exe	String found in binary or memory: http://cybk-
Source: iexplore.exe	String found in binary or memory: http://de.search.yahoo.com/
Source: iexplore.exe	String found in binary or memory: http://de.wikipedia.org/
Source: iexplore.exe	String found in binary or memory: http://de.wikipedia.org/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://de.wikipedia.org/w/api.php?action=opensearch&format=xml&search=
Source: iexplore.exe	String found in binary or memory: http://en.wikipedia.org/
Source: iexplore.exe	String found in binary or memory: http://en.wikipedia.org/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://en.wikipedia.org/w/api.php?action=opensearch&format=xml&search=
Source: iexplore.exe	String found in binary or memory: http://es.ask.com/
Source: iexplore.exe	String found in binary or memory: http://es.search.yahoo.com/
Source: iexplore.exe	String found in binary or memory: http://es.wikipedia.org/
Source: iexplore.exe	String found in binary or memory: http://es.wikipedia.org/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://es.wikipedia.org/w/api.php?action=opensearch&format=xml&search=
Source: iexplore.exe	String found in binary or memory: http://esearch.rakuten.co.jp/
Source: iexplore.exe	String found in binary or memory: http://espanol.search.yahoo.com/
Source: iexplore.exe	String found in binary or memory: http://espn.go.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://find.joins.com/
Source: iexplore.exe	String found in binary or memory: http://fr.search.yahoo.com/
Source: iexplore.exe	String found in binary or memory: http://fr.search.yahoo.com/search?ei=utf-8&fr=yie8ms&p=
Source: iexplore.exe	String found in binary or memory: http://fr.search.yahoo.com/search?p=
Source: iexplore.exe	String found in binary or memory: http://fr.wikipedia.org/
Source: iexplore.exe	String found in binary or memory: http://fr.wikipedia.org/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://fr.wikipedia.org/w/api.php?action=opensearch&format=xml&search=
Source: iexplore.exe	String found in binary or memory: http://g
Source: iexplore.exe	String found in binary or memory: http://google.pchome.com.tw/
Source: iexplore.exe	String found in binary or memory: http://hk.search.yahoo.com/
Source: iexplore.exe	String found in binary or memory: http://hk.search.yahoo.com/search?ei=utf-8&fr=yie7c&p=
Source: iexplore.exe	String found in binary or memory: http://hk.search.yahoo.com/search?ei=utf-8&fr=yie8ms&p=
Source: iexplore.exe	String found in binary or memory: http://hk.search.yahoo.com/search?p=
Source: iexplore.exe	String found in binary or memory: http://home.altervista.org/
Source: iexplore.exe	String found in binary or memory: http://home.altervista.org/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://id.search.yahoo.com/
Source: iexplore.exe	String found in binary or memory: http://id.search.yahoo.com/search?p=
Source: iexplore.exe	String found in binary or memory: http://ie.search.yahoo.com/os?command=
Source: iexplore.exe	String found in binary or memory: http://ie8.ebay.com/open-search/output-xml.php?q=
Source: iexplore.exe	String found in binary or memory: http://image.excite.co.jp/jp/favicon/lep.ico
Source: iexplore.exe	String found in binary or memory: http://images.joins.com/ui_c/fvc_joins.ico
Source: iexplore.exe	String found in binary or memory: http://images.monster.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://img.atlas.cz/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://img.shopzilla.com/shopzilla/shopzilla.ico
Source: iexplore.exe	String found in binary or memory: http://in.search.yahoo.com/
Source: iexplore.exe	String found in binary or memory: http://in.search.yahoo.com/search?ei=utf-8&fr=yie7c&p=
Source: iexplore.exe	String found in binary or memory: http://in.search.yahoo.com/search?ei=utf-8&fr=yie8ms&p=
Source: iexplore.exe	String found in binary or memory: http://in.search.yahoo.com/search?p=
Source: iexplore.exe	String found in binary or memory: http://it
Source: iexplore.exe	String found in binary or memory: http://it.search.dada.net/
Source: iexplore.exe	String found in binary or memory: http://it.search.dada.net/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://it.search.yahoo.com/
Source: iexplore.exe	String found in binary or memory: http://it.search.yahoo.com/search?ei=utf-8&fr=yie7c&p=
Source: iexplore.exe	String found in binary or memory: http://it.search.yahoo.com/search?ei=utf-8&fr=yie8ms&p=
Source: iexplore.exe	String found in binary or memory: http://it.search.yahoo.com/search?p=
Source: iexplore.exe	String found in binary or memory: http://it.wikipedia.org/
Source: iexplore.exe	String found in binary or memory: http://it.wikipedia.org/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://it.wikipedia.org/w/api.php?action=opensearch&format=xml&search=
Source: iexplore.exe	String found in binary or memory: http://ja.wikipedia.org/
Source: iexplore.exe	String found in binary or memory: http://ja.wikipedia.org/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://ja.wikipedia.org/w/api.php?action=opensearch&format=xml&search=
Source: iexplore.exe	String found in binary or memory: http://jobsearch.monster.com/
Source: iexplore.exe	String found in binary or memory: http://kr.search.yahoo.com/
Source: iexplore.exe	String found in binary or memory: http://kr.search.yahoo.com/ei=utf-8&fr=yie8ms&p=
Source: iexplore.exe	String found in binary or memory: http://kr.search.yahoo.com/search?ei=utf-8&fr=yie7c&p=
Source: iexplore.exe	String found in binary or memory: http://kr.search.yahoo.com/search?p=
Source: iexplore.exe	String found in binary or memory: http://kr.searchcenter.yahoo.com/
Source: iexplore.exe	String found in binary or memory: http://list.taobao.com/
Source: iexplore.exe	String found in binary or memory: http://list.taobao.com/browse/search_visual.htm?n=15&q=
Source: iexplore.exe	String found in binary or memory: http://livesearch.msn.co.kr/
Source: iexplore.exe	String found in binary or memory: http://mail.live.com/
Source: iexplore.exe	String found in binary or memory: http://mail.live.com/?rru=compose%3fsubject%3d
Source: iexplore.exe	String found in binary or memory: http://malaysia.search.yahoo.com/search?ei=utf-8&fr=yie7c&p=
Source: iexplore.exe	String found in binary or memory: http://malaysia.search.yahoo.com/search?ei=utf-8&fr=yie8ms&p=
Source: iexplore.exe	String found in binary or memory: http://malaysia.search.yahoo.com/search?p=
Source: iexplore.exe	String found in binary or memory: http://msk.afisha.ru/
Source: iexplore.exe	String found in binary or memory: http://mx.se
Source: iexplore.exe	String found in binary or memory: http://mx.search.yahoo.com/search?ei=utf-8&fr=yie7c&p=
Source: iexplore.exe	String found in binary or memory: http://mx.search.yahoo.com/search?ei=utf-8&fr=yie8ms&p=
Source: iexplore.exe	String found in binary or memory: http://mx.search.yahoo.com/search?p=
Source: iexplore.exe	String found in binary or memory: http://nl.wikipedia.org/
Source: iexplore.exe	String found in binary or memory: http://nl.wikipedia.org/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://nl.wikipedia.org/w/api.php?action=opensearch&format=xml&search=
Source: iexplore.exe	String found in binary or memory: http://nz.search.yahoo.com/
Source: iexplore.exe	String found in binary or memory: http://nz.search.yahoo.com/search?p=
Source: iexplore.exe	String found in binary or memory: http://o
Source: iexplore.exe	String found in binary or memory: http://ocnsearch.goo.ne.jp/
Source: iexplore.exe	String found in binary or memory: http://ocsd-
Source: iexplore.exe	String found in binary or memory: http://ocsp.comodoca.com0
Source: iexplore.exe	String found in binary or memory: http://ocsp.comodoca.com0%
Source: iexplore.exe	String found in binary or memory: http://ocsp.comodoca.com0-
Source: iexplore.exe	String found in binary or memory: http://ocsp.comodoca.com0/
Source: iexplore.exe	String found in binary or memory: http://ocsp.comodoca.com05
Source: iexplore.exe	String found in binary or memory: http://ocsp.comodoca.comhttp://crl.comodoca.com/comodorsacertificationauthority.crl
Source: iexplore.exe	String found in binary or memory: http://ocsp.entrust.net03
Source: iexplore.exe	String found in binary or memory: http://ocsp.entrust.net0d
Source: iexplore.exe	String found in binary or memory: http://ocsp.msocsp.com0
Source: iexplore.exe	String found in binary or memory: http://ocsp.msocsp.com0=
Source: iexplore.exe	String found in binary or memory: http://ocsp.omniroot.com/baltimoreroot0
Source: iexplore.exe	String found in binary or memory: http://ocsp.omniroot.com/baltimoreroothttp://cdp1.public-trust.com/crl/omniroot2025.crlr
Source: iexplore.exe	String found in binary or memory: http://ocsp.usertrust.com0
Source: iexplore.exe	String found in binary or memory: http://ocsp.usertrust.comhttp://crl.usertrust.com/addtrustexternalcaroot.crl
Source: iexplore.exe	String found in binary or memory: http://openimage.interpark.com/interpark.ico
Source: iexplore.exe	String found in binary or memory: http://p.zhongsou.com/
Source: iexplore.exe	String found in binary or memory: http://p.zhongsou.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://ph.search.yahoo.com/search?ei=utf-8&fr=yie7c&p=
Source: iexplore.exe	String found in binary or memory: http://ph.search.yahoo.com/search?ei=utf-8&fr=yie8ms&p=
Source: iexplore.exe	String found in binary or memory: http://ph.search.yahoo.com/search?p=
Source: iexplore.exe	String found in binary or memory: http://pl.wikipedia.org/
Source: iexplore.exe	String found in binary or memory: http://pl.wikipedia.org/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://pl.wikipedia.org/w/api.php?action=opensearch&format=xml&search=
Source: iexplore.exe	String found in binary or memory: http://price.ru/
Source: iexplore.exe	String found in binary or memory: http://price.ru/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://pt.wikipedia.org/
Source: iexplore.exe	String found in binary or memory: http://pt.wikipedia.org/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://pt.wikipedia.org/w/api.php?action=opensearch&format=xml&search=
Source: iexplore.exe	String found in binary or memory: http://recherche.linternaute.com/
Source: iexplore.exe	String found in binary or memory: http://recherche.tf1.fr/
Source: iexplore.exe	String found in binary or memory: http://recherche.tf1.fr/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://rover.ebay.com
Source: iexplore.exe	String found in binary or memory: http://ru.search.yahoo.com
Source: iexplore.exe	String found in binary or memory: http://ru.wikipedia.org/
Source: iexplore.exe	String found in binary or memory: http://ru.wikipedia.org/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://ru.wikipedia.org/w/api.php?action=opensearch&format=xml&search=
Source: iexplore.exe	String found in binary or memory: http://sads.myspace.com/
Source: iexplore.exe	String found in binary or memory: http://search-dyn.tiscali.it/
Source: iexplore.exe	String found in binary or memory: http://search.about.com/
Source: iexplore.exe	String found in binary or memory: http://search.alice.it/
Source: iexplore.exe	String found in binary or memory: http://search.alice.it/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://search.aol.co.uk/
Source: iexplore.exe	String found in binary or memory: http://search.aol.com/
Source: iexplore.exe	String found in binary or memory: http://search.aol.in/
Source: iexplore.exe	String found in binary or memory: http://search.atlas.cz/
Source: iexplore.exe	String found in binary or memory: http://search.auction.co.kr/
Source: iexplore.exe	String found in binary or memory: http://search.auone.jp/
Source: iexplore.exe	String found in binary or memory: http://search.books.com.tw/
Source: iexplore.exe	String found in binary or memory: http://search.books.com.tw/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://search.centrum.cz/
Source: iexplore.exe	String found in binary or memory: http://search.centrum.cz/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://search.chol.com/
Source: iexplore.exe	String found in binary or memory: http://search.chol.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://search.cn.yahoo.com/
Source: iexplore.exe	String found in binary or memory: http://search.daum.net/
Source: iexplore.exe	String found in binary or memory: http://search.daum.net/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://search.dreamwiz.com/
Source: iexplore.exe	String found in binary or memory: http://search.dreamwiz.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://search.ebay.co.uk/
Source: iexplore.exe	String found in binary or memory: http://search.ebay.com/
Source: iexplore.exe	String found in binary or memory: http://search.ebay.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://search.ebay.de/
Source: iexplore.exe	String found in binary or memory: http://search.ebay.es/
Source: iexplore.exe	String found in binary or memory: http://search.ebay.fr/
Source: iexplore.exe	String found in binary or memory: http://search.ebay.in/
Source: iexplore.exe	String found in binary or memory: http://search.ebay.it/
Source: iexplore.exe	String found in binary or memory: http://search.empas.com/
Source: iexplore.exe	String found in binary or memory: http://search.empas.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://search.espn.go.com/
Source: iexplore.exe	String found in binary or memory: http://search.gamer.com.tw/
Source: iexplore.exe	String found in binary or memory: http://search.gamer.com.tw/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://search.gismeteo.ru/
Source: iexplore.exe	String found in binary or memory: http://search.goo.ne.jp/
Source: iexplore.exe	String found in binary or memory: http://search.goo.ne.jp/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://search.hanafos.com/
Source: iexplore.exe	String found in binary or memory: http://search.hanafos.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://search.interpark.com/
Source: iexplore.exe	String found in binary or memory: http://search.ipop.co.kr/
Source: iexplore.exe	String found in binary or memory: http://search.ipop.co.kr/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://search.live.com/results.aspx?form=iefm1&q=
Source: iexplore.exe	String found in binary or memory: http://search.live.com/results.aspx?form=so2tdf&q=
Source: iexplore.exe	String found in binary or memory: http://search.live.com/results.aspx?form=soltdf&q=
Source: iexplore.exe	String found in binary or memory: http://search.live.com/results.aspx?q=
Source: iexplore.exe	String found in binary or memory: http://search.live.com/results.aspx?q=%7bsearchterms%7d&form=as5er
Source: iexplore.exe	String found in binary or memory: http://search.live.com/results.aspx?q=%7bsearchterms%7d&form=as6
Source: iexplore.exe	String found in binary or memory: http://search.live.com/results.aspx?q=%7bsearchterms%7d&form=cbpw
Source: iexplore.exe	String found in binary or memory: http://search.live.com/results.aspx?q=%7bsearchterms%7d&form=ie7box&src=%7breferrer:source?%7d
Source: iexplore.exe	String found in binary or memory: http://search.live.com/results.aspx?q=%7bsearchterms%7d&form=ie7re&src=%7breferrer:source?%7d
Source: iexplore.exe	String found in binary or memory: http://search.live.com/results.aspx?q=%7bsearchterms%7d&form=ie8src&src=%7breferrer:source%7d
Source: iexplore.exe	String found in binary or memory: http://search.live.com/results.aspx?q=%7bsearchterms%7d&form=msnie7&src=%7breferrer:source?%7d
Source: iexplore.exe	String found in binary or memory: http://search.live.com/results.aspx?q=%7bsearchterms%7d&mkt=%7blanguage%7d&form=ie8src&src=%7breferr
Source: iexplore.exe	String found in binary or memory: http://search.live.com/results.aspx?q=%7bsearchterms%7d&src=%7breferrer:source?%7d&form=ie8srcpd
Source: iexplore.exe	String found in binary or memory: http://search.live.com/results.aspx?q=%7bsearchterms%7d&src=%7breferrer:source?%7d3
Source: iexplore.exe	String found in binary or memory: http://search.live.com/results.aspx?q=%7bsearchterms%7d&src=ie-searchbox&form=ie8srcb
Source: iexplore.exe	String found in binary or memory: http://search.livedoor.com/
Source: iexplore.exe	String found in binary or memory: http://search.livedoor.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://search.lycos.co.uk/
Source: iexplore.exe	String found in binary or memory: http://search.lycos.com/
Source: iexplore.exe	String found in binary or memory: http://search.lycos.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://search.msn.co.jp/results.aspx?q=
Source: iexplore.exe	String found in binary or memory: http://search.msn.co.jp/results.aspx?q=%7bsearchterms%7d&form=as5a
Source: iexplore.exe	String found in binary or memory: http://search.msn.co.jp/results.aspx?q=%7bsearchterms%7d&form=as6
Source: iexplore.exe	String found in binary or memory: http://search.msn.co.jp/results.aspx?q=%7bsearchterms%7d&form=cbpw
Source: iexplore.exe	String found in binary or memory: http://search.msn.co.uk/results.aspx?q=
Source: iexplore.exe	String found in binary or memory: http://search.msn.co.uk/results.aspx?q=%7bsearchterms%7d&form=as5e
Source: iexplore.exe	String found in binary or memory: http://search.msn.co.uk/results.aspx?q=%7bsearchterms%7d&form=as6w
Source: iexplore.exe	String found in binary or memory: http://search.msn.co.uk/results.aspx?q=%7bsearchterms%7d&form=cbpw
Source: iexplore.exe	String found in binary or memory: http://search.msn.com.cn/results.aspx?q=
Source: iexplore.exe	String found in binary or memory: http://search.msn.com/results.aspx?q=
Source: iexplore.exe	String found in binary or memory: http://search.msn.com/results.aspx?q=%7bsearchterms%7d&form=as5m
Source: iexplore.exe	String found in binary or memory: http://search.msn.com/results.aspx?q=%7bsearchterms%7d&form=as6
Source: iexplore.exe	String found in binary or memory: http://search.msn.com/results.aspx?q=%7bsearchterms%7d&form=cbpw
Source: iexplore.exe	String found in binary or memory: http://search.nate.com/
Source: iexplore.exe	String found in binary or memory: http://search.naver.com/
Source: iexplore.exe	String found in binary or memory: http://search.naver.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://search.nifty.com/
Source: iexplore.exe	String found in binary or memory: http://search.orange.co.uk/
Source: iexplore.exe	String found in binary or memory: http://search.orange.co.uk/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://search.rediff.com/
Source: iexplore.exe	String found in binary or memory: http://search.rediff.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://search.seznam.cz/
Source: iexplore.exe	String found in binary or memory: http://search.seznam.cz/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://search.sify.com/
Source: iexplore.exe	String found in binary or memory: http://search.yahoo.co.jp
Source: iexplore.exe	String found in binary or memory: http://search.yahoo.co.jp/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://search.yahoo.com/
Source: iexplore.exe	String found in binary or memory: http://search.yahoo.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://search.yahooapis.jp/assistsearchservice/v2/webassistsearch?output=iejson&p=
Source: iexplore.exe	String found in binary or memory: http://search.yam.com/
Source: iexplore.exe	String found in binary or memory: http://search1.taobao.com/
Source: iexplore.exe	String found in binary or memory: http://search2.estadao.com.br/
Source: iexplore.exe	String found in binary or memory: http://searchresults.news.com.au/
Source: iexplore.exe	String found in binary or memory: http://service2.bfast.com/
Source: iexplore.exe	String found in binary or memory: http://sg.search.yahoo.com/search?ei=utf-8&fr=yie7c&p=
Source: iexplore.exe	String found in binary or memory: http://sg.search.yahoo.com/search?ei=utf-8&fr=yie8ms&p=
Source: iexplore.exe	String found in binary or memory: http://sg.search.yahoo.com/search?p=
Source: iexplore.exe	String found in binary or memory: http://si.wikipedia.org/
Source: iexplore.exe	String found in binary or memory: http://si.wikipedia.org/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://si.wikipedia.org/w/api.php?action=opensearch&format=xml&search=
Source: iexplore.exe	String found in binary or memory: http://sitesearch.timesonline.co.uk/
Source: iexplore.exe	String found in binary or memory: http://so-net.search.goo.ne.jp/
Source: iexplore.exe	String found in binary or memory: http://suche.aol.de/
Source: iexplore.exe	String found in binary or memory: http://suche.freenet.de/
Source: iexplore.exe	String found in binary or memory: http://suche.freenet.de/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://suche.lycos.de/
Source: iexplore.exe	String found in binary or memory: http://suche.t-online.de/
Source: iexplore.exe	String found in binary or memory: http://suche.web.de/
Source: iexplore.exe	String found in binary or memory: http://suche.web.de/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://sugg-ie.fr.search.yahoo.com/os?market=fr&appid=ie8&command=
Source: iexplore.exe	String found in binary or memory: http://sugg-ie.hk.search.yahoo.com/os?market=hk&appid=ie8&command=
Source: iexplore.exe	String found in binary or memory: http://sugg-ie.id.search.yahoo.com/os?market=id&appid=ie8&command=
Source: iexplore.exe	String found in binary or memory: http://sugg-ie.in.search.yahoo.com/os?market=in&appid=ie8&command=
Source: iexplore.exe	String found in binary or memory: http://sugg-ie.it.search.yahoo.com/os?market=it&appid=ie8&command=
Source: iexplore.exe	String found in binary or memory: http://sugg-ie.mx.search.yahoo.com/os?market=mx&appid=ie8&command=
Source: iexplore.exe	String found in binary or memory: http://sugg-ie.my.search.yahoo.com/os?market=my&appid=ie8&command=
Source: iexplore.exe	String found in binary or memory: http://sugg-ie.nz.search.yahoo.com/os?market=nz&appid=ie8&command=
Source: iexplore.exe	String found in binary or memory: http://sugg-ie.ph.search.yahoo.com/os?market=ph&appid=ie8&command=
Source: iexplore.exe	String found in binary or memory: http://sugg-ie.sg.search.yahoo.com/os?market=sg&appid=ie8&command=
Source: iexplore.exe	String found in binary or memory: http://sugg-ie.th.search.yahoo.com/os?market=th&appid=ie8&command=
Source: iexplore.exe	String found in binary or memory: http://sugg-ie.tw.search.yahoo.com/os?market=tw&appid=ie8&command=
Source: iexplore.exe	String found in binary or memory: http://sugg-ie.uk.search.yahoo.com/os?market=uk&appid=ie8&command=
Source: iexplore.exe	String found in binary or memory: http://sugg-ie.vn.search.yahoo.com/os?market=vn&appid=ie8&command=
Source: iexplore.exe	String found in binary or memory: http://th.search.yahoo.com/search?p=
Source: iexplore.exe	String found in binary or memory: http://toitvert.net/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://toitvert.net/favicon.ico$h
Source: iexplore.exe	String found in binary or memory: http://toitvert.net/favicon.icon
Source: iexplore.exe	String found in binary or memory: http://toitvert.net/favicon.icoy
Source: iexplore.exe	String found in binary or memory: http://toitvert.net/ok
Source: iexplore.exe	String found in binary or memory: http://toitvert.net/ok/
Source: iexplore.exe	String found in binary or memory: http://toitvert.net/ok/a
Source: iexplore.exe	String found in binary or memory: http://toitvert.net/ok/checkout/backup.php?id=559ee777881d937881aa34e49b305b2d559ee777881d93788
Source: iexplore.exe	String found in binary or memory: http://toitvert.net/ok/checkout/backup.php?id=559ee777881d937881aa34e49b305b2d559ee777881d937881aa34
Source: iexplore.exe	String found in binary or memory: http://toitvert.net/ok/checkout/backup.phpid=559ee777881d937881aa34e49b305b2d559ee777881d937881aa34e
Source: iexplore.exe	String found in binary or memory: http://toitvert.net/ok/checkout/index.php
Source: iexplore.exe	String found in binary or memory: http://toitvert.net/ok/checkout/index.php-%
Source: iexplore.exe	String found in binary or memory: http://toitvert.net/ok/checkout/index.phpp
Source: iexplore.exe	String found in binary or memory: http://toitvert.net/ok/checkout/index.phpph
Source: iexplore.exe	String found in binary or memory: http://toitvert.net/ok/checkout/index.phpx
Source: iexplore.exe	String found in binary or memory: http://toitvert.net/ok/v
Source: iexplore.exe	String found in binary or memory: http://treyresearch.net
Source: iexplore.exe	String found in binary or memory: http://tw.search.yahoo.com/
Source: iexplore.exe	String found in binary or memory: http://tw.search.yahoo.com/search?ei=utf-8&fr=yie7c&p=
Source: iexplore.exe	String found in binary or memory: http://tw.search.yahoo.com/search?ei=utf-8&fr=yie8ms&p=
Source: iexplore.exe	String found in binary or memory: http://tw.search.yahoo.com/search?p=
Source: iexplore.exe	String found in binary or memory: http://udn.com/
Source: iexplore.exe	String found in binary or memory: http://udn.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://uk.ask.com/
Source: iexplore.exe	String found in binary or memory: http://uk.ask.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://uk.search.yahoo.com/
Source: iexplore.exe	String found in binary or memory: http://uk.search.yahoo.com/search?ei=utf-8&fr=yie7c&p=
Source: iexplore.exe	String found in binary or memory: http://uk.search.yahoo.com/search?ei=utf-8&fr=yie8ms&p=
Source: iexplore.exe	String found in binary or memory: http://uk.search.yahoo.com/search?p=
Source: iexplore.exe	String found in binary or memory: http://vachercher.lycos.fr/
Source: iexplore.exe	String found in binary or memory: http://video.globo.com/
Source: iexplore.exe	String found in binary or memory: http://video.globo.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://vn.search.yahoo.com/search?p=
Source: iexplore.exe	String found in binary or memory: http://web.ask.com/
Source: iexplore.exe	String found in binary or memory: http://www.%s.com
Source: iexplore.exe	String found in binary or memory: http://www.abril.com.br/
Source: iexplore.exe	String found in binary or memory: http://www.abril.com.br/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.afisha.ru/app_themes/default/images/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.alarabiya.net/
Source: iexplore.exe	String found in binary or memory: http://www.alarabiya.net/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.amazon.co.jp/
Source: iexplore.exe	String found in binary or memory: http://www.amazon.co.uk/
Source: iexplore.exe	String found in binary or memory: http://www.amazon.com/exec/obidos/external-search/104-2981279-3455918?index=blended&keyword=
Source: iexplore.exe	String found in binary or memory: http://www.amazon.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.amazon.com/gp/search?ie=utf8&tag=ie8search-20&index=blended&linkcode=qs&c
Source: iexplore.exe	String found in binary or memory: http://www.amazon.de/
Source: iexplore.exe	String found in binary or memory: http://www.aol.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.arrakis.com/
Source: iexplore.exe	String found in binary or memory: http://www.arrakis.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.asharqalawsat.com/
Source: iexplore.exe	String found in binary or memory: http://www.asharqalawsat.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.ask.com/
Source: iexplore.exe	String found in binary or memory: http://www.auction.co.kr/auction.ico
Source: iexplore.exe	String found in binary or memory: http://www.babout:blankch
Source: iexplore.exe	String found in binary or memory: http://www.baidu.com/
Source: iexplore.exe	String found in binary or memory: http://www.baidu.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.bing.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.bing.com/favicon.ico$
Source: iexplore.exe	String found in binary or memory: http://www.bing.com/favicon.ico-
Source: iexplore.exe	String found in binary or memory: http://www.bing.com/favicon.icoarchterms
Source: iexplore.exe	String found in binary or memory: http://www.bing.com/favicon.icobackup.php?id=559ee777881d937881aa34e49b305b2d559ee777881d937881aa34e
Source: iexplore.exe	String found in binary or memory: http://www.bing.com/favicon.icoe3a
Source: iexplore.exe	String found in binary or memory: http://www.bing.com/favicon.icoorer
Source: iexplore.exe	String found in binary or memory: http://www.bing.com/maps/
Source: iexplore.exe	String found in binary or memory: http://www.bing.com/maps/default.aspx
Source: iexplore.exe	String found in binary or memory: http://www.bing.com/maps/geotager.aspx
Source: iexplore.exe	String found in binary or memory: http://www.bing.com/safety/warning
Source: iexplore.exe	String found in binary or memory: http://www.bing.com/search
Source: iexplore.exe	String found in binary or memory: http://www.bing.com/search?q=
Source: iexplore.exe	String found in binary or memory: http://www.bing.com/search?q=%7bsearchterms%7d&form=ie8src
Source: iexplore.exe	String found in binary or memory: http://www.bing.com/search?q=%7bsearchterms%7d&src=ie-searchbox&form=ie11sr
Source: iexplore.exe	String found in binary or memory: http://www.bing.com/search?q=%7bsearchterms%7d&src=ie-searchbox&form=ie8src
Source: iexplore.exe	String found in binary or memory: http://www.bing.com/search?q=%7bsearchterms%7d&src=ie-searchbox&form=iesr02&pc=ue14c
Source: iexplore.exe	String found in binary or memory: http://www.bing.com/search?q=&src=ie-searchbox&form=ie11sr
Source: iexplore.exe	String found in binary or memory: http://www.bing.com/searchlmem
Source: iexplore.exe	String found in binary or memory: http://www.cdiscount.com/
Source: iexplore.exe	String found in binary or memory: http://www.cdiscount.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.ceneo.pl/
Source: iexplore.exe	String found in binary or memory: http://www.ceneo.pl/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.chennaionline.com/ncommon/images/collogo.ico
Source: iexplore.exe	String found in binary or memory: http://www.cjmall.com/
Source: iexplore.exe	String found in binary or memory: http://www.cjmall.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.clarin.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.cnet.co.uk/
Source: iexplore.exe	String found in binary or memory: http://www.cnet.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.dailymail.co.uk/
Source: iexplore.exe	String found in binary or memory: http://www.dailymail.co.uk/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.digicert.com.my/cps.htm02
Source: iexplore.exe	String found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
Source: iexplore.exe	String found in binary or memory: http://www.etmall.com.tw/
Source: iexplore.exe	String found in binary or memory: http://www.etmall.com.tw/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.excite.co.jp/
Source: iexplore.exe	String found in binary or memory: http://www.expedia.com/
Source: iexplore.exe	String found in binary or memory: http://www.expedia.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.facebook.com/
Source: iexplore.exe	String found in binary or memory: http://www.facebook.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.gismeteo.ru/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.gmarket.co.kr/
Source: iexplore.exe	String found in binary or memory: http://www.gmarket.co.kr/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.google.co.in/
Source: iexplore.exe	String found in binary or memory: http://www.google.co.jp/
Source: iexplore.exe	String found in binary or memory: http://www.google.co.uk/
Source: iexplore.exe	String found in binary or memory: http://www.google.com.br/
Source: iexplore.exe	String found in binary or memory: http://www.google.com.sa/
Source: iexplore.exe	String found in binary or memory: http://www.google.com.tw/
Source: iexplore.exe	String found in binary or memory: http://www.google.com/
Source: iexplore.exe	String found in binary or memory: http://www.google.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.google.cz/
Source: iexplore.exe	String found in binary or memory: http://www.google.de/
Source: iexplore.exe	String found in binary or memory: http://www.google.es/
Source: iexplore.exe	String found in binary or memory: http://www.google.fr/
Source: iexplore.exe	String found in binary or memory: http://www.google.it/
Source: iexplore.exe	String found in binary or memory: http://www.google.pl/
Source: iexplore.exe	String found in binary or memory: http://www.google.ru/
Source: iexplore.exe	String found in binary or memory: http://www.google.si/
Source: iexplore.exe	String found in binary or memory: http://www.iask.com/
Source: iexplore.exe	String found in binary or memory: http://www.iask.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.kkbox.com.tw/
Source: iexplore.exe	String found in binary or memory: http://www.kkbox.com.tw/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.linternaute.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.maktoob.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.mercadolibre.com.mx/
Source: iexplore.exe	String found in binary or memory: http://www.mercadolibre.com.mx/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.mercadolivre.com.br/
Source: iexplore.exe	String found in binary or memory: http://www.mercadolivre.com.br/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.merlin.com.pl/
Source: iexplore.exe	String found in binary or memory: http://www.merlin.com.pl/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.microsof
Source: iexplore.exe	String found in binary or memory: http://www.microsofttranslator.com/?ref=ie8activity
Source: iexplore.exe	String found in binary or memory: http://www.microsofttranslator.com/bv.aspx?ref=ie8activity&a=
Source: iexplore.exe	String found in binary or memory: http://www.microsofttranslator.com/bvprev.aspx?ref=ie8activity
Source: iexplore.exe	String found in binary or memory: http://www.microsofttranslator.com/default.aspx?ref=ie8activity
Source: iexplore.exe	String found in binary or memory: http://www.microsofttranslator.com/defaultprev.aspx?ref=ie8activity
Source: iexplore.exe	String found in binary or memory: http://www.msn.com/
Source: iexplore.exe	String found in binary or memory: http://www.msn.com/?ocid=iehp
Source: iexplore.exe	String found in binary or memory: http://www.msn.com/nl-nl/?ocid=iehp
Source: iexplore.exe	String found in binary or memory: http://www.msn.com/nl-nl/?ocid=iehpk
Source: iexplore.exe	String found in binary or memory: http://www.mtv.com/
Source: iexplore.exe	String found in binary or memory: http://www.mtv.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.myspace.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.najdi.si/
Source: iexplore.exe	String found in binary or memory: http://www.najdi.si/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.nate.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.neckermann.de/
Source: iexplore.exe	String found in binary or memory: http://www.neckermann.de/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.news.com.au/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.nifty.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.ocn.ne.jp/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.orange.fr/
Source: iexplore.exe	String found in binary or memory: http://www.otto.de/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.ozon.ru/
Source: iexplore.exe	String found in binary or memory: http://www.ozon.ru/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.ozu.es/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.paginasamarillas.es/
Source: iexplore.exe	String found in binary or memory: http://www.paginasamarillas.es/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.pchome.com.tw/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.priceminister.com/
Source: iexplore.exe	String found in binary or memory: http://www.priceminister.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.public-trust.com/cgi-bin/crl/2018/cdp.crl0
Source: iexplore.exe	String found in binary or memory: http://www.public-trust.com/cps/omniroot.html0
Source: iexplore.exe	String found in binary or memory: http://www.rakuten.co.jp/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.rambler.ru/
Source: iexplore.exe	String found in binary or memory: http://www.rambler.ru/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.recherche.aol.fr/
Source: iexplore.exe	String found in binary or memory: http://www.rtl.de/
Source: iexplore.exe	String found in binary or memory: http://www.rtl.de/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.servicios.clarin.com/
Source: iexplore.exe	String found in binary or memory: http://www.shopzilla.com/
Source: iexplore.exe	String found in binary or memory: http://www.sify.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.so-net.ne.jp/share/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.sogou.com/
Source: iexplore.exe	String found in binary or memory: http://www.sogou.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.soso.com/
Source: iexplore.exe	String found in binary or memory: http://www.soso.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.t-online.de/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.taobao.com/
Source: iexplore.exe	String found in binary or memory: http://www.taobao.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.target.com/
Source: iexplore.exe	String found in binary or memory: http://www.target.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.tchibo.de/
Source: iexplore.exe	String found in binary or memory: http://www.tchibo.de/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.tesco.com/
Source: iexplore.exe	String found in binary or memory: http://www.tesco.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.timesonline.co.uk/img/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.tiscali.it/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.univision.com/
Source: iexplore.exe	String found in binary or memory: http://www.univision.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.usertrust.com1
Source: iexplore.exe	String found in binary or memory: http://www.walmart.com/
Source: iexplore.exe	String found in binary or memory: http://www.walmart.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.weather.com/
Source: iexplore.exe	String found in binary or memory: http://www.weather.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.ya.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.yam.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www.yandex.ru/
Source: iexplore.exe	String found in binary or memory: http://www.yandex.ru/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://www3.fnac.com/
Source: iexplore.exe	String found in binary or memory: http://www3.fnac.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://xml-us.amznxslt.com/onca/xml?service=awsecommerceservice&version=2008-06-26&operation
Source: iexplore.exe	String found in binary or memory: http://yellowpages.superpages.com/
Source: iexplore.exe	String found in binary or memory: http://yellowpages.superpages.com/favicon.ico
Source: iexplore.exe	String found in binary or memory: http://z.about.com/m/a08.ico
Source: iexplore.exe	String found in binary or memory: https://
Source: iexplore.exe	String found in binary or memory: https://en.wikipedia.org/wiki/xslt/muenchian_grouping
Source: iexplore.exe	String found in binary or memory: https://example.com
Source: iexplore.exe	String found in binary or memory: https://secure.comodo.com/cps0
Source: iexplore.exe	String found in binary or memory: https://ww
Source: iexplore.exe	String found in binary or memory: https://www.capbilcap.ca/
Source: iexplore.exe	String found in binary or memory: https://www.capbilcap.ca///
Source: iexplore.exe	String found in binary or memory: https://www.capbilcap.ca//update-login/update/login///
Source: iexplore.exe	String found in binary or memory: https://www.capbilcap.ca//update-login/update/login///c
Source: iexplore.exe	String found in binary or memory: https://www.capbilcap.ca//update-login/update/login///customer_center/customer-idpp00c635
Source: iexplore.exe	String found in binary or memory: https://www.capbilcap.ca//update-login/update/login///customer_center/customer-idpp00c635t
Source: iexplore.exe	String found in binary or memory: https://www.capbilcap.ca//update-login/update/login///u
Source: iexplore.exe	String found in binary or memory: https://www.capbilcap.ca/favicon.ico
Source: iexplore.exe	String found in binary or memory: https://www.capbilcap.ca/favicon.icoil
Source: iexplore.exe	String found in binary or memory: https://www.capbilcap.ca/favicon.icot
Source: iexplore.exe	String found in binary or memory: https://www.capbilcap.ca/update-lo
Source: iexplore.exe	String found in binary or memory: https://www.capbilcap.ca/update-login/up
Source: iexplore.exe	String found in binary or memory: https://www.capbilcap.ca/update-login/update/login///cg
Source: iexplore.exe	String found in binary or memory: https://www.capbilcap.ca/update-login/update/login///customer_center/customer-
Source: iexplore.exe	String found in binary or memory: https://www.capbilcap.ca/update-login/update/login///customer_center/customer-idpp00c635/
Source: iexplore.exe	String found in binary or memory: https://www.capbilcap.ca/update-login/update/login///customer_center/customer-idpp00c635/l
Source: iexplore.exe	String found in binary or memory: https://www.capbilcap.ca/update-login/update/login///customer_center/customer-idpp00c635/lib/css/l-z
Source: iexplore.exe	String found in binary or memory: https://www.capbilcap.ca/update-login/update/login///customer_center/customer-idpp00c635/lib/img//fa
Source: iexplore.exe	String found in binary or memory: https://www.capbilcap.ca/update-login/update/login///customer_center/customer-idpp00c635/lib/img/kl_
Source: iexplore.exe	String found in binary or memory: https://www.capbilcap.ca/update-login/update/login///customer_center/customer-idpp00c635/lib/js/jque
Source: iexplore.exe	String found in binary or memory: https://www.capbilcap.ca/update-login/update/login///customer_center/customer-idpp00c635/myacco
Source: iexplore.exe	String found in binary or memory: https://www.capbilcap.ca/update-login/update/login///customer_center/customer-idpp00c635/myaccount/s
Source: iexplore.exe	String found in binary or memory: https://www.capbilcap.ca/updatv
Source: iexplore.exe	String found in binary or memory: https://www.example.com.
Source: iexplore.exe	String found in binary or memory: https://www.paypalobjects.com/webstatic/i/consumer/onboarding/sprite_form_2x.png
Source: iexplore.exe	String found in binary or memory: https://www.paypalobjects.com/webstatic/i/consumer/onboarding/sprite_form_2x.png)

Uses HTTPS

Show sources

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49206
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49214
Source: unknown	Network traffic detected: HTTP traffic on port 49213 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49205
Source: unknown	Network traffic detected: HTTP traffic on port 49218 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49203 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49202 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49214 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49199
Source: unknown	Network traffic detected: HTTP traffic on port 49219 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49205 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49213
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49202
Source: unknown	Network traffic detected: HTTP traffic on port 49211 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49211
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49215
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49210
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49200
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49217
Source: unknown	Network traffic detected: HTTP traffic on port 49216 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49199 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49220 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49217 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49212 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49206 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49219
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49216
Source: unknown	Network traffic detected: HTTP traffic on port 49215 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49210 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49218
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49212
Source: unknown	Network traffic detected: HTTP traffic on port 49200 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49220
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49203

Social media urls found in memory data

Show sources

Source: iexplore.exe	String found in binary or memory: http://www.facebook.com/
Source: iexplore.exe	String found in binary or memory: http://www.facebook.com/favicon.ico

System Summary:

Reads internet explorer settings

Show sources

Source: C:\Program Files\Internet Explorer\iexplore.exe

Key opened: HKEY_USERS\Software\Microsoft\Internet Explorer\Settings

Found graphical window changes (likely an installer)

Show sources

Source: Window Recorder

Window detected: More than 3 window changes detected

Checks if Microsoft Office is installed

Show sources

Source: C:\Program Files\Internet Explorer\iexplore.exe

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\14.0\Common\Filter\text/xml

Uses new MSVCR Dlls

Show sources

Source: C:\Program Files\Internet Explorer\iexplore.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\MSVCR90.dll

Binary contains paths to debug symbols

Show sources

Source:	Binary string: 86\ship\0\msohev.dll\bbtopt\msohevO.pdb source: iexplore.exe
Source:	Binary string: t:\misc_urlredirection\x86\ship\0\urlredirection.pdb source: iexplore.exe
Source:	Binary string: t:\misc_hev\x86\ship\0\msohev.pdb source: iexplore.exe
Source:	Binary string: 0\urlredirection.dll\bbtopt\urlredirectionO.pdb source: iexplore.exe

Classification label

Show sources

Source: classification engine

Classification label: mal48.phis.win@3/53@20/9

Creates files inside the user directory

Show sources

Source: C:\Program Files\Internet Explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{04EC86D7-4C45-11E7-A024-B808CF8DE4D8}.dat

Creates temporary files

Show sources

Source: C:\Program Files\Internet Explorer\iexplore.exe

File created: C:\Users\LUKETA~1\AppData\Local\Temp\~DFE78C1AEB532EC4FA.TMP

Reads ini files

Show sources

Source: C:\Program Files\Internet Explorer\iexplore.exe

File read: C:\Users\desktop.ini

Reads software policies

Show sources

Source: C:\Program Files\Internet Explorer\iexplore.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Spawns processes

Show sources

Source: unknown	Process created: C:\Program Files\Internet Explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files\Internet Explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' SCODEF:3028 CREDAT:275457 /prefetch:2
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files\Internet Explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' SCODEF:3028 CREDAT:275457 /prefetch:2

Uses an in-process (OLE) Automation server

Show sources

Source: C:\Program Files\Internet Explorer\iexplore.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\InProcServer32

Anti Debugging:

Creates guard pages, often used to prevent reverse engineering and debugging

Show sources

Source: C:\Program Files\Internet Explorer\iexplore.exe

Memory protected: page read and write and page guard

Behavior Graph

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious

Yara Overview

No Yara matches

Screenshot

Startup

system is w7_1

iexplore.exe (PID: 3028 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: EE79D654A04333F566DF07EBDE217928)

iexplore.exe (PID: 3076 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' SCODEF:3028 CREDAT:275457 /prefetch:2 MD5: EE79D654A04333F566DF07EBDE217928)

cleanup

Created / dropped Files

File Path	Type and Hashes	Malicious
C:\Users\LUKETA~1\AppData\Local\Temp\KnoA698.tmp	Type: XML document text MD5: 002D5646771D31D1E7C57990CC020150 SHA: A28EC731F9106C252F313CCA349A68EF94EE3DE9 SHA-256: 1E2E25BF730FF20C89D57AA38F7F34BE7690820E8279B20127D0014DD27B743F SHA-512: 689E90E7D83EEF054A168B98BA2B8D05AB6FF8564E199D4089215AD3FE33440908E687AA9AD7D94468F9F57A4CC19842D53A9CD2F17758BDADF0503DF63629C6	false
C:\Users\LUKETA~1\AppData\Local\Temp\wwwA9B6.tmp	Type: ASCII text, with CRLF line terminators MD5: 5DDF93B98C5AE2C79C09BFA87363078D SHA: 71BA59BB8429DFA73A5DD73502E0098A6308CF1E SHA-256: F5E35EA56DBF3FDB1A6EDC8C4B26B170FE9512F8DDDAE56353B5DD03D6FB1386 SHA-512: 5EA667BE4746FAF1AF72149D2C18B3BE72C7379ABE95E42140C266B531D6E2FAF4ECD9F8C31B03F82AA578240AAC863E2EAFBD17700425757B749784877CD862	false
C:\Users\LUKETA~1\AppData\Local\Temp\wwwA9D6.tmp	Type: ASCII text, with CRLF line terminators MD5: 480D8EF58C50B63649CA2A11A6DD21CA SHA: FF65A43FC6514B94D815E123DCC87543DFEB3509 SHA-256: A0E38252764186742D382B06CDF904BB849EA9C84A19C22B7380F32089735228 SHA-512: 8F07279D9234D17C8D2F890F18D6D07A64F22002B39B51956F2DAFD38D6EF46C261B7F756B858108CC996A95A7CE92F8AD08ADABF996B81291E49CD247D32AE0	false
C:\Users\LUKETA~1\AppData\Local\Temp\wwwA9E6.tmp	Type: ASCII text, with CRLF line terminators MD5: 431CE3C728B963E531AC57ED03AD7885 SHA: 4E59DD95CB200BD87778F26DE2C078D943BD0532 SHA-256: 928B92D61A40EC12A97B69BFD1743747EEEFBB07CD5C91BD5F4C3A1FAF6A64F1 SHA-512: 7F0A79E04A7C0471631B54E38E3377E041B221E7A891278ADA5ECEFE2367AB728F8FE3F5A71DA1815C23800CC5028BFCB6B3A7936142241D5DD732D05DEEC11B	false
C:\Users\LUKETA~1\AppData\Local\Temp\wwwB448.tmp	Type: ASCII text, with CRLF line terminators MD5: 6997211BDCC6FFB83C24153C5FF45FF8 SHA: 5753D953EDA2ADA640779E282C19E37F159AED09 SHA-256: A7F9A28D672F9F78C0F950F0262EE8AF2DFDD6E31AE3881C2038D8277522A4B9 SHA-512: BED2B6004038841804D8082C48D8CB4C45FC185AF94FAFF8DA00FC3C10CFBC711408FC5CDE1118E67D7483FE33376447C892E00FB11232D9BE9207B252E70DBB	false
C:\Users\LUKETA~1\AppData\Local\Temp\wwwB448.tmp:favicon	Type: PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced MD5: 1A85A1A8E48D59921E4802DF39CAAD1D SHA: 8274A054D39EE873AC2ADA3C447845386D080738 SHA-256: A397C7CEEC858FDF9DB122669662F6D89D30BE1E4B6DE727156628B5C48DF62D SHA-512: 7A6A77EDF9EB8DD289EC01763DBAFD24692D1270BAB71A190656B0A6B07936CA65EF928CF1C5C425B592C1BC2D2D108317E4B1B1916E04A9BF462A7C943B1125	false
C:\Users\LUKETA~1\AppData\Local\Temp\~DF0AE6BD6176F07C8D.TMP	Type: data MD5: D47AFC109AA1B1B668CFDA5B97F7E521 SHA: 61F2DB2C37AFD3AA79E31A1955E40941F36B18E4 SHA-256: 2C6C661B58846983E8DEAF94AB48B46EF3A808963885B42E5CC1433D379E1D4D SHA-512: 29B6C1A9C5053A71D95D1FF32132642035372C34BC7EDD109E4855D6A9906274F4F926242541E2CBAF6BA5E927F0B8E0C23E8CA54557A6B831A6A788A6CEEA5C	false
C:\Users\LUKETA~1\AppData\Local\Temp\~DF2361815F95B41CCF.TMP	Type: FoxPro FPT, blocks size 258, next free block index 16711424 MD5: 6E08DA966A975FF4556CFAF6699D9158 SHA: B27E07450CA0BE4BC1D1D9420465A8C52A2448BD SHA-256: A2DC6460F467020E39086B785CB086DE679B01350ACE4A87C437C7DCAB38CCFF SHA-512: B4387F542B31407C8AD2F006795675C45223C8E67A7BF790657306A995C0469D70828ABFD71FB4F0CE1B8CCB6A219C0C12A8D20CB337E495906D3948FB64BED3	false
C:\Users\LUKETA~1\AppData\Local\Temp\~DFE78C1AEB532EC4FA.TMP	Type: FoxPro FPT, blocks size 258, next free block index 16711424 MD5: A38D4C1D835FEB2796B582C694C86240 SHA: 8AFF9665B776942909A34FAC013F916CCB147C42 SHA-256: 5AE0EF50B81FD094C06AA891B8CC58555C7505B02A97D479CB4F82F1A9C577F1 SHA-512: 8433A91049CD74C27B6CDBC8F050F6FEED74DCB01A2CB55BA99684B199711D2DB031A54E06537E7A6444332A6F73F067EAA1D4DD8E8DE2FC0B4DA248FD39357B	false
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\37C951188967C8EB88D99893D9D191FE	Type: data MD5: 8D48EECCCF3D4A5D586B571C9A55DEFF SHA: 94E390468AAEC7F6285E6F178FA0940381628CF2 SHA-256: BFA1C9998666A307EAD6E0AC7374766F9BEBC73D8AC1E4BC49B1CDA48B5ABD4F SHA-512: B1FB5D9E6FF0F26FA320D4953245B8348424710484691EE48B2BA8B705DDB8325F33EB9449EF07D29490979475F515CA1F7BD032CCE632206F3E4E17F35EE764	false
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1	Type: data MD5: CF0434533865AC99CE2EC0FBE7384FEE SHA: 1F369720E3B1BA450ABE4FA8F7503F00B01F8230 SHA-256: 14087EFA22D9F309CC1BE74E12FBF641E6B433513E033F6887A79964C08179F0 SHA-512: 8068CB59F37A40D7ADF1C824E3E31A16FD84DF3FF52E8A5AE7FCDC412AA6E99D08219A286A8C92CFD25F823ABCD2A8FF18345612ED6D68697A2E7128129BA021	false
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_862BA1770B2FEE013603D2FF9ABEAFDA	Type: data MD5: 11555EDA2B265A0B3AD44EF18FFB4C99 SHA: 44D3537CA417BEC0FC17F7DF564E0640C3F6E7C2 SHA-256: 10B514BB4F52976717170F691904F9CBA1E86D7CFD1A76D12E927A8D78F524A9 SHA-512: 6CADD7F7AD75F3075959ED39C4C343CF65B7F53DDD826D6603E32FD61BF01F0609D443195EFBA8CCEA56A2DBF6E76FE19C063D537DB555A5C81DA5EEBB4F947B	false
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4	Type: data MD5: F6B84CECBCC0FDFDD3596A2830D3D5A4 SHA: 6937C8E966AA6D8E8BAF5A40B583795205256AA7 SHA-256: E5273822351AAEEC2088CED3801A4484388D52DD39E6F6B004B164BAD3D8F20B SHA-512: AFAC277901B788E027400DE68E06A36BEF55722C337534A7201D118A9AA647CFADF20210E912EB134312094224BCB74FCADDDEEE94DCFB81050AB5417E2105A2	false
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157	Type: data MD5: 16E8E953C65D610C3BFC595240F3F5B7 SHA: 231A802E6FF1FAE42F2B12561FFF2767D473210B SHA-256: 048846ED8ED185A26394ADEB3F63274D1029BBD59CFFA8E73A4EF8B19456DE1D SHA-512: 8CF223F68CD118BE6BEF746D4CCEF2BC293E7E0F44630F7B1A799280C255622CC75A8313D7918C95F5D17765CCB90D50D08E1224EC1BE33A8381780D3C8D068C	false
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B912B2C6928A18B8CD7D50CF08BEA95B_F85B8279FA54A31CEEC2563F5A8F73E8	Type: data MD5: 8350AA7727BCC775AB0F899DC0DF10DD SHA: DCAA28A55CC38BCC797BB9B310552A283C222E95 SHA-256: 5C0EFFA9BA19336BF45E3F76D2B5A80FE0445FC7D676EC0D787AD87653153422 SHA-512: 8A7D682CB8AF18FB700E6F928C6FF4EA3686DC1D6314542F1B7F0E0BD3922C678ACE59F934784856813101C8AD5755AA9F45BDA182D5E3CD5AC2D2CBE0C4185D	false
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\21253908F3CB05D51B1C2DA8B681A785	Type: data MD5: BE4652C2EFA887B58CDBBD715F766552 SHA: 9639218F9A3100B0AB5F7C27A83847F9F06B5628 SHA-256: 26FDABED594C3A75A396D937BA017BD747779D7C04E985F4B2C109A2D7A560B8 SHA-512: 73C5E2A144D094342051DB8544BEE7A47F33075FE9E7443879A38272083DC28C4186A124814FF1FE93B60D7A6604A491D62CF7629C4821E13F508A556BC9888B	false
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\37C951188967C8EB88D99893D9D191FE	Type: data MD5: 259BA8D3B141AFFCBCCEFB60119CA906 SHA: 085ADEC364278614161DDB25356E84C6273C39E5 SHA-256: 0B9B2BDF00B4BC14BD08A219F67E5E4EB91E374CA5717504F6D76960997FE8CB SHA-512: E4692C187DDF7762C93318CA76C54566AD2146C7015CD2EB6470471172374D66F723D9F3F2942AEA58C0D31DB6E8129B3FBF6330C32EE034468F8D06BC46527C	false
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1	Type: data MD5: E3687F25A50AB720FD6F980991F40B74 SHA: A76059F1F4D2DEAE7F8516EADB7A394141388184 SHA-256: 946322EBF4A401960B077D21DB5A1EB750193CFD852E8249CCFC252FBF0EA6DC SHA-512: B044409754B8F16CDED044396307AD91D0636861EF1882D51383B49EBC3CAC825EFC6768F9E328A817BD63D6813C8796DE447A03A9213A8EE275F0D2196C2DC4	false
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_862BA1770B2FEE013603D2FF9ABEAFDA	Type: data MD5: 6B3750264F0EDB4653FC4492AF3229EE SHA: A14E268D95A67F1F4BE4446FDE56021BCB0B22A5 SHA-256: 2F8EB3FA469767E26391EA66934327813CDA9A841A44A5E5D6BA9A99EA19B30E SHA-512: 72219BD6CBA399587418507D8A7C360C07440726FC467B66FAF5AEF522BC303DD704D47FB5B078D53FAA868939B21BBB4C31A5F6C0661971799E091DDA0D6470	false
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4	Type: data MD5: D37A9D9BF786F61DD9542BDD846FF728 SHA: 5A45789DD751C24813D4449BAE1853BB24D6AA8D SHA-256: 536F44B9FB00B8FF48426BCBDC4CB01885C860C56B236DFED68FD91F0808C71A SHA-512: 6EF82D819576D7D378A7071D6FB71E3F758785BA8F04D425CED94F064F85CB878D326D7103A210034229470DC719D3AEB7188CE95B3A409B288474712EE253B2	false
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157	Type: data MD5: BDEF467B3C0D8043D067A0D95B29994C SHA: A9E311292ED8B60DD6AFA8EEE52FA06666FF2DA5 SHA-256: 84BFB38C47F60D2EEB8DC6669EE41FAF6DD987AB944E690CA3945A6DFE5687BE SHA-512: 8DF1532C046583BCBCEDB29B50DBAE09B14FA6A3F27C5722772796267E0E800CEE41A4A614127119AC387D9F206C0487CC3EBCF52D90B6A7BF8DBBA21BC2DA70	false
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B912B2C6928A18B8CD7D50CF08BEA95B_F85B8279FA54A31CEEC2563F5A8F73E8	Type: data MD5: C4C2FC26A50A2BD65BC83F3086070969 SHA: 379CB6C827CEDE5E13F82CAFD1FB9E60DF3E583D SHA-256: AD0A7D2E7C1C9C17569255F60D0D35454FF6353E54DCCE57001D309F44239AA6 SHA-512: B9512A8E139196713E7A6CEBF5FC33BB630D7755A33F5DE10E196BE94B32FEC2B7D1E3D57F74DD9F0AE2DA464533825A1513C5184F8CC0E865A6D3C6E644CF5F	false
C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico	Type: PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced MD5: 1A85A1A8E48D59921E4802DF39CAAD1D SHA: 8274A054D39EE873AC2ADA3C447845386D080738 SHA-256: A397C7CEEC858FDF9DB122669662F6D89D30BE1E4B6DE727156628B5C48DF62D SHA-512: 7A6A77EDF9EB8DD289EC01763DBAFD24692D1270BAB71A190656B0A6B07936CA65EF928CF1C5C425B592C1BC2D2D108317E4B1B1916E04A9BF462A7C943B1125	false
C:\Users\user\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms	Type: data MD5: 0A95F34AF990166F857D51E5F8E69245 SHA: 24D0A771B76A245C87B26784BF51FE181844EE4F SHA-256: 98D6D0F8CC4F36C3442A221B5639B4C63432F2C971B9D995C2AA53509D3EB228 SHA-512: F408066BF335B894B443C8302F095BBDF22966EF63AF7C083FCB1EA2AB764D289B42FA4D295A04F4400A270D05EEE2D8214E3BDF1A5EC30F30EDD9A80C102020	false
C:\Users\user\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Suggested Sites~.feed-ms	Type: Composite Document File V2 Document, No summary info MD5: 82BF740FE8561D208C177CA34C0BE241 SHA: E931733F1F46F1722B9031FB54386D4DD6910A3C SHA-256: F721967A81A7550C55343FB0EAB0CB3994942E02B92A5E2A3DFD926834316B77 SHA-512: E0D9CDF94B820D98B4FF94A9F6FDE84BD04117237C1E567BF59BD853F024E05299751341BD3DA281FDE29EA29A9BD57B5F4D4DFC5D1BD548E9AADBDB4A885D3F	false
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{04EC86D7-4C45-11E7-A024-B808CF8DE4D8}.dat	Type: Microsoft Word Document MD5: 301E1DAFB7816961D145E6A9E57A3D04 SHA: 2697C075D94D37793535839BD57FBEA8FADD9E08 SHA-256: 56F67482755DE053C1CB41C922ED46FDD21752611060C957F4704AF052B0CD6B SHA-512: DF0C5E31CBE4E52EC9F6264945CCA29CCA086E7C6FE02DA8C3D18639BBC97C1F720D3406795C127350806AB3E1087485CFC1F000C2412AD13D9D6D14010D7D4D	false
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{04EC86D9-4C45-11E7-A024-B808CF8DE4D8}.dat	Type: Microsoft Word Document MD5: 15AF354D044209632E4A7E01C09D1DE2 SHA: 8B07AE4B275FBB12524429215556A038589ECD54 SHA-256: 44E0C3CDB3947E4B2E741CD01708D4005BE503ADA4F121EBAC8CE9CB51928BC1 SHA-512: 4A27748DD0BE2EC9D3132AAA8AF2A979A499BA4171D3A62CDE3AD71A346A8871AD34B64793A4CE2DE19ECAD9A99E4F662963D190BD02B37DD9162DA7DC271C51	false
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0B99FCF1-4C45-11E7-A024-B808CF8DE4D8}.dat	Type: Microsoft Word Document MD5: EE98EE8F437B188E6676ED88F28F93CF SHA: 7440B903B30043DF7F3CA076D9307128C303C85D SHA-256: 5DA0A09134AAF6AC92A6213625A35BE212AEA5A9B2E6676B034D00D46D54D0D0 SHA-512: 9E9264DDB82701CCA3EB0E70CF647CA33F7D1743FF83A6044E6145D1D8D4B840A503D566D66C622B3BD1E74A98BEB5810149F9A2822A6F0BA1A79DB2726AB620	false
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-2845162440\msapplication.xml	Type: XML document text MD5: CFFBDCE778CAEAE1DAFB57D3362B07B9 SHA: DCB751C132C26F988230E4ED78629BE037B32614 SHA-256: 1F9CC508141E51E541CF8FDD114F5E093B7E09B360C46D765BB05DE4B32DD89C SHA-512: C23C037A9155963D921C0A7D5CDDEDDB6FB4251C7907F5CCC8B898EA5FF8A4D39CA902BC7DB013665825FAF9604AE004B5B6F46C7B270EA9988C9BC886B5BDE9	false
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\VersionManager\verFB16.tmp	Type: XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators MD5: 7F7602B7DE7B11F865DF394BC8411C84 SHA: C568747C4755961678B5F50F3361498512690BDD SHA-256: 83E333DA70CBD8F69A1A70AFE19F6308A858DB9EE2205AAF9469AB7BDCEA69F7 SHA-512: 6EBFC85B2D1E6110D08A6EBDBF794DCC90EC49A76297088E35919F02E78A10A50AA0EA438F72F52D3C87B82983DA2860C6E607EAC1AB1E54C7EF8B7EDF713CC3	false
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\VersionManager\versionlist.xml (copy)	Type: MD5: D41D8CD98F00B204E9800998ECF8427E SHA: DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 SHA-256: E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 SHA-512: CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E	false
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\9z4asej\imagestore.dat	Type: data MD5: F6B28D4DA4AE66C9E42DE22EB0AE7E4E SHA: 8985E1EC5EE48FE1D03082918BA4D992E234544E SHA-256: 7D74AB0EF98F9EB39EE211D372DF1D088F9239146AC1A7B5158DDB9DB7546CF1 SHA-512: 2F82DBAA23B29D2F68016D4009847E3543D6822D73E08C81BF6FC029786EEE669EC58CCF7BBD1CD5C52E4DB8DC1F47FEB4ACB2D77B4D113174431662C5398EB1	false
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3HOVZAYJ\L-Z118[1].css	Type: ASCII text, with very long lines MD5: 70BA3705683E2EB9AA423B9A2D7B3BAC SHA: 60DA55F87F0647D5293F54E50D73442D25B422C9 SHA-256: 1BCDA772B32139BBD18696BA5A08FC2DA9731CECF88D6B904CB953107484F55F SHA-512: 90FA9BFD30DB7601E7DD985BF1F78C2928E4BDF98478406BFA9336AC5981B35AE94D9A28415B0C4EDDA72B20CBA74FEF29771137000CE9499D59B369BCE92F65	false
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3HOVZAYJ\index[1].htm	Type: ASCII text, with no line terminators MD5: 3D232CFE7068FB6E8AFDC7B98AAD6594 SHA: 3376CA7CB279D7412C95C639A5288DFC986DDB3F SHA-256: 7F83C0A478D43E834123D3BCE8CD8AA30C8BA611A8EE50E90D93B01971FFDC37 SHA-512: 6460DA6404E937F951276993F06D93F450060E5DDE444988BE40E19A888936CCF475192D32B948EBC4BDF76A0803BA2F0E03A6B9C7911B9D47B9E511D81FBA03	false
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3HOVZAYJ\jquery[1].js	Type: ASCII text, with very long lines, with CRLF line terminators MD5: 1A0D5BE2D25FF036A0E088E0EC0B3600 SHA: 7A9AE64F46B3C59AB06648D5681434A89C3D605C SHA-256: 2A1F1370EB7B24A307312112427DFD544FB838A8BEF66BABC936F5E870A22E52 SHA-512: F93C1D0ED0314A201F1051E9DF068B0197CB0A8C1287083A07597DC0CF06F7F987BA118718A14948D7AB949EF9B9A2128A54A403CA504EA3EE28984D2DF69CDF	false
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3HOVZAYJ\signin[1].htm	Type: HTML document, UTF-8 Unicode text, with CRLF line terminators MD5: EF6159646E122C00EB168EECB60BFDA9 SHA: 05D57075B465D512ED7A8D066CF2E47D36A4D1B3 SHA-256: AC15AF7F3DCAE37AD2E122BDF06972F009DA6E0170DCE3F44CC6C58F075FF987 SHA-512: F43CAE69F311D12CB4739296AD7F1451CE332DA83B03480365A5D5DFD19F61CAE387E780578D5C5659F702FBC428DB565923FBD0A5FAD879F4B26AD9A92EB34E	false
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3HOVZAYJ\urlblockindex[1].bin	Type: data MD5: FA518E3DFAE8CA3A0E495460FD60C791 SHA: E4F30E49120657D37267C0162FD4A08934800C69 SHA-256: 775853600060162C4B4E5F883F9FD5A278E61C471B3EE1826396B6D129499AA7 SHA-512: D21667F3FB081D39B579178E74E9BB1B6E9A97F2659029C165729A58F1787DC0ADADD980CD026C7A601D416665A81AC13A69E49A6A2FE2FDD0967938AA645C07	false
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GNNUVO51\customer-IDPP00C635[1].htm	Type: HTML document, ASCII text MD5: 56106A8846C7364AE96FE39A94C2674D SHA: FA006E2F7559D47E355659B441E527DCB3B6C129 SHA-256: BC3C907826D07E3812B9F716BFB1BF41FD288789FDAE20FD73279A4C1037080B SHA-512: 8182D041607BA2B17C320CA70B0C00D2D49B5C4D5EE66A3C7D6BB28747B983D1C941C7CC6BCA8A8B8A862E277E07EEF988D28D93FCFE7FC8D2C8F767D8008A88	false
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GNNUVO51\known_providers_download_v1[1].xml	Type: XML document text MD5: 002D5646771D31D1E7C57990CC020150 SHA: A28EC731F9106C252F313CCA349A68EF94EE3DE9 SHA-256: 1E2E25BF730FF20C89D57AA38F7F34BE7690820E8279B20127D0014DD27B743F SHA-512: 689E90E7D83EEF054A168B98BA2B8D05AB6FF8564E199D4089215AD3FE33440908E687AA9AD7D94468F9F57A4CC19842D53A9CD2F17758BDADF0503DF63629C6	false
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GNNUVO51\ok[1].htm	Type: HTML document, ASCII text MD5: 3E9337094A18C2392CD2B386598A1CA5 SHA: C06EEADDCEE1DAC3C444C4B7B06D2AC96904648E SHA-256: 64BDC37E23D5ECDB95C277917C69BE78721CB91F5428F306D71136ECEACA6C3F SHA-512: 3A5F7EFD4D850A6523F1A7E9DAE2C8D2A4E8251ED191973175E1964BE69795DBBBD3DD3DF4EBA10AA5DF1F3BF0103BEABFA46DEBC60C388656384D96ECDC066D	false
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HXM17S7C\favicon[1].ico	Type: PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced MD5: 5B188904E3BC002102653489E7AC4A4A SHA: 96607BA47296757DF3A005614947A5E83BA8683D SHA-256: 507C647828E8B817E23D90C7BE73B3105C32B9900147D0647B35046A32BE1016 SHA-512: 99BF5DBC8CBAD84CA240A2DDAD2DE73BFC434193A4F729738048A09051688771E8C92D99AA6B0C5698C702FD155663DF28916F74561CAE1F8C73C0D9DD1A9FF7	false
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HXM17S7C\favicon[2].ico	Type: MS Windows icon resource - 1 icon MD5: 40A1122C6C6BFF902FFBDCD8F99EA3BF SHA: 1AF06BC5A883C287CE788846EE445398C97E8369 SHA-256: FF45E60F690F50E7F7402879E073AE70FE735293C030D38F9205F24B779FAD4E SHA-512: 92CE6EE032C4C9A9B36DEB10890B253E6C98B03ED05146C823F21385B67FE415955CC2EE0D5951E09150CD4E41B6BC21557869E753DD2AC740F6D331882278A5	false
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HXM17S7C\kl_h4aXX6987PO[1].svg	Type: SVG Scalable Vector Graphics image MD5: 0D105318575EA6A4FC653AA8290A3410 SHA: B8EF6C644FFDB3983C518014BC4C0FF4317A011B SHA-256: B3CC50B9E94BBECAAEB1079B64B8CA50616D1732824964C1CC2C5422627A0EC5 SHA-512: 8797088012937108ACA1905E27DC49900CE00D5D51DEF982454A4C5389F4301A8857734C4178EF311DAE6AED47F033E1C9DF3D6F6B0B9BEF694D9CE278B3D193	false
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JBDEVYJT\backup[1].htm	Type: HTML document, ASCII text, with CRLF line terminators MD5: A7E4AA61485A2E36A00CDF53D3F0A1F7 SHA: 53E013B4087CF985CEB98EDEA82199D0A8EC345F SHA-256: FD44678E0B658090F917642B9EE0AE868FE22305BAD9159A3BBD00CF8F2E1D08 SHA-512: 35BD1DCE8FDCC88005CE0A25440A29CD70E7B1CD035BC137C4502F566E92D1409D88E4CC6D27FE5846B830274271BA01D78A3B9E187E317B3A698E730A5C1868	false
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JBDEVYJT\favicon[1].ico	Type: PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced MD5: 5B188904E3BC002102653489E7AC4A4A SHA: 96607BA47296757DF3A005614947A5E83BA8683D SHA-256: 507C647828E8B817E23D90C7BE73B3105C32B9900147D0647B35046A32BE1016 SHA-512: 99BF5DBC8CBAD84CA240A2DDAD2DE73BFC434193A4F729738048A09051688771E8C92D99AA6B0C5698C702FD155663DF28916F74561CAE1F8C73C0D9DD1A9FF7	false
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JBDEVYJT\favicon[2].ico	Type: MS Windows icon resource - 1 icon MD5: E1528B5176081F0ED963EC8397BC8FD3 SHA: FF60AFD001E924511E9B6F12C57B6BF26821FC1E SHA-256: 1690C4E20869C3763B7FC111E2F94035B0A7EE830311DD680AC91421DAAD3667 SHA-512: ACF71864E2844907752901EEEAF5C5648D9F6ACF3B73A2FB91E580BEE67A04FFE83BC2C984A9464732123BC43A3594007691653271BA94F95F7E1179F4146212	false
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Sqm\iesqmdata0.sqm	Type: data MD5: 14B0635DCB60EE9A1508068B18726E21 SHA: 68ACFD89C9B100271AF6575B217EBF36D99D1008 SHA-256: 21865EF10D49BBD2AC2F315DEBD6DDDEAB53F9E43F6D5E8DA10825DCBF873920 SHA-512: EDEB3AB7472123DE5402A6FC1E8374ADB16CF8EF9929EC5075CA5ECCC4C0D78F53BEC514935481B2D62A304BA52DF5F004CE13624429C83C6381878566EF4C02	false
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\LKHW6I20.txt	Type: ASCII text MD5: 86C7EE481FEB18FCB710A64656C9D1AF SHA: F98F23F0496A919EBA41A06F185B4B34AE6B0601 SHA-256: E170FB9B678753E8654C52B91A0D293E635CF4C568313352A8E4CFE2DE146DFC SHA-512: A8DD03F465C56B16698DD84CE4362A13CF9FDB90AD6AE71B0BB298FF077700B88DBBF2E292CBE0EBCBB5AA5992B5C61B4C92BDAF13B21C587CAFF4B78111A708	false
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\SVZI3ZTW.txt	Type: ASCII text MD5: 77B4194968F118FD6D80CBA682F1587E SHA: 31F1D43327FEE49AFB9E45C6202CA3CCFBEB11B8 SHA-256: FF56F78B418A84D353856090E9BC3E870F84E52FEE86C0040AC1FCD4C63BB262 SHA-512: 1C3FC77969872E8B86EE46A745EC21E9A1FCF9EA49294C46A3B5D33200D8BE5072A30F7A8429B1AC95584B66F1507B40FE26D504BCAA802FCBFB4C9C572E811B	false
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\WJR6LATL.txt	Type: ASCII text MD5: EA08F3F63259F304ED24E215F832F335 SHA: 39941F0AC9E727E35BC6EDE7A5815FE7013213E5 SHA-256: 0CD90F27208B3581722F43C7DF556CB86E6E31FA841C43D8CB45E0ACD26BF5FE SHA-512: AA9B2A5AFA55262CEC71CEA835BFA54E8507EC53664A9D162A7484F3F63D74C95D310B1F4EE35BE9D242CAC9C842CB0797C16F9FD62100C35C119DA1085716D2	false
C:\Users\user\Favorites\Links\Suggested Sites.url	Type: ASCII text, with CRLF line terminators MD5: 7025D736C3274F6BB146316A6A86370B SHA: 9C195AF1AEC4E764A1DC2994F293C1C0584495DD SHA-256: A7F87470192CD4C03A84370620AA44407759246DA80BE098E432BFC78E95D973 SHA-512: C61B11C8C827E29B9690A081051C4CEDF47BF583B03C3974BE50FBFC63583CBF7F11C6F16F9B88952B2A7412DD7B4935683F6CF4E8E7B5733D46D839689C2609	false
C:\Users\user\Favorites\Links\Suggested Sites.url:favicon	Type: PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced MD5: 1A85A1A8E48D59921E4802DF39CAAD1D SHA: 8274A054D39EE873AC2ADA3C447845386D080738 SHA-256: A397C7CEEC858FDF9DB122669662F6D89D30BE1E4B6DE727156628B5C48DF62D SHA-512: 7A6A77EDF9EB8DD289EC01763DBAFD24692D1270BAB71A190656B0A6B07936CA65EF928CF1C5C425B592C1BC2D2D108317E4B1B1916E04A9BF462A7C943B1125	false

Contacted Domains/Contacted IPs

Contacted Domains

Name	IP	Active	Malicious
ocsp.comodoca.com	178.255.83.1	true	false
iecvlist.microsoft.com	72.21.81.200	true	false
crl.microsoft.com	2.20.189.34	true	false
sqm.telemetry.microsoft.com	65.55.252.93	true	false
toitvert.net	184.107.89.236	true	false
www.capbilcap.ca	184.107.89.236	true	false
ocsp.msocsp.com	198.41.215.182	true	false
www.bing.com	204.79.197.200	true	false
api.bing.com	13.107.5.80	true	false
r20swj13mr.microsoft.com	72.21.81.200	true	false
ocsp.usertrust.com	178.255.83.1	true	false
ieonline.microsoft.com	204.79.197.200	true	false
go.microsoft.com	2.16.33.120	true	false

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

IP	Country	ASN	ASN Name	Malicious
2.20.189.34	European Union	20940	AkamaiInternationalBV	false
184.107.89.236	Canada	32613	iWebTechnologiesInc	false
65.55.252.93	United States	3598	MicrosoftCorporation	false
72.21.81.200	United States	15133	EdgeCastNetworksInc	false
8.8.8.8	United States	15169	GoogleInc	false
178.255.83.1	United Kingdom	35838	CCANETLimited	false
2.16.33.120	European Union	16625	AkamaiTechnologiesInc	false
198.41.215.182	United States	13335	CloudFlareInc	false
204.79.197.200	United States	8075	MicrosoftCorporation	false

Static File Info

No static file info

Network Behavior

Download Network PCAP:	Network PCAP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 8, 2017 14:22:15.442416906 CEST	55149	53	192.168.1.81	8.8.8.8
Jun 8, 2017 14:22:15.659612894 CEST	53	55149	8.8.8.8	192.168.1.81
Jun 8, 2017 14:22:15.674016953 CEST	57187	53	192.168.1.81	8.8.8.8
Jun 8, 2017 14:22:15.868901968 CEST	53	57187	8.8.8.8	192.168.1.81
Jun 8, 2017 14:22:18.450911999 CEST	54708	53	192.168.1.81	8.8.8.8
Jun 8, 2017 14:22:18.521114111 CEST	54054	53	192.168.1.81	8.8.8.8
Jun 8, 2017 14:22:18.601742983 CEST	60308	53	192.168.1.81	8.8.8.8
Jun 8, 2017 14:22:18.815368891 CEST	53	54708	8.8.8.8	192.168.1.81
Jun 8, 2017 14:22:18.817643881 CEST	53	54054	8.8.8.8	192.168.1.81
Jun 8, 2017 14:22:18.850127935 CEST	53	60308	8.8.8.8	192.168.1.81
Jun 8, 2017 14:22:19.345968962 CEST	58054	53	192.168.1.81	8.8.8.8
Jun 8, 2017 14:22:19.568027973 CEST	53	58054	8.8.8.8	192.168.1.81
Jun 8, 2017 14:22:19.575546026 CEST	49193	80	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:19.575596094 CEST	80	49193	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:19.576546907 CEST	49193	80	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:19.576910973 CEST	49194	80	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:19.576946974 CEST	80	49194	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:19.577035904 CEST	49194	80	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:19.578577042 CEST	49193	80	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:19.578607082 CEST	80	49193	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:20.256994009 CEST	80	49193	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:20.257263899 CEST	49193	80	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:20.257702112 CEST	49193	80	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:20.257812977 CEST	80	49193	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:20.257939100 CEST	49193	80	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:20.273189068 CEST	49194	80	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:20.273231983 CEST	80	49194	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:21.338697910 CEST	80	49194	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:21.338964939 CEST	49194	80	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:21.515013933 CEST	80	49194	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:21.515197992 CEST	49194	80	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:21.515659094 CEST	49194	80	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:21.515733957 CEST	80	49194	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:21.516560078 CEST	49194	80	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:21.522377968 CEST	49195	80	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:21.522407055 CEST	80	49195	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:21.522460938 CEST	49195	80	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:21.523075104 CEST	49196	80	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:21.523097992 CEST	80	49196	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:21.523147106 CEST	49196	80	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:21.523720980 CEST	49195	80	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:21.523740053 CEST	80	49195	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:22.099258900 CEST	80	49195	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:22.099378109 CEST	49195	80	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:22.119748116 CEST	80	49195	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:22.119837046 CEST	49195	80	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:22.165792942 CEST	49195	80	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:22.165879965 CEST	80	49195	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:22.166888952 CEST	49195	80	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:23.714718103 CEST	55793	53	192.168.1.81	8.8.8.8
Jun 8, 2017 14:22:23.718019962 CEST	63235	53	192.168.1.81	8.8.8.8
Jun 8, 2017 14:22:23.822381020 CEST	53	55793	8.8.8.8	192.168.1.81
Jun 8, 2017 14:22:23.838284016 CEST	49197	80	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:23.838325024 CEST	80	49197	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:23.838407993 CEST	49197	80	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:23.851246119 CEST	49198	80	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:23.851281881 CEST	80	49198	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:23.851327896 CEST	49198	80	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:23.882425070 CEST	53	63235	8.8.8.8	192.168.1.81
Jun 8, 2017 14:22:23.893234015 CEST	49197	80	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:23.893275023 CEST	80	49197	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:23.910938025 CEST	49199	443	192.168.1.81	2.16.33.120
Jun 8, 2017 14:22:23.910976887 CEST	443	49199	2.16.33.120	192.168.1.81
Jun 8, 2017 14:22:23.912188053 CEST	49199	443	192.168.1.81	2.16.33.120
Jun 8, 2017 14:22:23.912606955 CEST	49200	443	192.168.1.81	2.16.33.120
Jun 8, 2017 14:22:23.912636042 CEST	443	49200	2.16.33.120	192.168.1.81
Jun 8, 2017 14:22:23.912707090 CEST	49200	443	192.168.1.81	2.16.33.120
Jun 8, 2017 14:22:23.976763010 CEST	49199	443	192.168.1.81	2.16.33.120
Jun 8, 2017 14:22:23.976815939 CEST	443	49199	2.16.33.120	192.168.1.81
Jun 8, 2017 14:22:23.976974010 CEST	49200	443	192.168.1.81	2.16.33.120
Jun 8, 2017 14:22:23.976989985 CEST	443	49200	2.16.33.120	192.168.1.81
Jun 8, 2017 14:22:23.998572111 CEST	49196	80	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:23.998615026 CEST	80	49196	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:24.140542984 CEST	49201	80	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:24.140582085 CEST	80	49201	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:24.142242908 CEST	49201	80	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:24.161572933 CEST	49201	80	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:24.161603928 CEST	80	49201	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:24.319242001 CEST	53742	53	192.168.1.81	8.8.8.8
Jun 8, 2017 14:22:24.344151974 CEST	80	49197	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:24.344283104 CEST	49197	80	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:24.366420984 CEST	80	49197	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:24.366544962 CEST	49197	80	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:24.441941023 CEST	53	53742	8.8.8.8	192.168.1.81
Jun 8, 2017 14:22:24.445756912 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:24.445790052 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:24.445919991 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:24.446660042 CEST	49203	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:24.446683884 CEST	443	49203	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:24.446753979 CEST	49203	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:24.447947979 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:24.447967052 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:24.448384047 CEST	49203	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:24.448401928 CEST	443	49203	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:24.526489019 CEST	80	49196	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:24.526515007 CEST	80	49196	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:24.526552916 CEST	80	49196	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:24.526604891 CEST	49196	80	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:24.527067900 CEST	49196	80	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:24.535415888 CEST	49196	80	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:24.535440922 CEST	80	49196	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:24.688142061 CEST	443	49199	2.16.33.120	192.168.1.81
Jun 8, 2017 14:22:24.688167095 CEST	443	49199	2.16.33.120	192.168.1.81
Jun 8, 2017 14:22:24.688177109 CEST	443	49199	2.16.33.120	192.168.1.81
Jun 8, 2017 14:22:24.688412905 CEST	49199	443	192.168.1.81	2.16.33.120
Jun 8, 2017 14:22:24.708338976 CEST	443	49199	2.16.33.120	192.168.1.81
Jun 8, 2017 14:22:24.708496094 CEST	49199	443	192.168.1.81	2.16.33.120
Jun 8, 2017 14:22:24.713047028 CEST	443	49199	2.16.33.120	192.168.1.81
Jun 8, 2017 14:22:24.713077068 CEST	443	49200	2.16.33.120	192.168.1.81
Jun 8, 2017 14:22:24.713088036 CEST	443	49200	2.16.33.120	192.168.1.81
Jun 8, 2017 14:22:24.713396072 CEST	49199	443	192.168.1.81	2.16.33.120
Jun 8, 2017 14:22:24.713423014 CEST	49200	443	192.168.1.81	2.16.33.120
Jun 8, 2017 14:22:24.740428925 CEST	49199	443	192.168.1.81	2.16.33.120
Jun 8, 2017 14:22:24.740453959 CEST	443	49199	2.16.33.120	192.168.1.81
Jun 8, 2017 14:22:24.836889982 CEST	443	49200	2.16.33.120	192.168.1.81
Jun 8, 2017 14:22:24.837110043 CEST	49200	443	192.168.1.81	2.16.33.120
Jun 8, 2017 14:22:24.861061096 CEST	443	49200	2.16.33.120	192.168.1.81
Jun 8, 2017 14:22:24.861085892 CEST	443	49200	2.16.33.120	192.168.1.81
Jun 8, 2017 14:22:24.861304045 CEST	49200	443	192.168.1.81	2.16.33.120
Jun 8, 2017 14:22:24.887267113 CEST	49200	443	192.168.1.81	2.16.33.120
Jun 8, 2017 14:22:24.887284994 CEST	443	49200	2.16.33.120	192.168.1.81
Jun 8, 2017 14:22:24.996944904 CEST	80	49201	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:24.996998072 CEST	80	49201	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:24.997071028 CEST	443	49203	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:24.997140884 CEST	49201	80	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:24.997220993 CEST	443	49203	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:24.998114109 CEST	49203	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:24.998133898 CEST	443	49203	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:24.998514891 CEST	49203	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:24.998799086 CEST	443	49203	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:24.998820066 CEST	443	49203	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:24.998832941 CEST	443	49203	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:24.998903036 CEST	49203	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:25.010391951 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:25.010499954 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:25.011579990 CEST	49201	80	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:25.011605024 CEST	80	49201	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:25.074207067 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:25.074312925 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:25.091058016 CEST	49203	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:25.091078043 CEST	443	49203	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:25.091926098 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:25.091943979 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:25.091950893 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:25.092037916 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:25.173990011 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:25.176000118 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:25.193263054 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:25.193286896 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:25.193370104 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:25.252135992 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:25.252165079 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:25.367317915 CEST	443	49199	2.16.33.120	192.168.1.81
Jun 8, 2017 14:22:25.367383003 CEST	49199	443	192.168.1.81	2.16.33.120
Jun 8, 2017 14:22:25.508342981 CEST	443	49200	2.16.33.120	192.168.1.81
Jun 8, 2017 14:22:25.508443117 CEST	49200	443	192.168.1.81	2.16.33.120
Jun 8, 2017 14:22:25.563416004 CEST	443	49203	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:25.563503981 CEST	49203	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:25.712469101 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:25.712661028 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:25.921761990 CEST	58023	53	192.168.1.81	8.8.8.8
Jun 8, 2017 14:22:26.107461929 CEST	53	58023	8.8.8.8	192.168.1.81
Jun 8, 2017 14:22:26.115358114 CEST	61452	53	192.168.1.81	8.8.8.8
Jun 8, 2017 14:22:26.195709944 CEST	53	61452	8.8.8.8	192.168.1.81
Jun 8, 2017 14:22:26.489411116 CEST	55584	53	192.168.1.81	8.8.8.8
Jun 8, 2017 14:22:26.702738047 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:26.702761889 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:26.703223944 CEST	49203	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:26.703246117 CEST	443	49203	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:26.742815971 CEST	53	55584	8.8.8.8	192.168.1.81
Jun 8, 2017 14:22:26.744190931 CEST	49205	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:26.744230032 CEST	443	49205	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:26.744297028 CEST	49205	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:26.745093107 CEST	49206	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:26.745117903 CEST	443	49206	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:26.745193958 CEST	49206	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:26.753577948 CEST	49206	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:26.753599882 CEST	443	49206	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:26.753989935 CEST	49205	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:26.754009008 CEST	443	49205	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:26.894309044 CEST	64292	53	192.168.1.81	8.8.8.8
Jun 8, 2017 14:22:26.996511936 CEST	53	64292	8.8.8.8	192.168.1.81
Jun 8, 2017 14:22:27.004973888 CEST	60134	53	192.168.1.81	8.8.8.8
Jun 8, 2017 14:22:27.036623955 CEST	443	49203	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:27.036786079 CEST	49203	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:27.096883059 CEST	53	60134	8.8.8.8	192.168.1.81
Jun 8, 2017 14:22:27.096921921 CEST	443	49203	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:27.097103119 CEST	49203	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:27.104213953 CEST	49207	80	192.168.1.81	198.41.215.182
Jun 8, 2017 14:22:27.104263067 CEST	80	49207	198.41.215.182	192.168.1.81
Jun 8, 2017 14:22:27.104401112 CEST	49207	80	192.168.1.81	198.41.215.182
Jun 8, 2017 14:22:27.108859062 CEST	49207	80	192.168.1.81	198.41.215.182
Jun 8, 2017 14:22:27.108896017 CEST	80	49207	198.41.215.182	192.168.1.81
Jun 8, 2017 14:22:27.118560076 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:27.118671894 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:27.388698101 CEST	443	49205	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:27.388911963 CEST	49205	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:27.409418106 CEST	443	49205	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:27.409440041 CEST	443	49205	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:27.409449100 CEST	443	49205	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:27.409632921 CEST	49205	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:27.436286926 CEST	443	49205	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:27.436544895 CEST	49205	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:27.470470905 CEST	443	49205	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:27.470500946 CEST	443	49206	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:27.470515966 CEST	443	49206	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:27.470746994 CEST	49205	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:27.470805883 CEST	49206	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:27.495042086 CEST	49205	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:27.495060921 CEST	443	49205	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:27.560931921 CEST	443	49206	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:27.561144114 CEST	49206	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:27.592257977 CEST	443	49206	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:27.592315912 CEST	443	49206	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:27.592448950 CEST	49206	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:27.626499891 CEST	49206	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:27.626519918 CEST	443	49206	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:27.771625042 CEST	80	49207	198.41.215.182	192.168.1.81
Jun 8, 2017 14:22:27.797219992 CEST	80	49207	198.41.215.182	192.168.1.81
Jun 8, 2017 14:22:27.797420025 CEST	49207	80	192.168.1.81	198.41.215.182
Jun 8, 2017 14:22:27.797450066 CEST	80	49207	198.41.215.182	192.168.1.81
Jun 8, 2017 14:22:27.823120117 CEST	49199	443	192.168.1.81	2.16.33.120
Jun 8, 2017 14:22:27.823144913 CEST	443	49199	2.16.33.120	192.168.1.81
Jun 8, 2017 14:22:27.998147011 CEST	443	49206	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:27.998361111 CEST	49206	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:28.000469923 CEST	80	49207	198.41.215.182	192.168.1.81
Jun 8, 2017 14:22:28.000597000 CEST	49207	80	192.168.1.81	198.41.215.182
Jun 8, 2017 14:22:28.147038937 CEST	53893	53	192.168.1.81	8.8.8.8
Jun 8, 2017 14:22:28.188128948 CEST	443	49205	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:28.188347101 CEST	49205	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:28.395663023 CEST	53	53893	8.8.8.8	192.168.1.81
Jun 8, 2017 14:22:28.432991028 CEST	64383	53	192.168.1.81	8.8.8.8
Jun 8, 2017 14:22:28.453197002 CEST	443	49199	2.16.33.120	192.168.1.81
Jun 8, 2017 14:22:28.453751087 CEST	49199	443	192.168.1.81	2.16.33.120
Jun 8, 2017 14:22:28.462774038 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:28.462798119 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:28.652688026 CEST	53	64383	8.8.8.8	192.168.1.81
Jun 8, 2017 14:22:28.654496908 CEST	49208	80	192.168.1.81	178.255.83.1
Jun 8, 2017 14:22:28.654546976 CEST	80	49208	178.255.83.1	192.168.1.81
Jun 8, 2017 14:22:28.654671907 CEST	49208	80	192.168.1.81	178.255.83.1
Jun 8, 2017 14:22:28.655339956 CEST	49208	80	192.168.1.81	178.255.83.1
Jun 8, 2017 14:22:28.655369997 CEST	80	49208	178.255.83.1	192.168.1.81
Jun 8, 2017 14:22:28.824650049 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:28.824882030 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:28.844449997 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:28.844475985 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:28.844485998 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:28.844687939 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:28.858203888 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:28.858232021 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:28.858241081 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:28.858437061 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:28.902811050 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:28.902834892 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:28.902843952 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:28.903043032 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:28.995121002 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:28.995286942 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:29.024209976 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.024234056 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.024244070 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.024354935 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:29.028440952 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.028470993 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.028480053 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.028678894 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:29.066447020 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.066473007 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.066482067 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.066613913 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:29.076204062 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.076320887 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:29.101993084 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.102025032 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.102035046 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.102253914 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:29.120765924 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.120888948 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:29.166166067 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:29.181329012 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.181468010 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:29.207542896 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.207566977 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.207581043 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.207679033 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:29.228892088 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.228919029 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.228928089 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.229043007 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:29.248581886 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.248605013 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.248621941 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.248904943 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:29.269799948 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.269865990 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:29.293348074 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.293370962 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.293380976 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.293582916 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:29.314400911 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.314543962 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:29.346029043 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.346039057 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.346044064 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.346147060 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:29.346532106 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:29.364260912 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.364285946 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.364294052 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.364397049 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:29.364425898 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.364469051 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.364484072 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.366117001 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:29.386327982 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.386452913 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:29.410674095 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.410696983 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.410708904 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.410793066 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:29.526643991 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.526767969 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:29.561878920 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.561907053 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.561916113 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.562021017 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:29.582134008 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.582309961 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:29.615014076 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.615046978 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.615055084 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.615137100 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:29.620573997 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.620599031 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.620611906 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.620701075 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:29.639722109 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.639875889 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:29.677247047 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.677268982 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.677278042 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.677499056 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:29.700387955 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.700622082 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:29.724225998 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.724251032 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.724266052 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.724509001 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:29.743087053 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.743227959 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:29.784379005 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.784406900 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.784425974 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.784476042 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.784487963 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.784596920 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:29.784622908 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.785021067 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:29.838197947 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.838308096 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:29.848903894 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.848927975 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.848948002 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.849020004 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:29.869184971 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.869332075 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:29.874948025 CEST	80	49208	178.255.83.1	192.168.1.81
Jun 8, 2017 14:22:29.874990940 CEST	80	49208	178.255.83.1	192.168.1.81
Jun 8, 2017 14:22:29.875024080 CEST	443	49202	204.79.197.200	192.168.1.81
Jun 8, 2017 14:22:29.875092983 CEST	49208	80	192.168.1.81	178.255.83.1
Jun 8, 2017 14:22:29.875129938 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:29.964107990 CEST	49208	80	192.168.1.81	178.255.83.1
Jun 8, 2017 14:22:29.964133024 CEST	80	49208	178.255.83.1	192.168.1.81
Jun 8, 2017 14:22:30.268908024 CEST	52553	53	192.168.1.81	8.8.8.8
Jun 8, 2017 14:22:30.381725073 CEST	53	52553	8.8.8.8	192.168.1.81
Jun 8, 2017 14:22:30.417634010 CEST	50632	53	192.168.1.81	8.8.8.8
Jun 8, 2017 14:22:30.507282019 CEST	53	50632	8.8.8.8	192.168.1.81
Jun 8, 2017 14:22:30.511184931 CEST	49209	80	192.168.1.81	178.255.83.1
Jun 8, 2017 14:22:30.511230946 CEST	80	49209	178.255.83.1	192.168.1.81
Jun 8, 2017 14:22:30.511337996 CEST	49209	80	192.168.1.81	178.255.83.1
Jun 8, 2017 14:22:30.512092113 CEST	49209	80	192.168.1.81	178.255.83.1
Jun 8, 2017 14:22:30.512123108 CEST	80	49209	178.255.83.1	192.168.1.81
Jun 8, 2017 14:22:31.031517982 CEST	80	49209	178.255.83.1	192.168.1.81
Jun 8, 2017 14:22:31.053715944 CEST	80	49209	178.255.83.1	192.168.1.81
Jun 8, 2017 14:22:31.053903103 CEST	49209	80	192.168.1.81	178.255.83.1
Jun 8, 2017 14:22:31.054068089 CEST	49209	80	192.168.1.81	178.255.83.1
Jun 8, 2017 14:22:31.054095984 CEST	80	49209	178.255.83.1	192.168.1.81
Jun 8, 2017 14:22:31.076340914 CEST	49205	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:31.076371908 CEST	443	49205	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:33.198097944 CEST	443	49205	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:33.198251009 CEST	49205	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:33.248548031 CEST	49205	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:33.248668909 CEST	443	49205	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:33.252578020 CEST	49205	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:33.254537106 CEST	49206	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:33.254574060 CEST	443	49206	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:33.817349911 CEST	443	49206	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:33.817450047 CEST	49206	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:33.833807945 CEST	443	49206	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:33.833897114 CEST	49206	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:33.834110022 CEST	49206	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:33.834223032 CEST	443	49206	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:33.834346056 CEST	49206	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:33.841032982 CEST	49210	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:33.841072083 CEST	443	49210	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:33.841208935 CEST	49210	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:33.842143059 CEST	49211	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:33.842170954 CEST	443	49211	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:33.842276096 CEST	49211	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:33.843421936 CEST	49211	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:33.843449116 CEST	443	49211	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:33.843947887 CEST	49210	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:33.843970060 CEST	443	49210	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:34.403755903 CEST	443	49210	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:34.403939962 CEST	49210	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:34.404972076 CEST	49210	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:34.405008078 CEST	443	49210	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:34.427928925 CEST	49210	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:34.427951097 CEST	443	49210	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:34.430149078 CEST	443	49211	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:34.430324078 CEST	49211	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:34.430934906 CEST	49211	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:34.430953979 CEST	443	49211	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:35.003324032 CEST	443	49210	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:35.003523111 CEST	49210	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:35.062696934 CEST	443	49210	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:35.062814951 CEST	49210	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:35.063103914 CEST	49210	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:35.063188076 CEST	443	49210	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:35.064518929 CEST	49210	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:35.064773083 CEST	49211	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:35.064795017 CEST	443	49211	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:35.683943033 CEST	443	49211	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:35.684150934 CEST	49211	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:35.706729889 CEST	443	49211	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:35.706752062 CEST	443	49211	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:35.706760883 CEST	443	49211	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:35.706886053 CEST	49211	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:35.845727921 CEST	443	49211	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:35.845916033 CEST	49211	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:35.868866920 CEST	443	49211	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:35.869055033 CEST	49211	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:35.903433084 CEST	443	49211	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:35.903609037 CEST	49211	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:35.927820921 CEST	443	49211	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:35.927845001 CEST	443	49211	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:35.927962065 CEST	49211	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:35.975384951 CEST	49212	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:35.975414991 CEST	443	49212	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:35.976089954 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:35.976113081 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:35.976207018 CEST	49212	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:35.976241112 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:35.977809906 CEST	49212	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:35.977833033 CEST	443	49212	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:35.978868961 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:35.978889942 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:36.037173986 CEST	443	49211	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:36.037730932 CEST	49211	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:36.042424917 CEST	49211	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:36.042525053 CEST	443	49211	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:36.042632103 CEST	49211	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:36.566445112 CEST	443	49212	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:36.566719055 CEST	49212	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:36.569395065 CEST	49212	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:36.569425106 CEST	443	49212	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:36.586975098 CEST	49212	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:36.586998940 CEST	443	49212	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:36.704154968 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:36.704329014 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:36.705281019 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:36.705313921 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:36.722892046 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:36.722913027 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.182558060 CEST	443	49212	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.182777882 CEST	49212	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:37.203083038 CEST	443	49212	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.203109026 CEST	443	49212	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.203125000 CEST	443	49212	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.203290939 CEST	49212	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:37.350564957 CEST	443	49212	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.350790024 CEST	49212	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:37.371824980 CEST	443	49212	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.371851921 CEST	443	49212	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.371869087 CEST	443	49212	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.372066021 CEST	49212	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:37.401235104 CEST	443	49212	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.401248932 CEST	443	49212	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.401253939 CEST	443	49212	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.401401043 CEST	49212	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:37.401439905 CEST	443	49212	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.401940107 CEST	49212	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:37.406223059 CEST	443	49212	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.406248093 CEST	443	49212	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.406280994 CEST	443	49212	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.406318903 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.406433105 CEST	49212	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:37.406491041 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:37.407295942 CEST	49212	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:37.407327890 CEST	443	49212	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.515557051 CEST	49214	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:37.515599012 CEST	443	49214	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.515666008 CEST	49214	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:37.516910076 CEST	49214	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:37.516930103 CEST	443	49214	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.529400110 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.529498100 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:37.534497976 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.534519911 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.534526110 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.534617901 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:37.548491001 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.548644066 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:37.566154957 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.566246986 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:37.567589998 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.567619085 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.567637920 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.567723989 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:37.569905996 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.569930077 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.569952011 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.569983959 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:37.572171926 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:37.583734989 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.583852053 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:37.588783979 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.588812113 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.588826895 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.589138985 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:37.592639923 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.592940092 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:37.685014009 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.685307026 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:37.706720114 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.706737041 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.706749916 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.707133055 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:37.713290930 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.713434935 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:37.716598988 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.716629982 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.716645956 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.716742992 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:37.717459917 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.717488050 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.717629910 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:37.726867914 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.726891041 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.726902008 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.727039099 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:37.746400118 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.746604919 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:37.870260000 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.870445967 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:37.890773058 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.890796900 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.890813112 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.891006947 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:37.903522015 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.903748989 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:37.907259941 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.907285929 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.907303095 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.907517910 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:37.927025080 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.927054882 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.927257061 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:37.931762934 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.931973934 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:37.938744068 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.938771963 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.938781023 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.938945055 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:37.952217102 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:37.952400923 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:38.032427073 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:38.032690048 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:38.053234100 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:38.053258896 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:38.053268909 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:38.053457975 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:38.088592052 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:38.088784933 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:38.089992046 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:38.090019941 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:38.090029001 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:38.090157986 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:38.098197937 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:38.098222017 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:38.098233938 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:38.098494053 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:38.099714994 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:38.099741936 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:38.099755049 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:38.099853039 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:38.108573914 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:38.108742952 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:38.188628912 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:38.188838005 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:38.193455935 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:38.193479061 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:38.193491936 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:38.193577051 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:38.195219994 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:38.195333004 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:38.224586964 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:38.224735022 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:38.229124069 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:38.229145050 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:38.229156971 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:38.229315042 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:38.232347965 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:38.232372046 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:38.232495070 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:38.241214991 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:38.241338968 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:38.245687008 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:38.245707989 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:38.245718956 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:38.245814085 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:38.304202080 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:38.304342031 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:38.361499071 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:38.361665010 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:38.389149904 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:38.389189005 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:38.389209032 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:38.389323950 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:38.417618990 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:38.417756081 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:38.437088966 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:38.437102079 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:38.437362909 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:38.521976948 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:38.522223949 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:38.542953014 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:38.542999029 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:38.543039083 CEST	443	49214	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:38.543152094 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:38.543211937 CEST	49214	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:38.543638945 CEST	49213	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:38.543670893 CEST	443	49213	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:38.547064066 CEST	49214	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:38.547095060 CEST	443	49214	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:38.562127113 CEST	49214	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:38.562146902 CEST	443	49214	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:39.209347963 CEST	443	49214	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:39.209610939 CEST	49214	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:39.271594048 CEST	443	49214	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:39.271831036 CEST	49214	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:39.368022919 CEST	443	49214	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:39.368259907 CEST	49214	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:39.391144037 CEST	443	49214	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:39.391307116 CEST	49214	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:39.523745060 CEST	443	49214	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:39.523961067 CEST	49214	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:39.542026997 CEST	443	49214	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:39.542053938 CEST	443	49214	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:39.542098045 CEST	443	49214	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:39.542258978 CEST	49214	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:39.542778015 CEST	49214	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:39.542810917 CEST	443	49214	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:39.595515966 CEST	49215	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:39.595566034 CEST	443	49215	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:39.595655918 CEST	49215	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:39.596389055 CEST	49216	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:39.596414089 CEST	443	49216	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:39.596528053 CEST	49216	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:39.600162029 CEST	49215	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:39.600183964 CEST	443	49215	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:39.600953102 CEST	49216	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:39.600975990 CEST	443	49216	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:40.140542984 CEST	443	49215	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:40.140750885 CEST	49215	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:40.142535925 CEST	49215	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:40.142568111 CEST	443	49215	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:40.163902044 CEST	49215	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:40.163924932 CEST	443	49215	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:40.263686895 CEST	443	49216	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:40.264113903 CEST	49216	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:40.265949011 CEST	49216	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:40.265974998 CEST	443	49216	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:40.840672970 CEST	443	49215	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:40.841007948 CEST	49215	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:40.874233007 CEST	443	49215	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:40.874265909 CEST	443	49215	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:40.874279022 CEST	443	49215	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:40.874349117 CEST	49215	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:40.987088919 CEST	443	49215	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:40.987464905 CEST	49215	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:41.007276058 CEST	443	49215	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:41.007316113 CEST	443	49215	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:41.007358074 CEST	443	49215	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:41.008790970 CEST	49215	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:41.009383917 CEST	49215	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:41.009408951 CEST	443	49215	184.107.89.236	192.168.1.81
Jun 8, 2017 14:22:41.009505987 CEST	49215	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:41.012953043 CEST	49215	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:42.433893919 CEST	49216	443	192.168.1.81	184.107.89.236
Jun 8, 2017 14:22:43.885116100 CEST	58641	53	192.168.1.81	8.8.8.8
Jun 8, 2017 14:22:43.900816917 CEST	58078	53	192.168.1.81	8.8.8.8
Jun 8, 2017 14:22:43.969181061 CEST	53	58641	8.8.8.8	192.168.1.81
Jun 8, 2017 14:22:43.985074997 CEST	49217	443	192.168.1.81	72.21.81.200
Jun 8, 2017 14:22:43.985129118 CEST	443	49217	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:43.985227108 CEST	49217	443	192.168.1.81	72.21.81.200
Jun 8, 2017 14:22:43.985975027 CEST	49217	443	192.168.1.81	72.21.81.200
Jun 8, 2017 14:22:43.986001015 CEST	443	49217	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:44.004631996 CEST	53	58078	8.8.8.8	192.168.1.81
Jun 8, 2017 14:22:44.005841970 CEST	49218	443	192.168.1.81	72.21.81.200
Jun 8, 2017 14:22:44.005870104 CEST	443	49218	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:44.005960941 CEST	49218	443	192.168.1.81	72.21.81.200
Jun 8, 2017 14:22:44.006633043 CEST	49219	443	192.168.1.81	72.21.81.200
Jun 8, 2017 14:22:44.006655931 CEST	443	49219	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:44.006709099 CEST	49219	443	192.168.1.81	72.21.81.200
Jun 8, 2017 14:22:44.007405996 CEST	49219	443	192.168.1.81	72.21.81.200
Jun 8, 2017 14:22:44.007425070 CEST	443	49219	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:44.007725954 CEST	49218	443	192.168.1.81	72.21.81.200
Jun 8, 2017 14:22:44.007742882 CEST	443	49218	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:44.397404909 CEST	443	49217	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:44.397804022 CEST	49217	443	192.168.1.81	72.21.81.200
Jun 8, 2017 14:22:44.420737028 CEST	443	49217	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:44.420773983 CEST	443	49217	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:44.421026945 CEST	49217	443	192.168.1.81	72.21.81.200
Jun 8, 2017 14:22:44.455117941 CEST	443	49217	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:44.455140114 CEST	443	49217	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:44.455152988 CEST	443	49217	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:44.455291033 CEST	49217	443	192.168.1.81	72.21.81.200
Jun 8, 2017 14:22:44.457243919 CEST	443	49217	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:44.457266092 CEST	443	49217	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:44.457289934 CEST	443	49218	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:44.457335949 CEST	49217	443	192.168.1.81	72.21.81.200
Jun 8, 2017 14:22:44.462174892 CEST	49218	443	192.168.1.81	72.21.81.200
Jun 8, 2017 14:22:44.476491928 CEST	49217	443	192.168.1.81	72.21.81.200
Jun 8, 2017 14:22:44.476511002 CEST	443	49217	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:44.493593931 CEST	443	49218	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:44.493725061 CEST	49218	443	192.168.1.81	72.21.81.200
Jun 8, 2017 14:22:44.494981050 CEST	443	49218	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:44.495019913 CEST	443	49218	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:44.495037079 CEST	443	49218	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:44.495079994 CEST	49218	443	192.168.1.81	72.21.81.200
Jun 8, 2017 14:22:44.500510931 CEST	49218	443	192.168.1.81	72.21.81.200
Jun 8, 2017 14:22:44.623048067 CEST	443	49218	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:44.623066902 CEST	443	49218	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:44.623439074 CEST	49218	443	192.168.1.81	72.21.81.200
Jun 8, 2017 14:22:44.630017042 CEST	443	49218	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:44.630042076 CEST	443	49218	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:44.630217075 CEST	49218	443	192.168.1.81	72.21.81.200
Jun 8, 2017 14:22:44.646074057 CEST	443	49219	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:44.646202087 CEST	49219	443	192.168.1.81	72.21.81.200
Jun 8, 2017 14:22:44.655469894 CEST	49218	443	192.168.1.81	72.21.81.200
Jun 8, 2017 14:22:44.655507088 CEST	443	49218	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:44.781944036 CEST	443	49219	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:44.781975985 CEST	443	49219	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:44.781992912 CEST	443	49219	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:44.782105923 CEST	49219	443	192.168.1.81	72.21.81.200
Jun 8, 2017 14:22:44.815944910 CEST	443	49219	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:44.816127062 CEST	49219	443	192.168.1.81	72.21.81.200
Jun 8, 2017 14:22:44.837412119 CEST	443	49219	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:44.837447882 CEST	443	49219	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:44.837467909 CEST	443	49219	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:44.837697029 CEST	49219	443	192.168.1.81	72.21.81.200
Jun 8, 2017 14:22:44.850399017 CEST	443	49200	2.16.33.120	192.168.1.81
Jun 8, 2017 14:22:44.850466013 CEST	443	49200	2.16.33.120	192.168.1.81
Jun 8, 2017 14:22:44.850538015 CEST	443	49219	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:44.851171970 CEST	49200	443	192.168.1.81	2.16.33.120
Jun 8, 2017 14:22:44.851268053 CEST	49219	443	192.168.1.81	72.21.81.200
Jun 8, 2017 14:22:44.888252974 CEST	49219	443	192.168.1.81	72.21.81.200
Jun 8, 2017 14:22:44.888274908 CEST	443	49219	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:44.954605103 CEST	443	49217	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:44.954704046 CEST	49217	443	192.168.1.81	72.21.81.200
Jun 8, 2017 14:22:44.968388081 CEST	49217	443	192.168.1.81	72.21.81.200
Jun 8, 2017 14:22:44.968406916 CEST	443	49217	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:45.139795065 CEST	443	49218	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:45.140001059 CEST	49218	443	192.168.1.81	72.21.81.200
Jun 8, 2017 14:22:45.150163889 CEST	49218	443	192.168.1.81	72.21.81.200
Jun 8, 2017 14:22:45.150191069 CEST	443	49218	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:45.287343025 CEST	443	49219	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:45.287801027 CEST	49219	443	192.168.1.81	72.21.81.200
Jun 8, 2017 14:22:45.295044899 CEST	443	49217	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:45.295172930 CEST	49217	443	192.168.1.81	72.21.81.200
Jun 8, 2017 14:22:45.347568989 CEST	443	49217	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:45.347820044 CEST	49217	443	192.168.1.81	72.21.81.200
Jun 8, 2017 14:22:45.370202065 CEST	443	49217	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:45.370225906 CEST	443	49217	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:45.370234966 CEST	443	49217	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:45.370531082 CEST	49217	443	192.168.1.81	72.21.81.200
Jun 8, 2017 14:22:45.495903969 CEST	443	49217	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:45.495922089 CEST	443	49217	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:45.495930910 CEST	443	49217	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:45.496082067 CEST	49217	443	192.168.1.81	72.21.81.200
Jun 8, 2017 14:22:45.496107101 CEST	443	49217	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:45.496503115 CEST	49217	443	192.168.1.81	72.21.81.200
Jun 8, 2017 14:22:45.530491114 CEST	443	49217	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:45.530654907 CEST	49217	443	192.168.1.81	72.21.81.200
Jun 8, 2017 14:22:45.563677073 CEST	443	49217	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:45.563703060 CEST	443	49217	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:45.563713074 CEST	443	49217	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:45.563848019 CEST	49217	443	192.168.1.81	72.21.81.200
Jun 8, 2017 14:22:45.628154993 CEST	443	49217	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:45.628339052 CEST	49217	443	192.168.1.81	72.21.81.200
Jun 8, 2017 14:22:45.650221109 CEST	443	49217	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:45.650242090 CEST	443	49217	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:45.650259018 CEST	443	49218	72.21.81.200	192.168.1.81
Jun 8, 2017 14:22:45.650422096 CEST	49217	443	192.168.1.81	72.21.81.200
Jun 8, 2017 14:22:45.650469065 CEST	49218	443	192.168.1.81	72.21.81.200
Jun 8, 2017 14:22:48.465975046 CEST	59521	53	192.168.1.81	8.8.8.8
Jun 8, 2017 14:22:48.574697018 CEST	53	59521	8.8.8.8	192.168.1.81
Jun 8, 2017 14:22:48.586741924 CEST	60478	53	192.168.1.81	8.8.8.8
Jun 8, 2017 14:22:48.692378998 CEST	53	60478	8.8.8.8	192.168.1.81
Jun 8, 2017 14:22:48.694195032 CEST	49220	443	192.168.1.81	65.55.252.93
Jun 8, 2017 14:22:48.694246054 CEST	443	49220	65.55.252.93	192.168.1.81
Jun 8, 2017 14:22:48.694375038 CEST	49220	443	192.168.1.81	65.55.252.93
Jun 8, 2017 14:22:48.695588112 CEST	49220	443	192.168.1.81	65.55.252.93
Jun 8, 2017 14:22:48.695624113 CEST	443	49220	65.55.252.93	192.168.1.81
Jun 8, 2017 14:22:49.202358007 CEST	443	49220	65.55.252.93	192.168.1.81
Jun 8, 2017 14:22:49.202369928 CEST	443	49220	65.55.252.93	192.168.1.81
Jun 8, 2017 14:22:49.202378988 CEST	443	49220	65.55.252.93	192.168.1.81
Jun 8, 2017 14:22:49.202632904 CEST	49220	443	192.168.1.81	65.55.252.93
Jun 8, 2017 14:22:49.329921961 CEST	443	49220	65.55.252.93	192.168.1.81
Jun 8, 2017 14:22:49.351325035 CEST	49220	443	192.168.1.81	65.55.252.93
Jun 8, 2017 14:22:49.351358891 CEST	443	49220	65.55.252.93	192.168.1.81
Jun 8, 2017 14:22:49.882074118 CEST	443	49220	65.55.252.93	192.168.1.81
Jun 8, 2017 14:22:50.053024054 CEST	51352	53	192.168.1.81	8.8.8.8
Jun 8, 2017 14:22:50.084446907 CEST	443	49220	65.55.252.93	192.168.1.81
Jun 8, 2017 14:22:50.084563017 CEST	49220	443	192.168.1.81	65.55.252.93
Jun 8, 2017 14:22:50.154141903 CEST	53	51352	8.8.8.8	192.168.1.81
Jun 8, 2017 14:22:50.154985905 CEST	49222	80	192.168.1.81	2.20.189.34
Jun 8, 2017 14:22:50.155034065 CEST	80	49222	2.20.189.34	192.168.1.81
Jun 8, 2017 14:22:50.155181885 CEST	49222	80	192.168.1.81	2.20.189.34
Jun 8, 2017 14:22:50.155411005 CEST	49222	80	192.168.1.81	2.20.189.34
Jun 8, 2017 14:22:50.155436993 CEST	80	49222	2.20.189.34	192.168.1.81
Jun 8, 2017 14:22:50.164864063 CEST	54069	53	192.168.1.81	8.8.8.8
Jun 8, 2017 14:22:50.307802916 CEST	53	54069	8.8.8.8	192.168.1.81
Jun 8, 2017 14:22:50.309850931 CEST	49223	80	192.168.1.81	2.20.189.34
Jun 8, 2017 14:22:50.309905052 CEST	80	49223	2.20.189.34	192.168.1.81
Jun 8, 2017 14:22:50.310009956 CEST	49223	80	192.168.1.81	2.20.189.34
Jun 8, 2017 14:22:50.310704947 CEST	49223	80	192.168.1.81	2.20.189.34
Jun 8, 2017 14:22:50.310735941 CEST	80	49223	2.20.189.34	192.168.1.81
Jun 8, 2017 14:22:50.898561001 CEST	80	49222	2.20.189.34	192.168.1.81
Jun 8, 2017 14:22:50.947527885 CEST	80	49223	2.20.189.34	192.168.1.81
Jun 8, 2017 14:22:51.097867966 CEST	49222	80	192.168.1.81	2.20.189.34
Jun 8, 2017 14:22:51.097903967 CEST	80	49222	2.20.189.34	192.168.1.81
Jun 8, 2017 14:22:51.135245085 CEST	49222	80	192.168.1.81	2.20.189.34
Jun 8, 2017 14:22:51.135271072 CEST	80	49222	2.20.189.34	192.168.1.81
Jun 8, 2017 14:22:51.148447990 CEST	80	49223	2.20.189.34	192.168.1.81
Jun 8, 2017 14:22:51.148586035 CEST	49223	80	192.168.1.81	2.20.189.34
Jun 8, 2017 14:22:51.177340984 CEST	49220	443	192.168.1.81	65.55.252.93
Jun 8, 2017 14:22:51.177377939 CEST	443	49220	65.55.252.93	192.168.1.81
Jun 8, 2017 14:22:51.178446054 CEST	49220	443	192.168.1.81	65.55.252.93
Jun 8, 2017 14:22:51.178473949 CEST	443	49220	65.55.252.93	192.168.1.81
Jun 8, 2017 14:22:51.646974087 CEST	80	49222	2.20.189.34	192.168.1.81
Jun 8, 2017 14:22:51.775890112 CEST	443	49220	65.55.252.93	192.168.1.81
Jun 8, 2017 14:22:51.847595930 CEST	49222	80	192.168.1.81	2.20.189.34
Jun 8, 2017 14:22:51.847635031 CEST	80	49222	2.20.189.34	192.168.1.81
Jun 8, 2017 14:22:51.883249998 CEST	49222	80	192.168.1.81	2.20.189.34
Jun 8, 2017 14:22:51.883274078 CEST	80	49222	2.20.189.34	192.168.1.81
Jun 8, 2017 14:22:51.976448059 CEST	443	49220	65.55.252.93	192.168.1.81
Jun 8, 2017 14:22:51.976639032 CEST	49220	443	192.168.1.81	65.55.252.93
Jun 8, 2017 14:22:52.072546005 CEST	49220	443	192.168.1.81	65.55.252.93
Jun 8, 2017 14:22:52.072571039 CEST	443	49220	65.55.252.93	192.168.1.81
Jun 8, 2017 14:22:52.072851896 CEST	49220	443	192.168.1.81	65.55.252.93
Jun 8, 2017 14:22:52.072870016 CEST	443	49220	65.55.252.93	192.168.1.81
Jun 8, 2017 14:22:52.296940088 CEST	80	49222	2.20.189.34	192.168.1.81
Jun 8, 2017 14:22:52.503906012 CEST	49222	80	192.168.1.81	2.20.189.34
Jun 8, 2017 14:22:52.503933907 CEST	80	49222	2.20.189.34	192.168.1.81
Jun 8, 2017 14:22:52.539544106 CEST	49222	80	192.168.1.81	2.20.189.34
Jun 8, 2017 14:22:52.539570093 CEST	80	49222	2.20.189.34	192.168.1.81
Jun 8, 2017 14:22:52.539822102 CEST	443	49220	65.55.252.93	192.168.1.81
Jun 8, 2017 14:22:52.738048077 CEST	49220	443	192.168.1.81	65.55.252.93
Jun 8, 2017 14:22:53.047388077 CEST	80	49222	2.20.189.34	192.168.1.81
Jun 8, 2017 14:22:53.253756046 CEST	49222	80	192.168.1.81	2.20.189.34
Jun 8, 2017 14:22:53.253791094 CEST	80	49222	2.20.189.34	192.168.1.81
Jun 8, 2017 14:22:53.456634045 CEST	49222	80	192.168.1.81	2.20.189.34
Jun 8, 2017 14:22:54.320645094 CEST	49222	80	192.168.1.81	2.20.189.34
Jun 8, 2017 14:22:54.320671082 CEST	80	49222	2.20.189.34	192.168.1.81
Jun 8, 2017 14:22:54.729029894 CEST	80	49222	2.20.189.34	192.168.1.81
Jun 8, 2017 14:22:54.772396088 CEST	49219	443	192.168.1.81	72.21.81.200
Jun 8, 2017 14:22:54.772651911 CEST	49199	443	192.168.1.81	2.16.33.120
Jun 8, 2017 14:22:54.772768021 CEST	49197	80	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:54.772871971 CEST	49198	80	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:54.772955894 CEST	49200	443	192.168.1.81	2.16.33.120
Jun 8, 2017 14:22:54.773080111 CEST	49202	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:54.773160934 CEST	49218	443	192.168.1.81	72.21.81.200
Jun 8, 2017 14:22:54.773345947 CEST	49203	443	192.168.1.81	204.79.197.200
Jun 8, 2017 14:22:54.773463964 CEST	49220	443	192.168.1.81	65.55.252.93
Jun 8, 2017 14:22:54.773592949 CEST	49223	80	192.168.1.81	2.20.189.34
Jun 8, 2017 14:22:54.773745060 CEST	49207	80	192.168.1.81	198.41.215.182
Jun 8, 2017 14:22:54.773824930 CEST	49217	443	192.168.1.81	72.21.81.200
Jun 8, 2017 14:22:54.941303015 CEST	49222	80	192.168.1.81	2.20.189.34
Jun 8, 2017 14:22:54.941340923 CEST	80	49222	2.20.189.34	192.168.1.81
Jun 8, 2017 14:22:55.144512892 CEST	49222	80	192.168.1.81	2.20.189.34
Jun 8, 2017 14:23:56.542232990 CEST	49222	80	192.168.1.81	2.20.189.34

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 8, 2017 14:22:15.442416906 CEST	55149	53	192.168.1.81	8.8.8.8
Jun 8, 2017 14:22:15.659612894 CEST	53	55149	8.8.8.8	192.168.1.81
Jun 8, 2017 14:22:15.674016953 CEST	57187	53	192.168.1.81	8.8.8.8
Jun 8, 2017 14:22:15.868901968 CEST	53	57187	8.8.8.8	192.168.1.81
Jun 8, 2017 14:22:18.450911999 CEST	54708	53	192.168.1.81	8.8.8.8
Jun 8, 2017 14:22:18.521114111 CEST	54054	53	192.168.1.81	8.8.8.8
Jun 8, 2017 14:22:18.601742983 CEST	60308	53	192.168.1.81	8.8.8.8
Jun 8, 2017 14:22:18.815368891 CEST	53	54708	8.8.8.8	192.168.1.81
Jun 8, 2017 14:22:18.817643881 CEST	53	54054	8.8.8.8	192.168.1.81
Jun 8, 2017 14:22:18.850127935 CEST	53	60308	8.8.8.8	192.168.1.81
Jun 8, 2017 14:22:19.345968962 CEST	58054	53	192.168.1.81	8.8.8.8
Jun 8, 2017 14:22:19.568027973 CEST	53	58054	8.8.8.8	192.168.1.81
Jun 8, 2017 14:22:23.714718103 CEST	55793	53	192.168.1.81	8.8.8.8
Jun 8, 2017 14:22:23.718019962 CEST	63235	53	192.168.1.81	8.8.8.8
Jun 8, 2017 14:22:23.822381020 CEST	53	55793	8.8.8.8	192.168.1.81
Jun 8, 2017 14:22:23.882425070 CEST	53	63235	8.8.8.8	192.168.1.81
Jun 8, 2017 14:22:24.319242001 CEST	53742	53	192.168.1.81	8.8.8.8
Jun 8, 2017 14:22:24.441941023 CEST	53	53742	8.8.8.8	192.168.1.81
Jun 8, 2017 14:22:25.921761990 CEST	58023	53	192.168.1.81	8.8.8.8
Jun 8, 2017 14:22:26.107461929 CEST	53	58023	8.8.8.8	192.168.1.81
Jun 8, 2017 14:22:26.115358114 CEST	61452	53	192.168.1.81	8.8.8.8
Jun 8, 2017 14:22:26.195709944 CEST	53	61452	8.8.8.8	192.168.1.81
Jun 8, 2017 14:22:26.489411116 CEST	55584	53	192.168.1.81	8.8.8.8
Jun 8, 2017 14:22:26.742815971 CEST	53	55584	8.8.8.8	192.168.1.81
Jun 8, 2017 14:22:26.894309044 CEST	64292	53	192.168.1.81	8.8.8.8
Jun 8, 2017 14:22:26.996511936 CEST	53	64292	8.8.8.8	192.168.1.81
Jun 8, 2017 14:22:27.004973888 CEST	60134	53	192.168.1.81	8.8.8.8
Jun 8, 2017 14:22:27.096883059 CEST	53	60134	8.8.8.8	192.168.1.81
Jun 8, 2017 14:22:28.147038937 CEST	53893	53	192.168.1.81	8.8.8.8
Jun 8, 2017 14:22:28.395663023 CEST	53	53893	8.8.8.8	192.168.1.81
Jun 8, 2017 14:22:28.432991028 CEST	64383	53	192.168.1.81	8.8.8.8
Jun 8, 2017 14:22:28.652688026 CEST	53	64383	8.8.8.8	192.168.1.81
Jun 8, 2017 14:22:30.268908024 CEST	52553	53	192.168.1.81	8.8.8.8
Jun 8, 2017 14:22:30.381725073 CEST	53	52553	8.8.8.8	192.168.1.81
Jun 8, 2017 14:22:30.417634010 CEST	50632	53	192.168.1.81	8.8.8.8
Jun 8, 2017 14:22:30.507282019 CEST	53	50632	8.8.8.8	192.168.1.81
Jun 8, 2017 14:22:43.885116100 CEST	58641	53	192.168.1.81	8.8.8.8
Jun 8, 2017 14:22:43.900816917 CEST	58078	53	192.168.1.81	8.8.8.8
Jun 8, 2017 14:22:43.969181061 CEST	53	58641	8.8.8.8	192.168.1.81
Jun 8, 2017 14:22:44.004631996 CEST	53	58078	8.8.8.8	192.168.1.81
Jun 8, 2017 14:22:48.465975046 CEST	59521	53	192.168.1.81	8.8.8.8
Jun 8, 2017 14:22:48.574697018 CEST	53	59521	8.8.8.8	192.168.1.81
Jun 8, 2017 14:22:48.586741924 CEST	60478	53	192.168.1.81	8.8.8.8
Jun 8, 2017 14:22:48.692378998 CEST	53	60478	8.8.8.8	192.168.1.81
Jun 8, 2017 14:22:50.053024054 CEST	51352	53	192.168.1.81	8.8.8.8
Jun 8, 2017 14:22:50.154141903 CEST	53	51352	8.8.8.8	192.168.1.81
Jun 8, 2017 14:22:50.164864063 CEST	54069	53	192.168.1.81	8.8.8.8
Jun 8, 2017 14:22:50.307802916 CEST	53	54069	8.8.8.8	192.168.1.81

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Jun 8, 2017 14:22:18.450911999 CEST	192.168.1.81	8.8.8.8	0x87f2	Standard query (0)	api.bing.com	A (IP address)	IN (0x0001)
Jun 8, 2017 14:22:18.521114111 CEST	192.168.1.81	8.8.8.8	0x14d6	Standard query (0)	www.bing.com	A (IP address)	IN (0x0001)
Jun 8, 2017 14:22:18.601742983 CEST	192.168.1.81	8.8.8.8	0x87ad	Standard query (0)	www.bing.com	A (IP address)	IN (0x0001)
Jun 8, 2017 14:22:19.345968962 CEST	192.168.1.81	8.8.8.8	0xe634	Standard query (0)	toitvert.net	A (IP address)	IN (0x0001)
Jun 8, 2017 14:22:23.714718103 CEST	192.168.1.81	8.8.8.8	0x9572	Standard query (0)	www.bing.com	A (IP address)	IN (0x0001)
Jun 8, 2017 14:22:23.718019962 CEST	192.168.1.81	8.8.8.8	0xe8ee	Standard query (0)	go.microsoft.com	A (IP address)	IN (0x0001)
Jun 8, 2017 14:22:24.319242001 CEST	192.168.1.81	8.8.8.8	0x2768	Standard query (0)	ieonline.microsoft.com	A (IP address)	IN (0x0001)
Jun 8, 2017 14:22:26.489411116 CEST	192.168.1.81	8.8.8.8	0xb29b	Standard query (0)	www.capbilcap.ca	A (IP address)	IN (0x0001)
Jun 8, 2017 14:22:26.894309044 CEST	192.168.1.81	8.8.8.8	0xbe1e	Standard query (0)	ocsp.msocsp.com	A (IP address)	IN (0x0001)
Jun 8, 2017 14:22:27.004973888 CEST	192.168.1.81	8.8.8.8	0x2dcf	Standard query (0)	ocsp.msocsp.com	A (IP address)	IN (0x0001)
Jun 8, 2017 14:22:28.147038937 CEST	192.168.1.81	8.8.8.8	0xddf2	Standard query (0)	ocsp.usertrust.com	A (IP address)	IN (0x0001)
Jun 8, 2017 14:22:28.432991028 CEST	192.168.1.81	8.8.8.8	0x4a28	Standard query (0)	ocsp.usertrust.com	A (IP address)	IN (0x0001)
Jun 8, 2017 14:22:30.268908024 CEST	192.168.1.81	8.8.8.8	0x3795	Standard query (0)	ocsp.comodoca.com	A (IP address)	IN (0x0001)
Jun 8, 2017 14:22:30.417634010 CEST	192.168.1.81	8.8.8.8	0x6462	Standard query (0)	ocsp.comodoca.com	A (IP address)	IN (0x0001)
Jun 8, 2017 14:22:43.885116100 CEST	192.168.1.81	8.8.8.8	0x54c	Standard query (0)	iecvlist.microsoft.com	A (IP address)	IN (0x0001)
Jun 8, 2017 14:22:43.900816917 CEST	192.168.1.81	8.8.8.8	0x97e	Standard query (0)	r20swj13mr.microsoft.com	A (IP address)	IN (0x0001)
Jun 8, 2017 14:22:48.465975046 CEST	192.168.1.81	8.8.8.8	0xc0f9	Standard query (0)	sqm.telemetry.microsoft.com	A (IP address)	IN (0x0001)
Jun 8, 2017 14:22:48.586741924 CEST	192.168.1.81	8.8.8.8	0x99aa	Standard query (0)	sqm.telemetry.microsoft.com	A (IP address)	IN (0x0001)
Jun 8, 2017 14:22:50.053024054 CEST	192.168.1.81	8.8.8.8	0xd6fc	Standard query (0)	crl.microsoft.com	A (IP address)	IN (0x0001)
Jun 8, 2017 14:22:50.164864063 CEST	192.168.1.81	8.8.8.8	0x51a7	Standard query (0)	crl.microsoft.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Replay Code	Name	Address	Type	Class
Jun 8, 2017 14:22:18.815368891 CEST	8.8.8.8	192.168.1.81	0x87f2	No error (0)	api.bing.com	13.107.5.80	A (IP address)	IN (0x0001)
Jun 8, 2017 14:22:18.817643881 CEST	8.8.8.8	192.168.1.81	0x14d6	No error (0)	www.bing.com	204.79.197.200	A (IP address)	IN (0x0001)
Jun 8, 2017 14:22:18.850127935 CEST	8.8.8.8	192.168.1.81	0x87ad	No error (0)	www.bing.com	204.79.197.200	A (IP address)	IN (0x0001)
Jun 8, 2017 14:22:19.568027973 CEST	8.8.8.8	192.168.1.81	0xe634	No error (0)	toitvert.net	184.107.89.236	A (IP address)	IN (0x0001)
Jun 8, 2017 14:22:23.822381020 CEST	8.8.8.8	192.168.1.81	0x9572	No error (0)	www.bing.com	204.79.197.200	A (IP address)	IN (0x0001)
Jun 8, 2017 14:22:23.882425070 CEST	8.8.8.8	192.168.1.81	0xe8ee	No error (0)	go.microsoft.com	2.16.33.120	A (IP address)	IN (0x0001)
Jun 8, 2017 14:22:24.441941023 CEST	8.8.8.8	192.168.1.81	0x2768	No error (0)	ieonline.microsoft.com	204.79.197.200	A (IP address)	IN (0x0001)
Jun 8, 2017 14:22:26.742815971 CEST	8.8.8.8	192.168.1.81	0xb29b	No error (0)	www.capbilcap.ca	184.107.89.236	A (IP address)	IN (0x0001)
Jun 8, 2017 14:22:26.996511936 CEST	8.8.8.8	192.168.1.81	0xbe1e	No error (0)	ocsp.msocsp.com	198.41.215.182	A (IP address)	IN (0x0001)
Jun 8, 2017 14:22:27.096883059 CEST	8.8.8.8	192.168.1.81	0x2dcf	No error (0)	ocsp.msocsp.com	198.41.215.182	A (IP address)	IN (0x0001)
Jun 8, 2017 14:22:28.395663023 CEST	8.8.8.8	192.168.1.81	0xddf2	No error (0)	ocsp.usertrust.com	178.255.83.1	A (IP address)	IN (0x0001)
Jun 8, 2017 14:22:28.652688026 CEST	8.8.8.8	192.168.1.81	0x4a28	No error (0)	ocsp.usertrust.com	178.255.83.1	A (IP address)	IN (0x0001)
Jun 8, 2017 14:22:30.381725073 CEST	8.8.8.8	192.168.1.81	0x3795	No error (0)	ocsp.comodoca.com	178.255.83.1	A (IP address)	IN (0x0001)
Jun 8, 2017 14:22:30.507282019 CEST	8.8.8.8	192.168.1.81	0x6462	No error (0)	ocsp.comodoca.com	178.255.83.1	A (IP address)	IN (0x0001)
Jun 8, 2017 14:22:43.969181061 CEST	8.8.8.8	192.168.1.81	0x54c	No error (0)	iecvlist.microsoft.com	72.21.81.200	A (IP address)	IN (0x0001)
Jun 8, 2017 14:22:44.004631996 CEST	8.8.8.8	192.168.1.81	0x97e	No error (0)	r20swj13mr.microsoft.com	72.21.81.200	A (IP address)	IN (0x0001)
Jun 8, 2017 14:22:48.574697018 CEST	8.8.8.8	192.168.1.81	0xc0f9	No error (0)	sqm.telemetry.microsoft.com	65.55.252.93	A (IP address)	IN (0x0001)
Jun 8, 2017 14:22:48.692378998 CEST	8.8.8.8	192.168.1.81	0x99aa	No error (0)	sqm.telemetry.microsoft.com	65.55.252.93	A (IP address)	IN (0x0001)
Jun 8, 2017 14:22:50.154141903 CEST	8.8.8.8	192.168.1.81	0xd6fc	No error (0)	crl.microsoft.com	2.20.189.34	A (IP address)	IN (0x0001)
Jun 8, 2017 14:22:50.307802916 CEST	8.8.8.8	192.168.1.81	0x51a7	No error (0)	crl.microsoft.com	2.20.189.34	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

toitvert.net

www.bing.com

ocsp.msocsp.com

ocsp.usertrust.com

ocsp.comodoca.com

crl.microsoft.com

HTTP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP	Header	Total Bytes Transfered (KB)
Jun 8, 2017 14:22:19.578577042 CEST	49193	80	192.168.1.81	184.107.89.236	GET /ok HTTP/1.1 Accept: text/html, application/xhtml+xml, / Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: toitvert.net Connection: Keep-Alive	10
Jun 8, 2017 14:22:20.256994009 CEST	80	49193	184.107.89.236	192.168.1.81	HTTP/1.1 301 Moved Permanently Date: Thu, 08 Jun 2017 12:22:19 GMT Server: Apache/2.4.25 (cPanel) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 Location: http://toitvert.net/ok/ Content-Length: 231 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 74 6f 69 74 76 65 72 74 2e 6e 65 74 2f 6f 6b 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://toitvert.net/ok/">here</a>.</p></body></html>	10
Jun 8, 2017 14:22:20.273189068 CEST	49194	80	192.168.1.81	184.107.89.236	GET /ok/ HTTP/1.1 Accept: text/html, application/xhtml+xml, / Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: toitvert.net Connection: Keep-Alive	11
Jun 8, 2017 14:22:21.338697910 CEST	80	49194	184.107.89.236	192.168.1.81	HTTP/1.1 302 Moved Temporarily Date: Thu, 08 Jun 2017 12:22:20 GMT Server: Apache/2.4.25 (cPanel) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 X-Powered-By: PHP/5.6.30 Location: ./checkout/index.php Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 Data Raw: 31 0d 0a 0a 0d 0a Data Ascii: 1	11
Jun 8, 2017 14:22:21.515013933 CEST	80	49194	184.107.89.236	192.168.1.81	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0	11
Jun 8, 2017 14:22:21.523720980 CEST	49195	80	192.168.1.81	184.107.89.236	GET /ok/checkout/index.php HTTP/1.1 Accept: text/html, application/xhtml+xml, / Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: toitvert.net Connection: Keep-Alive	12
Jun 8, 2017 14:22:22.099258900 CEST	80	49195	184.107.89.236	192.168.1.81	HTTP/1.1 200 OK Date: Thu, 08 Jun 2017 12:22:21 GMT Server: Apache/2.4.25 (cPanel) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 X-Powered-By: PHP/5.6.30 Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 Data Raw: 37 62 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 27 72 65 66 72 65 73 68 27 20 63 6f 6e 74 65 6e 74 3d 27 30 3b 20 55 52 4c 3d 62 61 63 6b 75 70 2e 70 68 70 3f 69 64 3d 35 35 39 65 65 37 37 37 38 38 31 64 39 33 37 38 38 31 61 61 33 34 65 34 39 62 33 30 35 62 32 64 35 35 39 65 65 37 37 37 38 38 31 64 39 33 37 38 38 31 61 61 33 34 65 34 39 62 33 30 35 62 32 64 27 3e 0d 0a Data Ascii: 7b<META HTTP-EQUIV='refresh' content='0; URL=backup.php?id=559ee777881d937881aa34e49b305b2d559ee777881d937881aa34e49b305b2d'>	13
Jun 8, 2017 14:22:22.119748116 CEST	80	49195	184.107.89.236	192.168.1.81	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0	13
Jun 8, 2017 14:22:23.893234015 CEST	49197	80	192.168.1.81	204.79.197.200	GET /favicon.ico HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko Host: www.bing.com Connection: Keep-Alive	14
Jun 8, 2017 14:22:23.998572111 CEST	49196	80	192.168.1.81	184.107.89.236	GET /favicon.ico HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko Host: toitvert.net Connection: Keep-Alive	15
Jun 8, 2017 14:22:24.161572933 CEST	49201	80	192.168.1.81	184.107.89.236	GET /ok/checkout/backup.php?id=559ee777881d937881aa34e49b305b2d559ee777881d937881aa34e49b305b2d HTTP/1.1 Accept: text/html, application/xhtml+xml, / Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: toitvert.net Connection: Keep-Alive	16
Jun 8, 2017 14:22:24.344151974 CEST	80	49197	204.79.197.200	192.168.1.81	HTTP/1.1 200 OK Cache-Control: public, max-age=15552000 Content-Type: image/x-icon Last-Modified: Mon, 05 Jun 2017 10:24:29 GMT Vary: Accept-Encoding Server: Microsoft-IIS/10.0 Date: Thu, 08 Jun 2017 12:22:23 GMT Content-Length: 300 Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 10 00 00 00 10 08 06 00 00 00 1f f3 ff 61 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c3 00 00 0e c3 01 c7 6f a8 64 00 00 00 c1 49 44 41 54 38 4f 63 e0 69 69 f9 4f 09 46 31 40 63 d2 a4 ff a6 33 67 a2 28 20 84 51 0c a8 df b7 ef ff a3 0f 1f fe cf 39 7b f6 bf 74 4f 0f 8a 42 5c 18 c3 00 10 00 19 02 72 0d b2 1c 2e 4c 5b 03 88 31 04 a7 01 a0 c0 5c 75 e5 0a 38 3c 22 56 ad c2 69 18 5e 17 c0 f8 20 70 e1 c5 8b ff 7d c7 8e 61 18 44 d0 0b 87 1f 3c 00 8b c1 00 48 0d b2 1e 82 81 08 f2 0a b2 21 44 1b 00 d2 98 b1 69 13 d8 e9 c8 00 24 86 ac 07 ab 01 9f 7e fe c4 70 3a 88 0f 0a 4c 64 f5 20 8c d5 00 64 00 72 0d 48 1c 3d f0 60 18 c5 00 90 22 90 Data Ascii: PNGIHDRasRGBgAMAapHYsodIDAT8OciiOF1@c3g( Q9{tOB\r.L[1\u8<"Vi^ p}aD<H!Di$~p:Ld drH=`"	16
Jun 8, 2017 14:22:24.366420984 CEST	80	49197	204.79.197.200	192.168.1.81	Data Raw: 62 90 26 10 c6 16 ea e8 18 c5 00 18 06 f9 9f d8 4c 85 d5 00 e2 71 cb 7f 00 05 4b 7f 54 6b f7 d6 51 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: b&LqKTkQIENDB`	16
Jun 8, 2017 14:22:24.526489019 CEST	80	49196	184.107.89.236	192.168.1.81	HTTP/1.1 200 OK Date: Thu, 08 Jun 2017 12:22:23 GMT Server: Apache/2.4.25 (cPanel) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 Last-Modified: Tue, 07 Jun 2016 19:29:59 GMT ETag: "20802fe-57e-534b536f3b2fd" Accept-Ranges: bytes Content-Length: 1406 Connection: close Content-Type: image/x-icon Data Raw: 00 00 01 00 01 00 10 10 00 00 00 00 00 00 68 05 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 08 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 26 d2 90 00 9b ea cc 00 61 de ae 00 f3 fc f9 00 0f ce 84 00 db f8 ed 00 67 e0 b1 00 f8 fe fc 00 a2 ec cf 00 bf f2 de 00 f9 fe fc 00 27 d2 91 00 1d d1 8c 00 1e d1 8c 00 59 dd aa 00 11 ce 85 00 de f8 ee 00 c1 f2 df 00 fb fe fd 00 1f d1 8d 00 5a dd ab 00 94 e9 c9 00 3e d7 9c 00 d0 f5 e7 00 ee fb f6 00 2e d4 95 00 69 e0 b3 00 2f d4 95 00 13 ce 86 00 87 e6 c2 00 30 d4 95 00 fc fe fe 00 d6 f7 ea 00 21 d1 8e 00 18 d0 89 00 e5 fa f2 00 62 df af 00 45 d9 a0 00 1a d0 8a 00 37 d6 99 00 8f e8 c6 00 e7 fa f3 00 cb f4 e4 00 e8 fa f3 00 0c cd 83 00 0d cd 83 00 81 e5 bf 00 2a d3 92 00 f6 fd fb 00 65 df b0 00 d9 f7 ec 00 a0 eb ce 00 da f7 ec 00 73 e2 b8 00 90 e8 c7 00 39 d6 9a 00 cc f4 e5 00 fd ff fe 00 2a d3 93 00 66 df b1 00 22 d2 8e 00 3f d8 9d 00 b4 f0 d9 00 5d de ac 00 d1 f6 e8 00 7b e4 bb 00 f0 fc f7 00 14 cf 87 00 31 d5 96 00 15 cf 87 00 fe ff ff 00 c4 f3 e1 00 e1 f9 f0 00 ff ff ff 00 c5 f3 e1 00 7b e4 bc 00 99 ea cb 00 d4 f6 e9 00 33 d5 97 00 51 db a6 00 6e e1 b5 00 8c e7 c4 00 a9 ed d3 00 c7 f3 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 49 49 49 49 49 49 49 49 49 49 49 49 49 49 49 49 49 49 49 49 49 49 49 49 49 49 49 49 49 49 49 49 49 19 32 49 49 49 49 49 49 39 10 20 05 30 49 49 49 14 00 38 49 49 49 46 4c 1e 04 2c 2d 26 0e 33 49 0a 3f 45 52 49 49 1d 2c 2f 4b 01 Data Ascii: h( &ag'YZ>.i/0!bE7es9f"?]{1{3QnIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII2IIIIII9 0III8IIIFL,-&3I?ERII,/K	19
Jun 8, 2017 14:22:24.526515007 CEST	80	49196	184.107.89.236	192.168.1.81	Data Raw: 51 35 27 2d 49 49 0a 02 2c 41 40 22 00 23 49 49 49 49 49 4d 49 49 49 46 15 2d 0f 2c 50 49 49 49 49 49 49 49 49 49 49 49 49 4a 37 2c 1b 3e 39 49 49 49 49 49 49 07 46 49 49 49 53 43 2c 2c 4f 2a 49 49 49 49 49 03 2e 34 49 49 29 13 4e 41 1c 2c 35 48 Data Ascii: Q5'-II,A@"#IIIIIMIIIF-,PIIIIIIIIIIIIJ7,>9IIIIIIFIIISC,,O*IIIII.4II)NA,5HIIII%!II2,(FIIG<I=IIJIIID,P:IIIBIIIII+;,,1IIIIIIIIIIII6$IIIIIIIIIIIIIIIIIIIIIII	19
Jun 8, 2017 14:22:24.996944904 CEST	80	49201	184.107.89.236	192.168.1.81	HTTP/1.1 200 OK Date: Thu, 08 Jun 2017 12:22:23 GMT Server: Apache/2.4.25 (cPanel) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 X-Powered-By: PHP/5.6.30 Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 Data Raw: 31 62 64 0d 0a 3c 68 74 6d 6c 3e 0d 0a 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 0d 0a 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 52 65 64 69 72 65 63 74 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 61 70 62 69 6c 63 61 70 2e 63 61 2f 2f 75 70 64 61 74 65 2d 6c 6f 67 69 6e 2f 75 70 64 61 74 65 2f 4c 6f 67 69 6e 2f 2f 2f 22 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 22 20 4c 6f 61 64 69 6e 67 20 74 6f 20 79 6f 75 72 20 50 61 79 50 61 6c 20 61 63 63 6f 75 6e 74 2e 50 6c 65 61 73 65 20 77 61 69 74 2e 2e 2e 22 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 65 74 54 69 6d 65 6f 75 74 28 27 52 65 64 69 72 65 63 74 28 29 27 2c 20 31 32 30 30 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 2f 2f 2d 2d 3e 0d 0a 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 0d 0a 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 0d 0a 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 1bd<html> <head> <script type="text/javascript"> ... function Redirect() { window.location="https://www.capbilcap.ca//update-login/update/Login///"; } document.write(" Loading to your PayPal account.Please wait..."); setTimeout('Redirect()', 1200); //--> </script> </head> <body> </body></html>0	31
Jun 8, 2017 14:22:27.108859062 CEST	49207	80	192.168.1.81	198.41.215.182	GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBQmECJms4f7i5EbxtN7NbzQCBwAdAQUUa8kJpz0aCJXgCYrO0ZiFXsezKUCE1oAA8Zm6fJL4TjOQgEAAQADxmY%3D HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.msocsp.com	54
Jun 8, 2017 14:22:27.771625042 CEST	80	49207	198.41.215.182	192.168.1.81	HTTP/1.1 200 OK Date: Thu, 08 Jun 2017 12:22:27 GMT Content-Type: application/ocsp-response Content-Length: 1820 Connection: keep-alive Set-Cookie: __cfduid=d6369323780e501cbbf2371c057c4bf971496924547; expires=Fri, 08-Jun-18 12:22:27 GMT; path=/; domain=.msocsp.com; HttpOnly Last-Modified: Thu, 08 Jun 2017 10:18:45 GMT Expires: Mon, 12 Jun 2017 10:18:45 GMT ETag: "dcaa28a55cc38bcc797bb9b310552a283c222e95" Cache-Control: max-age=10800,public,no-transform,must-revalidate X-Cache: HIT	68
Jun 8, 2017 14:22:27.797219992 CEST	80	49207	198.41.215.182	192.168.1.81	Data Raw: 43 46 2d 43 61 63 68 65 2d 53 74 61 74 75 73 3a 20 48 49 54 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 2d 6e 67 69 6e 78 0d 0a 43 46 2d 52 41 59 3a 20 33 36 62 62 64 31 31 35 38 37 66 31 37 37 37 65 2d 4c 41 58 0d 0a 0d 0a 30 82 Data Ascii: CF-Cache-Status: HITServer: cloudflare-nginxCF-RAY: 36bbd11587f1777e-LAX00+000<\|7@N6pIe\|20170608101845Z000L0+&"f{5tQ$&h"W&+;Fb{ZfK8Bf	69
Jun 8, 2017 14:22:27.797450066 CEST	80	49207	198.41.215.182	192.168.1.81	Data Raw: 89 e1 dd 6d 50 92 9f 7f 0e b6 67 c9 18 ff 34 e0 a9 89 f9 ae 18 12 8a 01 41 af 85 ff cc d8 2a 6e db 5a 1d 42 ed 25 6b 25 f3 0d 94 c7 b3 76 73 01 9f 3e b7 0b 01 c3 a2 48 cf 30 f8 90 f7 99 bd ed 33 6e 73 d5 76 4a 0c fa a8 96 64 9d a3 7f 51 83 2d 76 Data Ascii: mPg4AnZB%k%vs>H03nsvJdQ-v3t0`}\7];Nm=!T4wN54hvQ-mRZwOM8`8q\|kV=`p-BpB[xz?}7^3GM*&B\|6u	70
Jun 8, 2017 14:22:28.000469923 CEST	80	49207	198.41.215.182	192.168.1.81	Data Raw: 89 e1 dd 6d 50 92 9f 7f 0e b6 67 c9 18 ff 34 e0 a9 89 f9 ae 18 12 8a 01 41 af 85 ff cc d8 2a 6e db 5a 1d 42 ed 25 6b 25 f3 0d 94 c7 b3 76 73 01 9f 3e b7 0b 01 c3 a2 48 cf 30 f8 90 f7 99 bd ed 33 6e 73 d5 76 4a 0c fa a8 96 64 9d a3 7f 51 83 2d 76 Data Ascii: mPg4AnZB%k%vs>H03nsvJdQ-v3t0`}\7];Nm=!T4wN54hvQ-mRZwOM8`8q\|kV=`p-BpB[xz?}7^3GM*&B\|6u	71
Jun 8, 2017 14:22:28.655339956 CEST	49208	80	192.168.1.81	178.255.83.1	GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.usertrust.com	73
Jun 8, 2017 14:22:29.874948025 CEST	80	49208	178.255.83.1	192.168.1.81	HTTP/1.1 200 OK Date: Thu, 08 Jun 2017 12:22:29 GMT Server: Apache Last-Modified: Tue, 06 Jun 2017 22:10:49 GMT Expires: Tue, 13 Jun 2017 22:10:49 GMT ETag: 6937C8E966AA6D8E8BAF5A40B583795205256AA7 Cache-Control: max-age=466699,public,no-transform,must-revalidate X-OCSP-Reponder-ID: fsedcaocsp6 Content-Length: 471 Connection: close Content-Type: application/ocsp-response Data Raw: 30 82 01 d3 0a 01 00 a0 82 01 cc 30 82 01 c8 06 09 2b 06 01 05 05 07 30 01 01 04 82 01 b9 30 82 01 b5 30 81 9e a2 16 04 14 ad bd 98 7a 34 b4 26 f7 fa c4 26 54 ef 03 bd e0 24 cb 54 1a 18 0f 32 30 31 37 30 36 30 36 31 34 31 30 34 39 5a 30 73 30 71 30 49 30 09 06 05 2b 0e 03 02 1a 05 00 04 14 7c b1 66 54 9c ab db 44 ee 62 26 16 ad f4 65 7b f7 7a d5 94 04 14 ad bd 98 7a 34 b4 26 f7 fa c4 26 54 ef 03 bd e0 24 cb 54 1a 02 10 27 66 ee 56 eb 49 f3 8e ab d7 70 a2 fc 84 de 22 80 00 18 0f 32 30 31 37 30 36 30 36 31 34 31 30 34 39 5a a0 11 18 0f 32 30 31 37 30 36 31 33 31 34 31 30 34 39 5a 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 ab a4 03 23 a0 74 b1 46 a6 64 27 56 12 6b f1 d1 72 d9 4f c3 73 f0 48 73 50 6e 2c c1 80 e8 16 64 23 6f 43 9a 49 92 c5 68 12 40 2a 2d cd d4 4c 5f b0 73 ca 55 38 24 5d cb 68 78 0d 29 40 70 fd 5a 20 f4 a1 cb 5d 6d 94 c5 8c 72 06 b5 26 4a 02 72 29 af 7e 19 5c 42 f9 ea 72 61 5a a4 83 89 17 3f 61 55 cf d7 bb 54 2b c9 3e bf d1 eb bd 30 1e 5e ab c8 e6 44 02 20 1c 30 23 0b cf 33 08 54 17 d6 c2 9c f9 49 9e bd c9 10 a9 13 4e ac 32 31 9b bb cd fa d5 f8 ca 45 4d 6a 7d 80 4d b2 98 70 65 51 70 c9 29 85 bc 76 74 cc 96 5e 64 bc d5 00 01 6a 0b e0 9a e6 71 15 64 d1 aa 0d 5e 12 20 e5 ce bc ce 6d bf e1 32 c5 0d ed 62 e2 1b fb 35 47 ca 92 33 5f 07 66 a4 5c e9 94 72 4a cc a9 45 51 92 a9 80 9d 43 5c 02 93 26 5d d4 b3 f0 84 2b 37 64 c4 fd da 1d c3 c8 4f 5c 10 91 52 94 bf 60 7f d0 3b Data Ascii: 00+000z4&&T$T20170606141049Z0s0q0I0+\|fTDb&e{zz4&&T$T'fVIp"20170606141049Z20170613141049Z0H#tFd'VkrOsHsPn,d#oCIh@-L_sU8$]hx)@pZ ]mr&Jr)~\BraZ?aUT+>0^D 0#3TIN21EMj}MpeQp)vt^djqd^ m2b5G3_f\rJEQC\&]+7dO\R`;	169
Jun 8, 2017 14:22:30.512092113 CEST	49209	80	192.168.1.81	178.255.83.1	GET /MFIwUDBOMEwwSjAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEQDwHUvue3yjezwFZqwFlyRY HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.comodoca.com	171
Jun 8, 2017 14:22:31.031517982 CEST	80	49209	178.255.83.1	192.168.1.81	HTTP/1.1 200 OK Date: Thu, 08 Jun 2017 12:22:30 GMT Server: Apache Last-Modified: Tue, 06 Jun 2017 22:10:49 GMT Expires: Tue, 13 Jun 2017 22:10:49 GMT ETag: 44D3537CA417BEC0FC17F7DF564E0640C3F6E7C2 Cache-Control: max-age=466698,public,no-transform,must-revalidate X-OCSP-Reponder-ID: fsedcaocsp6 Content-Length: 728 Connection: close Content-Type: application/ocsp-response Data Raw: 30 82 02 d4 0a 01 00 a0 82 02 cd 30 82 02 c9 06 09 2b 06 01 05 05 07 30 01 01 04 82 02 ba 30 82 02 b6 30 81 9f a2 16 04 14 bb af 7e 02 3d fa a6 f1 3c 84 8e ad ee 38 98 ec d9 32 32 d4 18 0f 32 30 31 37 30 36 30 36 31 34 31 30 34 39 5a 30 74 30 72 30 4a 30 09 06 05 2b 0e 03 02 1a 05 00 04 14 5e 02 1b 68 6c 5c d3 be 16 91 99 57 89 df Data Ascii: 00+000~=<82220170606141049Z0t0r0J0+^hl\W	171
Jun 8, 2017 14:22:31.053715944 CEST	80	49209	178.255.83.1	192.168.1.81	Data Raw: c4 14 72 16 3d 03 04 14 bb af 7e 02 3d fa a6 f1 3c 84 8e ad ee 38 98 ec d9 32 32 d4 02 11 00 f0 1d 4b ee 7b 7c a3 7b 3c 05 66 ac 05 97 24 58 80 00 18 0f 32 30 31 37 30 36 30 36 31 34 31 30 34 39 5a a0 11 18 0f 32 30 31 37 30 36 31 33 31 34 31 30 Data Ascii: r=~=<822K{\|{<f$X20170606141049Z20170613141049Z0*HUzr5]Pe?pZbW}k&oEQzjA)iX-"/3bDrB?M`;NmI:mhG&)	172
Jun 8, 2017 14:22:50.155411005 CEST	49222	80	192.168.1.81	2.20.189.34	GET /pki/crl/products/tspca.crl HTTP/1.1 Cache-Control: max-age = 900 Connection: Keep-Alive Accept: / If-Modified-Since: Sat, 24 May 2014 05:04:54 GMT If-None-Match: "8ab194b3d77cf1:0" User-Agent: Microsoft-CryptoAPI/6.1 Host: crl.microsoft.com	373
Jun 8, 2017 14:22:50.310704947 CEST	49223	80	192.168.1.81	2.20.189.34	GET /pki/crl/products/MicRooCerAut2011_2011_03_22.crl HTTP/1.1 Cache-Control: max-age = 900 Connection: Keep-Alive Accept: / If-Modified-Since: Wed, 07 Dec 2016 06:01:02 GMT If-None-Match: "cc8e404a4f50d21:0" User-Agent: Microsoft-CryptoAPI/6.1 Host: crl.microsoft.com	374
Jun 8, 2017 14:22:50.898561001 CEST	80	49222	2.20.189.34	192.168.1.81	HTTP/1.1 200 OK Content-Length: 521 Content-Type: application/pkix-crl Last-Modified: Tue, 02 May 2017 22:24:30 GMT ETag: 0x8D491AA007CEE58 Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: 50003afe-0001-0084-2247-d61158000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Date: Thu, 08 Jun 2017 12:22:50 GMT Connection: keep-alive Data Raw: 30 82 02 05 30 81 ee 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 79 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 Data Ascii: 000*H0y10UUS10UWashington10URedmond10UMicrosoft	374
Jun 8, 2017 14:22:50.947527885 CEST	80	49223	2.20.189.34	192.168.1.81	HTTP/1.1 200 OK Content-Length: 1141 Content-Type: application/pkix-crl Content-MD5: jUjuzM89Sl1Ya1ccmlXe/w== Last-Modified: Wed, 10 May 2017 02:04:35 GMT ETag: 0x8D49748E7EE1205 Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: 5000341d-0001-0084-3547-d61158000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Date: Thu, 08 Jun 2017 12:22:50 GMT Connection: keep-alive Data Raw: 30 82 04 71 30 82 02 59 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 88 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e Data Ascii: 0q0Y0*H010UUS10UWashin	375
Jun 8, 2017 14:22:51.097903967 CEST	80	49222	2.20.189.34	192.168.1.81	Data Raw: 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 23 30 21 06 03 55 04 03 13 1a 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 73 74 61 6d 70 69 6e 67 20 50 43 41 17 0d 31 34 30 35 31 34 32 30 31 30 31 37 5a 17 0d 34 34 30 35 31 33 32 30 32 31 35 34 5a a0 41 30 Data Ascii: Corporation1#0!UMicrosoft Timestamping PCA140514201017Z440513202154ZA0?0U#0oN?4K;AC0+70U)0H6kse"x(CLrE/^mtI^W+`Qa	375
Jun 8, 2017 14:22:51.135245085 CEST	49222	80	192.168.1.81	2.20.189.34	GET /pki/crl/products/MicRooCerAut2011_2011_03_22.crl HTTP/1.1 Cache-Control: max-age = 900 Connection: Keep-Alive Accept: / If-Modified-Since: Wed, 07 Dec 2016 06:01:02 GMT If-None-Match: "cc8e404a4f50d21:0" User-Agent: Microsoft-CryptoAPI/6.1 Host: crl.microsoft.com	376
Jun 8, 2017 14:22:51.148447990 CEST	80	49223	2.20.189.34	192.168.1.81	Data Raw: 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 32 30 30 06 03 55 04 03 13 29 4d 69 63 72 6f 73 6f 66 74 20 52 6f 6f 74 20 43 65 Data Ascii: gton10URedmond10UMicrosoft Corporation1200U)Microsoft Root Certificate Authority 2011170509211745Z170809093745Z0802300160419142742Z00U023/8WR2CJ/160419142741Z00U	377
Jun 8, 2017 14:22:51.646974087 CEST	80	49222	2.20.189.34	192.168.1.81	HTTP/1.1 200 OK Content-Length: 1141 Content-Type: application/pkix-crl Content-MD5: jUjuzM89Sl1Ya1ccmlXe/w== Last-Modified: Wed, 10 May 2017 02:04:35 GMT ETag: 0x8D49748E7EE1205 Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: 5000341d-0001-0084-3547-d61158000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Date: Thu, 08 Jun 2017 12:22:51 GMT Connection: keep-alive Data Raw: 30 82 04 71 30 82 02 59 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 88 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e Data Ascii: 0q0Y0*H010UUS10UWashin	381
Jun 8, 2017 14:22:51.847635031 CEST	80	49222	2.20.189.34	192.168.1.81	Data Raw: 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 32 30 30 06 03 55 04 03 13 29 4d 69 63 72 6f 73 6f 66 74 20 52 6f 6f 74 20 43 65 Data Ascii: gton10URedmond10UMicrosoft Corporation1200U)Microsoft Root Certificate Authority 2011170509211745Z170809093745Z0802300160419142742Z00U023/8WR2CJ/160419142741Z00U	382
Jun 8, 2017 14:22:51.883249998 CEST	49222	80	192.168.1.81	2.20.189.34	GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1 Cache-Control: max-age = 900 Connection: Keep-Alive Accept: / If-Modified-Since: Mon, 21 Nov 2016 06:01:26 GMT If-None-Match: "ea9ee7b1bc43d21:0" User-Agent: Microsoft-CryptoAPI/6.1 Host: crl.microsoft.com	383
Jun 8, 2017 14:22:52.296940088 CEST	80	49222	2.20.189.34	192.168.1.81	HTTP/1.1 200 OK Content-Length: 813 Content-Type: application/pkix-crl Last-Modified: Tue, 02 May 2017 22:24:24 GMT ETag: 0x8D491A9FD112A27 Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: b6974447-0001-0027-5546-d6dd39000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Date: Thu, 08 Jun 2017 12:22:52 GMT Connection: keep-alive Data Raw: 30 82 03 29 30 82 01 11 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 5f 31 13 30 11 06 0a 09 92 26 89 93 f2 2c 64 01 19 16 03 63 6f 6d 31 19 30 17 06 0a 09 92 26 89 93 f2 2c 64 01 19 16 09 6d 69 63 72 6f 73 6f 66 74 31 2d 30 2b 06 03 55 04 03 13 24 4d 69 63 72 6f 73 6f 66 74 20 52 6f Data Ascii: 0)00*H0_10&,dcom10&,dmicrosoft1-0+U$Microsoft Ro	386
Jun 8, 2017 14:22:52.503933907 CEST	80	49222	2.20.189.34	192.168.1.81	Data Raw: 6f 74 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 17 0d 31 37 30 34 32 31 32 30 34 38 35 35 5a 17 0d 31 37 30 37 32 31 30 39 30 38 35 35 5a 30 1d 30 1b 02 0a 61 02 b0 19 00 00 00 00 00 2f 17 0d 31 30 30 32 30 38 30 31 34 39 Data Ascii: ot Certificate Authority170421204855Z170721090855Z00a/100208014912Z_0]0U#0`@V'%SY0+70U30+7170720205855Z0H[<+"K%.L.8g`Ycr4#r\5.	387
Jun 8, 2017 14:22:52.539544106 CEST	49222	80	192.168.1.81	2.20.189.34	GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1 Cache-Control: max-age = 900 Connection: Keep-Alive Accept: / If-Modified-Since: Mon, 12 Dec 2016 06:00:18 GMT If-None-Match: "7254ef33d54d21:0" User-Agent: Microsoft-CryptoAPI/6.1 Host: crl.microsoft.com	387
Jun 8, 2017 14:22:53.047388077 CEST	80	49222	2.20.189.34	192.168.1.81	HTTP/1.1 200 OK Content-Length: 554 Content-Type: application/pkix-crl Content-MD5: +JCGHCVYwMgbPGWWiVwiZQ== Last-Modified: Fri, 12 May 2017 20:19:14 GMT ETag: 0x8D4997428DCBF97 Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: d9a497f0-0001-004d-275d-cb8192000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Date: Thu, 08 Jun 2017 12:22:52 GMT Connection: keep-alive Data Raw: 30 82 02 26 30 82 01 0e 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 79 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 Data Ascii: 0&00*H0y10UUS10UWashingt	388
Jun 8, 2017 14:22:53.253791094 CEST	80	49222	2.20.189.34	192.168.1.81	Data Raw: 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 23 30 21 06 03 55 04 03 13 1a 4d 69 63 72 6f 73 6f 66 74 20 43 6f 64 65 20 53 69 67 6e Data Ascii: on10URedmond10UMicrosoft Corporation1#0!UMicrosoft Code Signing PCA170512163339Z170811045339Za0_0U#0X7.3L0+70Ud0+7170810164339Z0*H"	389
Jun 8, 2017 14:22:54.320645094 CEST	49222	80	192.168.1.81	2.20.189.34	GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1 Cache-Control: max-age = 900 Connection: Keep-Alive Accept: / If-Modified-Since: Wed, 02 Nov 2016 05:01:26 GMT If-None-Match: "82c52e2ac634d21:0" User-Agent: Microsoft-CryptoAPI/6.1 Host: crl.microsoft.com	391
Jun 8, 2017 14:22:54.729029894 CEST	80	49222	2.20.189.34	192.168.1.81	HTTP/1.1 200 OK Content-Length: 550 Content-Type: application/pkix-crl Last-Modified: Tue, 02 May 2017 22:24:27 GMT ETag: 0x8D491A9FE8C17D1 Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: b697454e-0001-0027-4046-d6dd39000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Date: Thu, 08 Jun 2017 12:22:54 GMT Connection: keep-alive Data Raw: 30 82 02 22 30 82 01 0a 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 77 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 Data Ascii: 0"00*H0w10UUS10UWashington10URedmond10UMicrosof	392
Jun 8, 2017 14:22:54.941340923 CEST	80	49222	2.20.189.34	192.168.1.81	Data Raw: 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 21 30 1f 06 03 55 04 03 13 18 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 17 0d 31 37 30 34 30 32 32 31 31 37 31 39 5a 17 0d 31 37 30 37 30 32 30 39 33 37 31 39 5a a0 5f 30 5d Data Ascii: t Corporation1!0UMicrosoft Time-Stamp PCA170402211719Z170702093719Z_0]0U#0#4RFp@v+50+70U<0+7170701212719Z0*H,g-g`U->Fumi!	393

HTTPS Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP	Subject	Issuer	Not Before	Not After	Raw
Jun 8, 2017 14:22:24.713047028 CEST	443	49199	2.16.33.120	192.168.1.81	CN=go.microsoft.com, OU=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, ST=WA, C=US	CN=Microsoft IT SSL SHA2, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US	Mon Jul 04 10:41:09 CEST 2016	Wed Apr 04 10:41:09 CEST 2018	[[ Version: V3 Subject: CN=go.microsoft.com, OU=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, ST=WA, C=US Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 2048 bits modulus: 28642216343773785393396180642065471124850435483354826628785970899241752839044956819680360634327028345616726841514490198214245333590590325799202379499069655688696859381881255546158440735394566670554431654541256299754906079283791657305021585278759130624211089506193469522379965708451614626657597849382909720165701245945899059513626711918387994151437375978187648870955772293633658147018229451287357448592744606740081381911878114496235551897140383287958270728668463484935002301978017575919716419678485345741279726716081560864373159926186231853807257085679869161356196117691974218632096591488169285925595013423997672496427 public exponent: 65537 Validity: [From: Mon Jul 04 10:41:09 CEST 2016, To: Wed Apr 04 10:41:09 CEST 2018] Issuer: CN=Microsoft IT SSL SHA2, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US SerialNumber: [ 5a0003c6 66e9f24b e138ce42 01000100 03c666]Certificate Extensions: 9[1]: ObjectId: 1.3.6.1.4.1.311.21.10 Criticality=falseExtension unknown: DER encoded OCTET string =0000: 04 1A 30 18 30 0A 06 08 2B 06 01 05 05 07 03 01 ..0.0...+.......0010: 30 0A 06 08 2B 06 01 05 05 07 03 02 0...+.......[2]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=falseAuthorityInfoAccess [ [ accessMethod: caIssuers accessLocation: URIName: http://www.microsoft.com/pki/mscorp/msitwww2.crt, accessMethod: ocsp accessLocation: URIName: http://ocsp.msocsp.com]][3]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: 51 AF 24 26 9C F4 68 22 57 80 26 2B 3B 46 62 15 Q.$&..h"W.&+;Fb.0010: 7B 1E CC A5 ....]][4]: ObjectId: 2.5.29.31 Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://mscrl.microsoft.com/pki/mscorp/crl/msitwww2.crl, URIName: http://crl.microsoft.com/pki/mscorp/crl/msitwww2.crl]]][5]: ObjectId: 2.5.29.32 Criticality=falseCertificatePolicies [ [CertificatePolicyId: [1.3.6.1.4.1.311.42.1][PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 28 68 74 74 70 3A 2F 2F 77 77 77 2E 6D 69 63 .(http://www.mic0010: 72 6F 73 6F 66 74 2E 63 6F 6D 2F 70 6B 69 2F 6D rosoft.com/pki/m0020: 73 63 6F 72 70 2F 63 70 73 00 scorp/cps.]] ]][6]: ObjectId: 2.5.29.37 Criticality=falseExtendedKeyUsages [ serverAuth clientAuth][7]: ObjectId: 2.5.29.15 Criticality=falseKeyUsage [ DigitalSignature Key_Encipherment Data_Encipherment][8]: ObjectId: 2.5.29.17 Criticality=falseSubjectAlternativeName [ DNSName: aka.ms DNSName: www.aka.ms DNSName: go.microsoft.com][9]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: 70 30 05 EC 49 56 22 E9 80 C4 C8 16 D6 F8 B5 1A p0..IV".........0010: B3 E5 0C B7 ....]]] Algorithm: [SHA256withRSA] Signature:0000: 23 86 8F 6A 85 9B DD 0F 3D 10 17 07 B9 B3 0B 6F #..j....=......o0010: 00 D4 20 62 D1 23 44 B9 50 FD 40 0A 30 0D FA 2D .. b.#D.P.@.0..-0020: 48 CD 84 BD 8B AD FA 57 9A 6B 7A A1 33 C6 F7 6F H......W.kz.3..o0030: 99 1B 46 66 60 F1 4A 3B 4F B2 56 77 B2 F4 A4 58 ..Ff`.J;O.Vw...X0040: F8 3D AF 49 B2 AB 9F C1 0C E3 2D F4 96 68 F2 9D .=.I......-..h..0050: B2 17 34 61 D6 FC CE 1E 08 F1 A2 60 95 5E E9 E6 ..4a.......`.^..0060: FD 65 61 7B 50 3F CD 30 55 05 1D C4 9D DA 17 1B .ea.P?.0U.......0070: F9 75 ED 44 8C EA 6C 59 A8 02 62 89 B9 3C 67 16 .u.D..lY..b..<g.0080: 65 D8 F5 FE 2E D7 61 6B 62 30 AD DA 90 31 4F 09 e.....akb0...1O.0090: 08 B0 87 0F C1 7A 5F C3 5A 4B 0D 68 67 16 3C BB .....z_.ZK.hg.<.00A0: AC 1A B3 AA 26 FC 50 2E 3C 29 99 07 27 A5 FA D4 ....&.P.<)..'...00B0: C3 3B C1 5D 0A 73 07 36 DD FA EC 57 A8 F2 C1 CF .;.].s.6...W....00C0: 97 1C 58 EB A1 45 04 3D DE 47 4C 7C 93 7F BA 7C ..X..E.=.GL.....00D0: B0 1D 71 36 84 22 ED 06 0E AC 02 18 8D 11 D1 1C ..q6."..........00E0: F1 06 3D 10 E1 6A A4 5C AA BB AD 07 4E 1D 8B A6 ..=..j.\....N...00F0: 24 C4 C3 72 6E 6C 06 20 0A 1D 91 F7 8A B0 96 5B $..rnl. .......[0100: 19 21 83 92 89 8F 63 14 47 E1 5E E9 58 64 37 52 .!....c.G.^.Xd7R0110: C1 B6 5B 11 83 30 F4 96 0A C2 78 D6 FD F6 63 61 ..[..0....x...ca0120: B2 D0 69 AF 04 D9 FE 9B 51 21 E8 E1 8C D3 F4 8E ..i.....Q!......0130: 34 31 69 F2 1C B8 95 80 29 D7 E2 E8 2A 66 C4 1B 41i.....)...*f..0140: 04 60 D0 DC 6C 83 47 29 B4 CF D4 CF CE 94 3B 17 .`..l.G)......;.0150: 5D C5 EB 47 3F 9F 26 E5 FB 7A 9D A4 46 B4 B0 B2 ]..G?.&..z..F...0160: C0 63 15 A0 5A D6 18 6B 32 A6 07 F2 51 42 8B 53 .c..Z..k2...QB.S0170: 50 D2 69 63 EF 43 B6 47 F9 E4 CD 7D 4E 10 94 BB P.ic.C.G....N...0180: 41 75 0D 10 2C BA B1 33 40 F2 90 F4 8F 8B C1 FE Au..,..3@.......0190: 59 FE 3D C8 1E A0 07 5A 65 A7 ED EC 73 B3 DF D9 Y.=....Ze...s...01A0: 7E B6 24 9A 12 31 2E C6 5D 94 67 E7 46 06 B5 E8 ..$..1..].g.F...01B0: 45 DD 46 70 C2 B2 78 B7 5D 43 D5 69 B9 7B 3A BC E.Fp..x.]C.i..:.01C0: C2 7F 43 D6 80 4B 24 B6 58 DF 35 E6 FF 8E 52 66 ..C..K$.X.5...Rf01D0: 1A E6 55 7E CE 96 17 7F 45 57 5D 57 C2 8A AB 05 ..U.....EW]W....01E0: 1A 6C 60 C9 2E 11 7D 22 1B 04 D3 0D A1 00 7D 57 .l`....".......W01F0: EC 45 B9 5E 04 EC 09 14 30 09 B0 A6 F1 E3 90 B6 .E.^....0.......]
Jun 8, 2017 14:22:24.713047028 CEST	443	49199	2.16.33.120	192.168.1.81	CN=Microsoft IT SSL SHA2, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed May 07 19:04:09 CEST 2014	Mon May 07 19:03:30 CEST 2018	[[ Version: V3 Subject: CN=Microsoft IT SSL SHA2, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 4096 bits modulus: 856346252147681095531487657896208775529392570871270739541547656304946186337150025406692403816841622511911362583630424396793275647141867270866840690817025219347773735765802949433253521575884380009133362973276339871342927778470495975448937806685783429794469131879519348587026317046468956224702428125122647846517114639580465833230798904514497256617415305854488459765292877638489732936291819814011375894387200589578322693347915830480163679659038622705073213697766041497450598739345457839557197242509088964439815610006179823855772962212352661583402987609934239423540839283578918329472154182460688721063338324385558431958134145467846948920756751744859811561978667430438139577369855280292356554256643346678832671994189948875677882282660398559500378142160213322773020338909177908588090796092907176697730272260822320523133406159167663529381896382723524150626204675362984170546028545445590020372056502614209846403986541505644602279203940727512733887581549284738720405498522357365555958542658888010209540372662781747546788764044933068920388441693145503606586017974091513711459186006091170503138182616128360282021248417537850857888968945059405922540236449369081660323465765998905631038654387934655547230298400512461379266062187132090830373431547 public exponent: 65537 Validity: [From: Wed May 07 19:04:09 CEST 2014, To: Mon May 07 19:03:30 CEST 2018] Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE SerialNumber: [ 0727aa47]Certificate Extensions: 8[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=falseAuthorityInfoAccess [ [ accessMethod: ocsp accessLocation: URIName: http://ocsp.omniroot.com/baltimoreroot]][2]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: E5 9D 59 30 82 47 58 CC AC FA 08 54 36 86 7B 3A ..Y0.GX....T6..:0010: B5 04 4D F0 ..M.]][3]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:true PathLen:0][4]: ObjectId: 2.5.29.31 Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://cdp1.public-trust.com/CRL/Omniroot2025.crl]]][5]: ObjectId: 2.5.29.32 Criticality=falseCertificatePolicies [ [CertificatePolicyId: [1.3.6.1.4.1.6334.1.0][PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 2D 68 74 74 70 3A 2F 2F 63 79 62 65 72 74 72 .-http://cybertr0010: 75 73 74 2E 6F 6D 6E 69 72 6F 6F 74 2E 63 6F 6D ust.omniroot.com0020: 2F 72 65 70 6F 73 69 74 6F 72 79 2E 63 66 6D /repository.cfm]] ] [CertificatePolicyId: [1.3.6.1.4.1.311.42.1][] ]][6]: ObjectId: 2.5.29.37 Criticality=falseExtendedKeyUsages [ serverAuth clientAuth OCSPSigning][7]: ObjectId: 2.5.29.15 Criticality=trueKeyUsage [ DigitalSignature Key_CertSign Crl_Sign][8]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: 51 AF 24 26 9C F4 68 22 57 80 26 2B 3B 46 62 15 Q.$&..h"W.&+;Fb.0010: 7B 1E CC A5 ....]]] Algorithm: [SHA256withRSA] Signature:0000: 69 62 F6 84 91 00 C4 6F 82 7B 24 E1 42 A2 A5 8B ib.....o..$.B...0010: 82 5C A7 C5 44 CB E7 52 76 63 D3 76 9E 78 E2 69 .\..D..Rvc.v.x.i0020: 35 B1 38 BA B0 96 C6 1F AC 7B C6 B2 65 77 8B 7D 5.8.........ew..0030: 8D AE 64 B9 A5 8C 17 CA 58 65 C3 AD 82 F5 C5 A2 ..d.....Xe......0040: F5 01 13 93 C6 7E 44 E5 C4 61 FA 03 B6 56 C1 72 ......D..a...V.r0050: E1 C8 28 C5 69 21 8F AC 6E FD 7F 43 83 36 B8 C0 ..(.i!..n..C.6..0060: D6 A0 28 FE 1A 45 BE FD 93 8C 8D A4 64 79 1F 14 ..(..E......dy..0070: DB A1 9F 21 DC C0 4E 7B 17 22 17 B1 B6 3C D3 9B ...!..N.."...<..0080: E2 0A A3 7E 99 B0 C1 AC D8 F4 86 DF 3C DA 7D 14 ............<...0090: 9C 40 C1 7C D2 18 6F F1 4F 26 45 09 95 94 5C DA .@....o.O&E...\.00A0: D0 98 F8 F4 4C 82 96 10 DE AC 30 CB 2B AE F9 92 ....L.....0.+...00B0: EA BF 79 03 FC 1E 3F AC 09 A4 3F 65 FD 91 4F 96 ..y...?...?e..O.00C0: 24 A7 CE B4 4E 6A 96 29 17 AE C0 A8 DF 17 22 F4 $...Nj.)......".00D0: 17 E3 DC 1C 39 06 56 10 EA EA B5 74 17 3C 4E DD ....9.V....t.<N.00E0: 7E 91 0A A8 0B 78 07 A7 31 44 08 31 AB 18 84 0F .....x..1D.1....00F0: 12 9C E7 DE 84 2C E9 6D 93 45 BF A8 C1 3F 34 DC .....,.m.E...?4.]
Jun 8, 2017 14:22:24.713047028 CEST	443	49199	2.16.33.120	192.168.1.81	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Fri May 12 20:46:00 CEST 2000	Tue May 13 01:59:00 CEST 2025	[[ Version: V3 Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5 Key: Sun RSA public key, 2048 bits modulus: 20579176651421167987106471718888186309534186253587759121109122482694167416584428920295678216035822449451639581023765122994089008826314029843654807108803739729565431642116323937940944378450034252354609020536286175863324156219063038927409933070688727356676027216359532593504366119272034244698731524943132462329205729047681997715455240148827523651706429854757422624117805863121520494307655271426986078917217383478420381375139154341613794371303682232583316393601620034638044186782252195438345309455714637508276892061355357785328168602107026282695945834955006612147350315937204256563720794300123948598669913435346712336953 public exponent: 65537 Validity: [From: Fri May 12 20:46:00 CEST 2000, To: Tue May 13 01:59:00 CEST 2025] Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE SerialNumber: [ 020000b9]Certificate Extensions: 3[1]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:true PathLen:3][2]: ObjectId: 2.5.29.15 Criticality=trueKeyUsage [ Key_CertSign Crl_Sign][3]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: E5 9D 59 30 82 47 58 CC AC FA 08 54 36 86 7B 3A ..Y0.GX....T6..:0010: B5 04 4D F0 ..M.]]] Algorithm: [SHA1withRSA] Signature:0000: 85 0C 5D 8E E4 6F 51 68 42 05 A0 DD BB 4F 27 25 ..]..oQhB....O'%0010: 84 03 BD F7 64 FD 2D D7 30 E3 A4 10 17 EB DA 29 ....d.-.0......)0020: 29 B6 79 3F 76 F6 19 13 23 B8 10 0A F9 58 A4 D4 ).y?v...#....X..0030: 61 70 BD 04 61 6A 12 8A 17 D5 0A BD C5 BC 30 7C ap..aj........0.0040: D6 E9 0C 25 8D 86 40 4F EC CC A3 7E 38 C6 37 11 ...%..@O....8.7.0050: 4F ED DD 68 31 8E 4C D2 B3 01 74 EE BE 75 5E 07 O..h1.L...t..u^.0060: 48 1A 7F 70 FF 16 5C 84 C0 79 85 B8 05 FD 7F BE H..p..\..y......0070: 65 11 A3 0F C0 02 B4 F8 52 37 39 04 D5 A9 31 7A e.......R79...1z0080: 18 BF A0 2A F4 12 99 F7 A3 45 82 E3 3C 5E F5 9D ...*.....E..<^..0090: 9E B5 C8 9E 7C 2E C8 A4 9E 4E 08 14 4B 6D FD 70 .........N..Km.p00A0: 6D 6B 1A 63 BD 64 E6 1F B7 CE F0 F2 9F 2E BB 1B mk.c.d..........00B0: B7 F2 50 88 73 92 C2 E2 E3 16 8D 9A 32 02 AB 8E ..P.s.......2...00C0: 18 DD E9 10 11 EE 7E 35 AB 90 AF 3E 30 94 7A D0 .......5...>0.z.00D0: 33 3D A7 65 0F F5 FC 8E 9E 62 CF 47 44 2C 01 5D 3=.e.....b.GD,.]00E0: BB 1D B5 32 D2 47 D2 38 2E D0 FE 81 DC 32 6A 1E ...2.G.8.....2j.00F0: B5 EE 3C D5 FC E7 81 1D 19 C3 24 42 EA 63 39 A9 ..<.......$B.c9.]
Jun 8, 2017 14:22:24.861061096 CEST	443	49200	2.16.33.120	192.168.1.81	CN=go.microsoft.com, OU=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, ST=WA, C=US	CN=Microsoft IT SSL SHA2, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US	Mon Jul 04 10:41:09 CEST 2016	Wed Apr 04 10:41:09 CEST 2018	[[ Version: V3 Subject: CN=go.microsoft.com, OU=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, ST=WA, C=US Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 2048 bits modulus: 28642216343773785393396180642065471124850435483354826628785970899241752839044956819680360634327028345616726841514490198214245333590590325799202379499069655688696859381881255546158440735394566670554431654541256299754906079283791657305021585278759130624211089506193469522379965708451614626657597849382909720165701245945899059513626711918387994151437375978187648870955772293633658147018229451287357448592744606740081381911878114496235551897140383287958270728668463484935002301978017575919716419678485345741279726716081560864373159926186231853807257085679869161356196117691974218632096591488169285925595013423997672496427 public exponent: 65537 Validity: [From: Mon Jul 04 10:41:09 CEST 2016, To: Wed Apr 04 10:41:09 CEST 2018] Issuer: CN=Microsoft IT SSL SHA2, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US SerialNumber: [ 5a0003c6 66e9f24b e138ce42 01000100 03c666]Certificate Extensions: 9[1]: ObjectId: 1.3.6.1.4.1.311.21.10 Criticality=falseExtension unknown: DER encoded OCTET string =0000: 04 1A 30 18 30 0A 06 08 2B 06 01 05 05 07 03 01 ..0.0...+.......0010: 30 0A 06 08 2B 06 01 05 05 07 03 02 0...+.......[2]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=falseAuthorityInfoAccess [ [ accessMethod: caIssuers accessLocation: URIName: http://www.microsoft.com/pki/mscorp/msitwww2.crt, accessMethod: ocsp accessLocation: URIName: http://ocsp.msocsp.com]][3]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: 51 AF 24 26 9C F4 68 22 57 80 26 2B 3B 46 62 15 Q.$&..h"W.&+;Fb.0010: 7B 1E CC A5 ....]][4]: ObjectId: 2.5.29.31 Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://mscrl.microsoft.com/pki/mscorp/crl/msitwww2.crl, URIName: http://crl.microsoft.com/pki/mscorp/crl/msitwww2.crl]]][5]: ObjectId: 2.5.29.32 Criticality=falseCertificatePolicies [ [CertificatePolicyId: [1.3.6.1.4.1.311.42.1][PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 28 68 74 74 70 3A 2F 2F 77 77 77 2E 6D 69 63 .(http://www.mic0010: 72 6F 73 6F 66 74 2E 63 6F 6D 2F 70 6B 69 2F 6D rosoft.com/pki/m0020: 73 63 6F 72 70 2F 63 70 73 00 scorp/cps.]] ]][6]: ObjectId: 2.5.29.37 Criticality=falseExtendedKeyUsages [ serverAuth clientAuth][7]: ObjectId: 2.5.29.15 Criticality=falseKeyUsage [ DigitalSignature Key_Encipherment Data_Encipherment][8]: ObjectId: 2.5.29.17 Criticality=falseSubjectAlternativeName [ DNSName: aka.ms DNSName: www.aka.ms DNSName: go.microsoft.com][9]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: 70 30 05 EC 49 56 22 E9 80 C4 C8 16 D6 F8 B5 1A p0..IV".........0010: B3 E5 0C B7 ....]]] Algorithm: [SHA256withRSA] Signature:0000: 23 86 8F 6A 85 9B DD 0F 3D 10 17 07 B9 B3 0B 6F #..j....=......o0010: 00 D4 20 62 D1 23 44 B9 50 FD 40 0A 30 0D FA 2D .. b.#D.P.@.0..-0020: 48 CD 84 BD 8B AD FA 57 9A 6B 7A A1 33 C6 F7 6F H......W.kz.3..o0030: 99 1B 46 66 60 F1 4A 3B 4F B2 56 77 B2 F4 A4 58 ..Ff`.J;O.Vw...X0040: F8 3D AF 49 B2 AB 9F C1 0C E3 2D F4 96 68 F2 9D .=.I......-..h..0050: B2 17 34 61 D6 FC CE 1E 08 F1 A2 60 95 5E E9 E6 ..4a.......`.^..0060: FD 65 61 7B 50 3F CD 30 55 05 1D C4 9D DA 17 1B .ea.P?.0U.......0070: F9 75 ED 44 8C EA 6C 59 A8 02 62 89 B9 3C 67 16 .u.D..lY..b..<g.0080: 65 D8 F5 FE 2E D7 61 6B 62 30 AD DA 90 31 4F 09 e.....akb0...1O.0090: 08 B0 87 0F C1 7A 5F C3 5A 4B 0D 68 67 16 3C BB .....z_.ZK.hg.<.00A0: AC 1A B3 AA 26 FC 50 2E 3C 29 99 07 27 A5 FA D4 ....&.P.<)..'...00B0: C3 3B C1 5D 0A 73 07 36 DD FA EC 57 A8 F2 C1 CF .;.].s.6...W....00C0: 97 1C 58 EB A1 45 04 3D DE 47 4C 7C 93 7F BA 7C ..X..E.=.GL.....00D0: B0 1D 71 36 84 22 ED 06 0E AC 02 18 8D 11 D1 1C ..q6."..........00E0: F1 06 3D 10 E1 6A A4 5C AA BB AD 07 4E 1D 8B A6 ..=..j.\....N...00F0: 24 C4 C3 72 6E 6C 06 20 0A 1D 91 F7 8A B0 96 5B $..rnl. .......[0100: 19 21 83 92 89 8F 63 14 47 E1 5E E9 58 64 37 52 .!....c.G.^.Xd7R0110: C1 B6 5B 11 83 30 F4 96 0A C2 78 D6 FD F6 63 61 ..[..0....x...ca0120: B2 D0 69 AF 04 D9 FE 9B 51 21 E8 E1 8C D3 F4 8E ..i.....Q!......0130: 34 31 69 F2 1C B8 95 80 29 D7 E2 E8 2A 66 C4 1B 41i.....)...*f..0140: 04 60 D0 DC 6C 83 47 29 B4 CF D4 CF CE 94 3B 17 .`..l.G)......;.0150: 5D C5 EB 47 3F 9F 26 E5 FB 7A 9D A4 46 B4 B0 B2 ]..G?.&..z..F...0160: C0 63 15 A0 5A D6 18 6B 32 A6 07 F2 51 42 8B 53 .c..Z..k2...QB.S0170: 50 D2 69 63 EF 43 B6 47 F9 E4 CD 7D 4E 10 94 BB P.ic.C.G....N...0180: 41 75 0D 10 2C BA B1 33 40 F2 90 F4 8F 8B C1 FE Au..,..3@.......0190: 59 FE 3D C8 1E A0 07 5A 65 A7 ED EC 73 B3 DF D9 Y.=....Ze...s...01A0: 7E B6 24 9A 12 31 2E C6 5D 94 67 E7 46 06 B5 E8 ..$..1..].g.F...01B0: 45 DD 46 70 C2 B2 78 B7 5D 43 D5 69 B9 7B 3A BC E.Fp..x.]C.i..:.01C0: C2 7F 43 D6 80 4B 24 B6 58 DF 35 E6 FF 8E 52 66 ..C..K$.X.5...Rf01D0: 1A E6 55 7E CE 96 17 7F 45 57 5D 57 C2 8A AB 05 ..U.....EW]W....01E0: 1A 6C 60 C9 2E 11 7D 22 1B 04 D3 0D A1 00 7D 57 .l`....".......W01F0: EC 45 B9 5E 04 EC 09 14 30 09 B0 A6 F1 E3 90 B6 .E.^....0.......]
Jun 8, 2017 14:22:24.861061096 CEST	443	49200	2.16.33.120	192.168.1.81	CN=Microsoft IT SSL SHA2, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed May 07 19:04:09 CEST 2014	Mon May 07 19:03:30 CEST 2018	[[ Version: V3 Subject: CN=Microsoft IT SSL SHA2, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 4096 bits modulus: 856346252147681095531487657896208775529392570871270739541547656304946186337150025406692403816841622511911362583630424396793275647141867270866840690817025219347773735765802949433253521575884380009133362973276339871342927778470495975448937806685783429794469131879519348587026317046468956224702428125122647846517114639580465833230798904514497256617415305854488459765292877638489732936291819814011375894387200589578322693347915830480163679659038622705073213697766041497450598739345457839557197242509088964439815610006179823855772962212352661583402987609934239423540839283578918329472154182460688721063338324385558431958134145467846948920756751744859811561978667430438139577369855280292356554256643346678832671994189948875677882282660398559500378142160213322773020338909177908588090796092907176697730272260822320523133406159167663529381896382723524150626204675362984170546028545445590020372056502614209846403986541505644602279203940727512733887581549284738720405498522357365555958542658888010209540372662781747546788764044933068920388441693145503606586017974091513711459186006091170503138182616128360282021248417537850857888968945059405922540236449369081660323465765998905631038654387934655547230298400512461379266062187132090830373431547 public exponent: 65537 Validity: [From: Wed May 07 19:04:09 CEST 2014, To: Mon May 07 19:03:30 CEST 2018] Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE SerialNumber: [ 0727aa47]Certificate Extensions: 8[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=falseAuthorityInfoAccess [ [ accessMethod: ocsp accessLocation: URIName: http://ocsp.omniroot.com/baltimoreroot]][2]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: E5 9D 59 30 82 47 58 CC AC FA 08 54 36 86 7B 3A ..Y0.GX....T6..:0010: B5 04 4D F0 ..M.]][3]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:true PathLen:0][4]: ObjectId: 2.5.29.31 Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://cdp1.public-trust.com/CRL/Omniroot2025.crl]]][5]: ObjectId: 2.5.29.32 Criticality=falseCertificatePolicies [ [CertificatePolicyId: [1.3.6.1.4.1.6334.1.0][PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 2D 68 74 74 70 3A 2F 2F 63 79 62 65 72 74 72 .-http://cybertr0010: 75 73 74 2E 6F 6D 6E 69 72 6F 6F 74 2E 63 6F 6D ust.omniroot.com0020: 2F 72 65 70 6F 73 69 74 6F 72 79 2E 63 66 6D /repository.cfm]] ] [CertificatePolicyId: [1.3.6.1.4.1.311.42.1][] ]][6]: ObjectId: 2.5.29.37 Criticality=falseExtendedKeyUsages [ serverAuth clientAuth OCSPSigning][7]: ObjectId: 2.5.29.15 Criticality=trueKeyUsage [ DigitalSignature Key_CertSign Crl_Sign][8]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: 51 AF 24 26 9C F4 68 22 57 80 26 2B 3B 46 62 15 Q.$&..h"W.&+;Fb.0010: 7B 1E CC A5 ....]]] Algorithm: [SHA256withRSA] Signature:0000: 69 62 F6 84 91 00 C4 6F 82 7B 24 E1 42 A2 A5 8B ib.....o..$.B...0010: 82 5C A7 C5 44 CB E7 52 76 63 D3 76 9E 78 E2 69 .\..D..Rvc.v.x.i0020: 35 B1 38 BA B0 96 C6 1F AC 7B C6 B2 65 77 8B 7D 5.8.........ew..0030: 8D AE 64 B9 A5 8C 17 CA 58 65 C3 AD 82 F5 C5 A2 ..d.....Xe......0040: F5 01 13 93 C6 7E 44 E5 C4 61 FA 03 B6 56 C1 72 ......D..a...V.r0050: E1 C8 28 C5 69 21 8F AC 6E FD 7F 43 83 36 B8 C0 ..(.i!..n..C.6..0060: D6 A0 28 FE 1A 45 BE FD 93 8C 8D A4 64 79 1F 14 ..(..E......dy..0070: DB A1 9F 21 DC C0 4E 7B 17 22 17 B1 B6 3C D3 9B ...!..N.."...<..0080: E2 0A A3 7E 99 B0 C1 AC D8 F4 86 DF 3C DA 7D 14 ............<...0090: 9C 40 C1 7C D2 18 6F F1 4F 26 45 09 95 94 5C DA .@....o.O&E...\.00A0: D0 98 F8 F4 4C 82 96 10 DE AC 30 CB 2B AE F9 92 ....L.....0.+...00B0: EA BF 79 03 FC 1E 3F AC 09 A4 3F 65 FD 91 4F 96 ..y...?...?e..O.00C0: 24 A7 CE B4 4E 6A 96 29 17 AE C0 A8 DF 17 22 F4 $...Nj.)......".00D0: 17 E3 DC 1C 39 06 56 10 EA EA B5 74 17 3C 4E DD ....9.V....t.<N.00E0: 7E 91 0A A8 0B 78 07 A7 31 44 08 31 AB 18 84 0F .....x..1D.1....00F0: 12 9C E7 DE 84 2C E9 6D 93 45 BF A8 C1 3F 34 DC .....,.m.E...?4.]
Jun 8, 2017 14:22:24.861061096 CEST	443	49200	2.16.33.120	192.168.1.81	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Fri May 12 20:46:00 CEST 2000	Tue May 13 01:59:00 CEST 2025	[[ Version: V3 Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5 Key: Sun RSA public key, 2048 bits modulus: 20579176651421167987106471718888186309534186253587759121109122482694167416584428920295678216035822449451639581023765122994089008826314029843654807108803739729565431642116323937940944378450034252354609020536286175863324156219063038927409933070688727356676027216359532593504366119272034244698731524943132462329205729047681997715455240148827523651706429854757422624117805863121520494307655271426986078917217383478420381375139154341613794371303682232583316393601620034638044186782252195438345309455714637508276892061355357785328168602107026282695945834955006612147350315937204256563720794300123948598669913435346712336953 public exponent: 65537 Validity: [From: Fri May 12 20:46:00 CEST 2000, To: Tue May 13 01:59:00 CEST 2025] Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE SerialNumber: [ 020000b9]Certificate Extensions: 3[1]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:true PathLen:3][2]: ObjectId: 2.5.29.15 Criticality=trueKeyUsage [ Key_CertSign Crl_Sign][3]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: E5 9D 59 30 82 47 58 CC AC FA 08 54 36 86 7B 3A ..Y0.GX....T6..:0010: B5 04 4D F0 ..M.]]] Algorithm: [SHA1withRSA] Signature:0000: 85 0C 5D 8E E4 6F 51 68 42 05 A0 DD BB 4F 27 25 ..]..oQhB....O'%0010: 84 03 BD F7 64 FD 2D D7 30 E3 A4 10 17 EB DA 29 ....d.-.0......)0020: 29 B6 79 3F 76 F6 19 13 23 B8 10 0A F9 58 A4 D4 ).y?v...#....X..0030: 61 70 BD 04 61 6A 12 8A 17 D5 0A BD C5 BC 30 7C ap..aj........0.0040: D6 E9 0C 25 8D 86 40 4F EC CC A3 7E 38 C6 37 11 ...%..@O....8.7.0050: 4F ED DD 68 31 8E 4C D2 B3 01 74 EE BE 75 5E 07 O..h1.L...t..u^.0060: 48 1A 7F 70 FF 16 5C 84 C0 79 85 B8 05 FD 7F BE H..p..\..y......0070: 65 11 A3 0F C0 02 B4 F8 52 37 39 04 D5 A9 31 7A e.......R79...1z0080: 18 BF A0 2A F4 12 99 F7 A3 45 82 E3 3C 5E F5 9D ...*.....E..<^..0090: 9E B5 C8 9E 7C 2E C8 A4 9E 4E 08 14 4B 6D FD 70 .........N..Km.p00A0: 6D 6B 1A 63 BD 64 E6 1F B7 CE F0 F2 9F 2E BB 1B mk.c.d..........00B0: B7 F2 50 88 73 92 C2 E2 E3 16 8D 9A 32 02 AB 8E ..P.s.......2...00C0: 18 DD E9 10 11 EE 7E 35 AB 90 AF 3E 30 94 7A D0 .......5...>0.z.00D0: 33 3D A7 65 0F F5 FC 8E 9E 62 CF 47 44 2C 01 5D 3=.e.....b.GD,.]00E0: BB 1D B5 32 D2 47 D2 38 2E D0 FE 81 DC 32 6A 1E ...2.G.8.....2j.00F0: B5 EE 3C D5 FC E7 81 1D 19 C3 24 42 EA 63 39 A9 ..<.......$B.c9.]
Jun 8, 2017 14:22:27.436286926 CEST	443	49205	184.107.89.236	192.168.1.81	CN=capbilcap.ca	CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US	Sun Apr 02 02:00:00 CEST 2017	Sun Jul 02 01:59:59 CEST 2017	[[ Version: V3 Subject: CN=capbilcap.ca Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 2048 bits modulus: 21655693577737516271541575046448786864096647944144241971778385158281155057030493013063440200948735632172673098998829528665986604055543240648508203985789044296405990405451357946773903429362798932737860936715089421656849358147450621657542012128983655162082623037096080124718739735518795365883019528884960352548835988258996023493926433014655398455118024021905014995270904370639334293092307444221206675319955238481597382888355566529082020026023411375103909622003587375541270512451840553041673678781227707026012467929756630200394117251468846059853824222328093962415787373437408221849987768374681175698378471655354618939381 public exponent: 65537 Validity: [From: Sun Apr 02 02:00:00 CEST 2017, To: Sun Jul 02 01:59:59 CEST 2017] Issuer: CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US SerialNumber: [ 3603a5e6 e26577d4 6f3b7fcf cbe3b395]Certificate Extensions: 9[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=falseAuthorityInfoAccess [ [ accessMethod: caIssuers accessLocation: URIName: http://crt.comodoca.com/cPanelIncCertificationAuthority.crt, accessMethod: ocsp accessLocation: URIName: http://ocsp.comodoca.com]][2]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: 7E 03 5A 65 41 6B A7 7E 0A E1 B8 9D 08 EA 1D 8E ..ZeAk..........0010: 1D 6A C7 65 .j.e]][3]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:false PathLen: undefined][4]: ObjectId: 2.5.29.31 Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.comodoca.com/cPanelIncCertificationAuthority.crl]]][5]: ObjectId: 2.5.29.32 Criticality=falseCertificatePolicies [ [CertificatePolicyId: [1.3.6.1.4.1.6449.1.2.2.52][PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 1D 68 74 74 70 73 3A 2F 2F 73 65 63 75 72 65 ..https://secure0010: 2E 63 6F 6D 6F 64 6F 2E 63 6F 6D 2F 43 50 53 .comodo.com/CPS]] ] [CertificatePolicyId: [2.23.140.1.2.1][] ]][6]: ObjectId: 2.5.29.37 Criticality=falseExtendedKeyUsages [ serverAuth clientAuth][7]: ObjectId: 2.5.29.15 Criticality=trueKeyUsage [ DigitalSignature Key_Encipherment][8]: ObjectId: 2.5.29.17 Criticality=falseSubjectAlternativeName [ DNSName: capbilcap.ca DNSName: cpanel.capbilcap.ca DNSName: mail.capbilcap.ca DNSName: webdisk.capbilcap.ca DNSName: webmail.capbilcap.ca DNSName: www.capbilcap.ca][9]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: 9A DD C5 23 1B 48 C8 58 9D 1B 05 86 8E F0 CD 7E ...#.H.X........0010: A8 10 EE 8E ....]]] Algorithm: [SHA256withRSA] Signature:0000: 72 A0 93 0B DC 80 FF B9 F9 CB D8 63 F6 E8 6E B7 r..........c..n.0010: AE 30 31 13 28 CE 5B 00 EC CF 0D B6 8A 88 30 A7 .01.(.[.......0.0020: 51 67 F8 D0 B3 45 F3 95 A3 EF AD 5F 7F 1D 58 71 Qg...E....._..Xq0030: B7 39 1B 67 95 D6 E5 8E 06 5C 0D E2 DD 44 37 AD .9.g.....\...D7.0040: 34 C1 6C 34 27 60 4E E3 9C 59 A8 24 A6 07 AE 1B 4.l4'`N..Y.$....0050: B1 67 BC 9B 51 F4 11 68 5A 28 8C 2C 74 64 5B EB .g..Q..hZ(.,td[.0060: D2 49 E5 CF D8 A3 E1 61 1C 6B 10 90 E5 2B DB 57 .I.....a.k...+.W0070: D7 DD 4D EC 4C 6B C5 FD 93 2B 0B EA 4B 6A 67 D7 ..M.Lk...+..Kjg.0080: BB 4B 65 7A 5D 6A F0 09 5E 7F 32 C7 AF 67 CA E4 .Kez]j..^.2..g..0090: A9 B1 5A FB D5 E5 7A 24 F1 26 44 AA 8C 51 06 54 ..Z...z$.&D..Q.T00A0: D3 30 0C 05 C0 F3 E7 91 EC BA C8 1C 90 9D C6 56 .0.............V00B0: 88 C0 90 5A 20 DD 51 E3 B6 E3 98 91 4B 81 37 7F ...Z .Q.....K.7.00C0: C0 D6 90 1A 7F A1 42 15 B4 9B B0 9F 93 15 14 6A ......B........j00D0: 42 52 8C AC 43 C4 76 25 52 68 AC D2 A5 CD D5 14 BR..C.v%Rh......00E0: FB 2B 9B 19 E4 A5 51 40 7D 44 C8 8F 27 C0 76 88 .+....Q@.D..'.v.00F0: 42 3A 8B 2D B0 E9 8F 18 15 B6 08 FF 95 9A BD F8 B:.-............]
Jun 8, 2017 14:22:27.436286926 CEST	443	49205	184.107.89.236	192.168.1.81	CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US	CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	Mon May 18 02:00:00 CEST 2015	Sun May 18 01:59:59 CEST 2025	[[ Version: V3 Subject: CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US Signature Algorithm: SHA384withRSA, OID = 1.2.840.113549.1.1.12 Key: Sun RSA public key, 2048 bits modulus: 17593480096692713018475895792724075672946153458286563199571628462555198211400353729234678888933040074245743031344110676950225602424239744275580203032388253183641969115414246814221235053912886357650730438318219217508801010315710974463129067389616293028896205864799170095066829527213637069580537424209085616377394665471565050487092639050216078240279738840070252322854082656970094321515205244683618000265664081313419509307371923479181139989769749253107567251365335361691390702907845356758548602034458245938667693881170016372773160251025347753244451417413595842348278925917111831860996925937874910597825547509003460806507 public exponent: 65537 Validity: [From: Mon May 18 02:00:00 CEST 2015, To: Sun May 18 01:59:59 CEST 2025] Issuer: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB SerialNumber: [ f01d4bee 7b7ca37b 3c0566ac 05972458]Certificate Extensions: 8[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=falseAuthorityInfoAccess [ [ accessMethod: caIssuers accessLocation: URIName: http://crt.comodoca.com/COMODORSAAddTrustCA.crt, accessMethod: ocsp accessLocation: URIName: http://ocsp.comodoca.com]][2]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: BB AF 7E 02 3D FA A6 F1 3C 84 8E AD EE 38 98 EC ....=...<....8..0010: D9 32 32 D4 .22.]][3]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:true PathLen:0][4]: ObjectId: 2.5.29.31 Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.comodoca.com/COMODORSACertificationAuthority.crl]]][5]: ObjectId: 2.5.29.32 Criticality=falseCertificatePolicies [ [CertificatePolicyId: [1.3.6.1.4.1.6449.1.2.2.52][] ] [CertificatePolicyId: [2.23.140.1.2.1][] ]][6]: ObjectId: 2.5.29.37 Criticality=falseExtendedKeyUsages [ serverAuth clientAuth][7]: ObjectId: 2.5.29.15 Criticality=trueKeyUsage [ DigitalSignature Key_CertSign Crl_Sign][8]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: 7E 03 5A 65 41 6B A7 7E 0A E1 B8 9D 08 EA 1D 8E ..ZeAk..........0010: 1D 6A C7 65 .j.e]]] Algorithm: [SHA384withRSA] Signature:0000: 10 9F A0 60 08 81 74 A1 A0 84 78 60 4C 39 39 DA ...`..t...x`L99.0010: 64 77 EF 19 0A 72 39 23 94 3B 91 7D 7F 34 8B 97 dw...r9#.;...4..0020: 58 4E 59 0A 2D 68 C3 10 42 B0 A0 7A 81 8C 7B AB XNY.-h..B..z....0030: 31 32 20 39 E4 22 73 E0 DE C9 17 5D 83 C5 75 2D 12 9."s....]..u-0040: E1 11 47 59 01 9E 5D C0 F4 DD 12 6A D0 6D 30 20 ..GY..]....j.m0 0050: E8 B3 CA 4F DF 9A E0 A7 17 9F 1A 2F 87 7E EB 50 ...O......./...P0060: E1 53 F3 F8 47 D9 8C 60 F2 C9 65 65 9C F0 DA 01 .S..G..`..ee....0070: E6 B2 F2 D8 07 98 87 DF 37 89 98 55 12 42 C9 E4 ........7..U.B..0080: 2D DE 2D BE AA 64 94 4E D9 2E E6 C2 D5 F2 C0 E6 -.-..d.N........0090: E9 EA 19 3E 37 0B 89 5F C9 3A F8 4F 47 40 3E AF ...>7.._.:.OG@>.00A0: 1A 7F A2 F6 85 01 88 17 36 B5 23 EA B9 FE BA 6B ........6.#....k00B0: 48 0B 02 20 39 AE C3 61 EB 95 A5 A1 73 C7 1C 5F H.. 9..a....s.._00C0: 54 33 73 57 4B 36 8B 9B 5B 28 E3 3E B1 0B 78 5C T3sWK6..[(.>..x\00D0: 6B 14 A7 10 CC E5 DA 3F BA E9 D6 B2 2D 1D 70 54 k......?....-.pT00E0: BA 5E AB 7D 4F 29 89 10 E0 3A 90 04 C5 EE B9 8E .^..O)...:......00F0: 43 A2 E3 63 58 7F 49 8B 71 3E 57 62 23 40 D1 5D C..cX.I.q>Wb#@.]0100: 96 64 22 61 56 9F 96 67 47 87 BC E5 00 20 A4 68 .d"aV..gG.... .h0110: E2 C1 A0 81 7B 68 73 08 C4 6D 4E 70 79 E8 DD 55 .....hs..mNpy..U0120: D7 09 5C B9 9D 0A 95 A6 0C D9 DB E2 8A 55 EB B9 ..\..........U..0130: E1 E7 9A 95 14 4C 58 06 41 C1 10 AA AA B1 3A E2 .....LX.A.....:.0140: A5 4A 4A E0 D9 C9 1F C2 A0 97 BB 06 EF 19 00 DB .JJ.............0150: 02 BE 96 F1 FB 54 8F 93 9A FA 30 22 36 A9 77 26 .....T....0"6.w&0160: 1F 94 28 93 E9 13 3D 45 D1 3A 35 48 1E 98 0D 82 ..(...=E.:5H....0170: 70 C0 0B 5A 28 87 A1 78 51 3F B5 A7 5C A6 91 22 p..Z(..xQ?..\.."0180: 00 42 4C B9 80 15 80 2A B1 2D 89 4F F7 BA 1E 18 .BL....*.-.O....0190: C4 8C 59 1E 73 49 A3 A8 7B BC 1F F7 56 4D 50 9F ..Y.sI......VMP.01A0: 67 16 A7 C7 17 48 E7 6D 54 57 76 6E 97 58 5B 78 g....H.mTWvn.X[x01B0: 64 A4 ED 62 B4 00 3B 06 7E 79 B8 58 5F 6E 84 D6 d..b..;..y.X_n..01C0: 43 BC 4F DB 39 AA 28 F0 C1 89 09 C5 FB E3 18 44 C.O.9.(........D01D0: B7 E5 B2 8B 5D 95 F9 23 5A 0B 72 F7 69 3A D6 57 ....]..#Z.r.i:.W01E0: 8B E1 E9 F4 60 BE C4 51 2B 11 AC FE 48 B3 72 73 ....`..Q+...H.rs01F0: CA 13 50 73 0D 04 76 CA 01 E1 42 C2 D7 21 CF F9 ..Ps..v...B..!..]
Jun 8, 2017 14:22:27.436286926 CEST	443	49205	184.107.89.236	192.168.1.81	CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE	Tue May 30 12:48:38 CEST 2000	Sat May 30 12:48:38 CEST 2020	[[ Version: V3 Subject: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Signature Algorithm: SHA384withRSA, OID = 1.2.840.113549.1.1.12 Key: Sun RSA public key, 4096 bits modulus: 595250832037245141724642107398533641144111340640849154810839512193646804439589382557795096048235159392412856809181253983148280442751106836828767077478502910675291715965426418324395462826337195608826159904332409833532414343087397304684051488024083060971973988667565926401713702437407307790551210783180012029671811979458976709742365579736599681150756374332129237698142054260771585540729412505699671993111094681722253786369180597052805125225748672266569013967025850135765598233721214965171040686884703517711864518647963618102322884373894861238464186441528415873877499307554355231373646804211013770034465627350166153734933786011622475019872581027516832913754790596939102532587063612068091625752995700206528059096165261547017202283116886060219954285939324476288744352486373249118864714420341870384243932900936553074796547571643358129426474424573956572670213304441994994142333208766235762328926816055054634905252931414737971249889745696283503174642385591131856834241724878687870772321902051261453524679758731747154638983677185705464969589189761598154153383380395065347776922242683529305823609958629983678843126221186204478003285765580771286537570893899006127941280337699169761047271395591258462580922460487748761665926731923248227868312659 public exponent: 65537 Validity: [From: Tue May 30 12:48:38 CEST 2000, To: Sat May 30 12:48:38 CEST 2020] Issuer: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE SerialNumber: [ 2766ee56 eb49f38e abd770a2 fc84de22]Certificate Extensions: 7[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=falseAuthorityInfoAccess [ [ accessMethod: ocsp accessLocation: URIName: http://ocsp.usertrust.com]][2]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: AD BD 98 7A 34 B4 26 F7 FA C4 26 54 EF 03 BD E0 ...z4.&...&T....0010: 24 CB 54 1A $.T.]][3]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:true PathLen:2147483647][4]: ObjectId: 2.5.29.31 Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.usertrust.com/AddTrustExternalCARoot.crl]]][5]: ObjectId: 2.5.29.32 Criticality=falseCertificatePolicies [ [CertificatePolicyId: [2.5.29.32.0][] ]][6]: ObjectId: 2.5.29.15 Criticality=trueKeyUsage [ DigitalSignature Key_CertSign Crl_Sign][7]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: BB AF 7E 02 3D FA A6 F1 3C 84 8E AD EE 38 98 EC ....=...<....8..0010: D9 32 32 D4 .22.]]] Algorithm: [SHA384withRSA] Signature:0000: 64 BF 83 F1 5F 9A 85 D0 CD B8 A1 29 57 0D E8 5A d..._......)W..Z0010: F7 D1 E9 3E F2 76 04 6E F1 52 70 BB 1E 3C FF 4D ...>.v.n.Rp..<.M0020: 0D 74 6A CC 81 82 25 D3 C3 A0 2A 5D 4C F5 BA 8B .tj...%...*]L...0030: A1 6D C4 54 09 75 C7 E3 27 0E 5D 84 79 37 40 13 .m.T.u..'.].y7@.0040: 77 F5 B4 AC 1C D0 3B AB 17 12 D6 EF 34 18 7E 2B w.....;.....4..+0050: E9 79 D3 AB 57 45 0C AF 28 FA D0 DB E5 50 95 88 .y..WE..(....P..0060: BB DF 85 57 69 7D 92 D8 52 CA 73 81 BF 1C F3 E6 ...Wi...R.s.....0070: B8 6E 66 11 05 B3 1E 94 2D 7F 91 95 92 59 F1 4C .nf.....-....Y.L0080: CE A3 91 71 4C 7C 47 0C 3B 0B 19 F6 A1 B1 6C 86 ...qL.G.;.....l.0090: 3E 5C AA C4 2E 82 CB F9 07 96 BA 48 4D 90 F2 94 >\.........HM...00A0: C8 A9 73 A2 EB 06 7B 23 9D DE A2 F3 4D 55 9F 7A ..s....#....MU.z00B0: 61 45 98 18 68 C7 5E 40 6B 23 F5 79 7A EF 8C B5 aE..h.^@k#.yz...00C0: 6B 8B B7 6F 46 F4 7B F1 3D 4B 04 D8 93 80 59 5A k..oF...=K....YZ00D0: E0 41 24 1D B2 8F 15 60 58 47 DB EF 6E 46 FD 15 .A$....`XG..nF..00E0: F5 D9 5F 9A B3 DB D8 B8 E4 40 B3 CD 97 39 AE 85 .._......@...9..00F0: BB 1D 8E BC DC 87 9B D1 A6 EF F1 3B 6F 10 38 6F ...........;o.8o]
Jun 8, 2017 14:22:27.592315912 CEST	443	49206	184.107.89.236	192.168.1.81	CN=capbilcap.ca	CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US	Sun Apr 02 02:00:00 CEST 2017	Sun Jul 02 01:59:59 CEST 2017	[[ Version: V3 Subject: CN=capbilcap.ca Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 2048 bits modulus: 21655693577737516271541575046448786864096647944144241971778385158281155057030493013063440200948735632172673098998829528665986604055543240648508203985789044296405990405451357946773903429362798932737860936715089421656849358147450621657542012128983655162082623037096080124718739735518795365883019528884960352548835988258996023493926433014655398455118024021905014995270904370639334293092307444221206675319955238481597382888355566529082020026023411375103909622003587375541270512451840553041673678781227707026012467929756630200394117251468846059853824222328093962415787373437408221849987768374681175698378471655354618939381 public exponent: 65537 Validity: [From: Sun Apr 02 02:00:00 CEST 2017, To: Sun Jul 02 01:59:59 CEST 2017] Issuer: CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US SerialNumber: [ 3603a5e6 e26577d4 6f3b7fcf cbe3b395]Certificate Extensions: 9[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=falseAuthorityInfoAccess [ [ accessMethod: caIssuers accessLocation: URIName: http://crt.comodoca.com/cPanelIncCertificationAuthority.crt, accessMethod: ocsp accessLocation: URIName: http://ocsp.comodoca.com]][2]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: 7E 03 5A 65 41 6B A7 7E 0A E1 B8 9D 08 EA 1D 8E ..ZeAk..........0010: 1D 6A C7 65 .j.e]][3]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:false PathLen: undefined][4]: ObjectId: 2.5.29.31 Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.comodoca.com/cPanelIncCertificationAuthority.crl]]][5]: ObjectId: 2.5.29.32 Criticality=falseCertificatePolicies [ [CertificatePolicyId: [1.3.6.1.4.1.6449.1.2.2.52][PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 1D 68 74 74 70 73 3A 2F 2F 73 65 63 75 72 65 ..https://secure0010: 2E 63 6F 6D 6F 64 6F 2E 63 6F 6D 2F 43 50 53 .comodo.com/CPS]] ] [CertificatePolicyId: [2.23.140.1.2.1][] ]][6]: ObjectId: 2.5.29.37 Criticality=falseExtendedKeyUsages [ serverAuth clientAuth][7]: ObjectId: 2.5.29.15 Criticality=trueKeyUsage [ DigitalSignature Key_Encipherment][8]: ObjectId: 2.5.29.17 Criticality=falseSubjectAlternativeName [ DNSName: capbilcap.ca DNSName: cpanel.capbilcap.ca DNSName: mail.capbilcap.ca DNSName: webdisk.capbilcap.ca DNSName: webmail.capbilcap.ca DNSName: www.capbilcap.ca][9]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: 9A DD C5 23 1B 48 C8 58 9D 1B 05 86 8E F0 CD 7E ...#.H.X........0010: A8 10 EE 8E ....]]] Algorithm: [SHA256withRSA] Signature:0000: 72 A0 93 0B DC 80 FF B9 F9 CB D8 63 F6 E8 6E B7 r..........c..n.0010: AE 30 31 13 28 CE 5B 00 EC CF 0D B6 8A 88 30 A7 .01.(.[.......0.0020: 51 67 F8 D0 B3 45 F3 95 A3 EF AD 5F 7F 1D 58 71 Qg...E....._..Xq0030: B7 39 1B 67 95 D6 E5 8E 06 5C 0D E2 DD 44 37 AD .9.g.....\...D7.0040: 34 C1 6C 34 27 60 4E E3 9C 59 A8 24 A6 07 AE 1B 4.l4'`N..Y.$....0050: B1 67 BC 9B 51 F4 11 68 5A 28 8C 2C 74 64 5B EB .g..Q..hZ(.,td[.0060: D2 49 E5 CF D8 A3 E1 61 1C 6B 10 90 E5 2B DB 57 .I.....a.k...+.W0070: D7 DD 4D EC 4C 6B C5 FD 93 2B 0B EA 4B 6A 67 D7 ..M.Lk...+..Kjg.0080: BB 4B 65 7A 5D 6A F0 09 5E 7F 32 C7 AF 67 CA E4 .Kez]j..^.2..g..0090: A9 B1 5A FB D5 E5 7A 24 F1 26 44 AA 8C 51 06 54 ..Z...z$.&D..Q.T00A0: D3 30 0C 05 C0 F3 E7 91 EC BA C8 1C 90 9D C6 56 .0.............V00B0: 88 C0 90 5A 20 DD 51 E3 B6 E3 98 91 4B 81 37 7F ...Z .Q.....K.7.00C0: C0 D6 90 1A 7F A1 42 15 B4 9B B0 9F 93 15 14 6A ......B........j00D0: 42 52 8C AC 43 C4 76 25 52 68 AC D2 A5 CD D5 14 BR..C.v%Rh......00E0: FB 2B 9B 19 E4 A5 51 40 7D 44 C8 8F 27 C0 76 88 .+....Q@.D..'.v.00F0: 42 3A 8B 2D B0 E9 8F 18 15 B6 08 FF 95 9A BD F8 B:.-............]
Jun 8, 2017 14:22:27.592315912 CEST	443	49206	184.107.89.236	192.168.1.81	CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US	CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	Mon May 18 02:00:00 CEST 2015	Sun May 18 01:59:59 CEST 2025	[[ Version: V3 Subject: CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US Signature Algorithm: SHA384withRSA, OID = 1.2.840.113549.1.1.12 Key: Sun RSA public key, 2048 bits modulus: 17593480096692713018475895792724075672946153458286563199571628462555198211400353729234678888933040074245743031344110676950225602424239744275580203032388253183641969115414246814221235053912886357650730438318219217508801010315710974463129067389616293028896205864799170095066829527213637069580537424209085616377394665471565050487092639050216078240279738840070252322854082656970094321515205244683618000265664081313419509307371923479181139989769749253107567251365335361691390702907845356758548602034458245938667693881170016372773160251025347753244451417413595842348278925917111831860996925937874910597825547509003460806507 public exponent: 65537 Validity: [From: Mon May 18 02:00:00 CEST 2015, To: Sun May 18 01:59:59 CEST 2025] Issuer: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB SerialNumber: [ f01d4bee 7b7ca37b 3c0566ac 05972458]Certificate Extensions: 8[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=falseAuthorityInfoAccess [ [ accessMethod: caIssuers accessLocation: URIName: http://crt.comodoca.com/COMODORSAAddTrustCA.crt, accessMethod: ocsp accessLocation: URIName: http://ocsp.comodoca.com]][2]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: BB AF 7E 02 3D FA A6 F1 3C 84 8E AD EE 38 98 EC ....=...<....8..0010: D9 32 32 D4 .22.]][3]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:true PathLen:0][4]: ObjectId: 2.5.29.31 Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.comodoca.com/COMODORSACertificationAuthority.crl]]][5]: ObjectId: 2.5.29.32 Criticality=falseCertificatePolicies [ [CertificatePolicyId: [1.3.6.1.4.1.6449.1.2.2.52][] ] [CertificatePolicyId: [2.23.140.1.2.1][] ]][6]: ObjectId: 2.5.29.37 Criticality=falseExtendedKeyUsages [ serverAuth clientAuth][7]: ObjectId: 2.5.29.15 Criticality=trueKeyUsage [ DigitalSignature Key_CertSign Crl_Sign][8]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: 7E 03 5A 65 41 6B A7 7E 0A E1 B8 9D 08 EA 1D 8E ..ZeAk..........0010: 1D 6A C7 65 .j.e]]] Algorithm: [SHA384withRSA] Signature:0000: 10 9F A0 60 08 81 74 A1 A0 84 78 60 4C 39 39 DA ...`..t...x`L99.0010: 64 77 EF 19 0A 72 39 23 94 3B 91 7D 7F 34 8B 97 dw...r9#.;...4..0020: 58 4E 59 0A 2D 68 C3 10 42 B0 A0 7A 81 8C 7B AB XNY.-h..B..z....0030: 31 32 20 39 E4 22 73 E0 DE C9 17 5D 83 C5 75 2D 12 9."s....]..u-0040: E1 11 47 59 01 9E 5D C0 F4 DD 12 6A D0 6D 30 20 ..GY..]....j.m0 0050: E8 B3 CA 4F DF 9A E0 A7 17 9F 1A 2F 87 7E EB 50 ...O......./...P0060: E1 53 F3 F8 47 D9 8C 60 F2 C9 65 65 9C F0 DA 01 .S..G..`..ee....0070: E6 B2 F2 D8 07 98 87 DF 37 89 98 55 12 42 C9 E4 ........7..U.B..0080: 2D DE 2D BE AA 64 94 4E D9 2E E6 C2 D5 F2 C0 E6 -.-..d.N........0090: E9 EA 19 3E 37 0B 89 5F C9 3A F8 4F 47 40 3E AF ...>7.._.:.OG@>.00A0: 1A 7F A2 F6 85 01 88 17 36 B5 23 EA B9 FE BA 6B ........6.#....k00B0: 48 0B 02 20 39 AE C3 61 EB 95 A5 A1 73 C7 1C 5F H.. 9..a....s.._00C0: 54 33 73 57 4B 36 8B 9B 5B 28 E3 3E B1 0B 78 5C T3sWK6..[(.>..x\00D0: 6B 14 A7 10 CC E5 DA 3F BA E9 D6 B2 2D 1D 70 54 k......?....-.pT00E0: BA 5E AB 7D 4F 29 89 10 E0 3A 90 04 C5 EE B9 8E .^..O)...:......00F0: 43 A2 E3 63 58 7F 49 8B 71 3E 57 62 23 40 D1 5D C..cX.I.q>Wb#@.]0100: 96 64 22 61 56 9F 96 67 47 87 BC E5 00 20 A4 68 .d"aV..gG.... .h0110: E2 C1 A0 81 7B 68 73 08 C4 6D 4E 70 79 E8 DD 55 .....hs..mNpy..U0120: D7 09 5C B9 9D 0A 95 A6 0C D9 DB E2 8A 55 EB B9 ..\..........U..0130: E1 E7 9A 95 14 4C 58 06 41 C1 10 AA AA B1 3A E2 .....LX.A.....:.0140: A5 4A 4A E0 D9 C9 1F C2 A0 97 BB 06 EF 19 00 DB .JJ.............0150: 02 BE 96 F1 FB 54 8F 93 9A FA 30 22 36 A9 77 26 .....T....0"6.w&0160: 1F 94 28 93 E9 13 3D 45 D1 3A 35 48 1E 98 0D 82 ..(...=E.:5H....0170: 70 C0 0B 5A 28 87 A1 78 51 3F B5 A7 5C A6 91 22 p..Z(..xQ?..\.."0180: 00 42 4C B9 80 15 80 2A B1 2D 89 4F F7 BA 1E 18 .BL....*.-.O....0190: C4 8C 59 1E 73 49 A3 A8 7B BC 1F F7 56 4D 50 9F ..Y.sI......VMP.01A0: 67 16 A7 C7 17 48 E7 6D 54 57 76 6E 97 58 5B 78 g....H.mTWvn.X[x01B0: 64 A4 ED 62 B4 00 3B 06 7E 79 B8 58 5F 6E 84 D6 d..b..;..y.X_n..01C0: 43 BC 4F DB 39 AA 28 F0 C1 89 09 C5 FB E3 18 44 C.O.9.(........D01D0: B7 E5 B2 8B 5D 95 F9 23 5A 0B 72 F7 69 3A D6 57 ....]..#Z.r.i:.W01E0: 8B E1 E9 F4 60 BE C4 51 2B 11 AC FE 48 B3 72 73 ....`..Q+...H.rs01F0: CA 13 50 73 0D 04 76 CA 01 E1 42 C2 D7 21 CF F9 ..Ps..v...B..!..]
Jun 8, 2017 14:22:27.592315912 CEST	443	49206	184.107.89.236	192.168.1.81	CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE	Tue May 30 12:48:38 CEST 2000	Sat May 30 12:48:38 CEST 2020	[[ Version: V3 Subject: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Signature Algorithm: SHA384withRSA, OID = 1.2.840.113549.1.1.12 Key: Sun RSA public key, 4096 bits modulus: 595250832037245141724642107398533641144111340640849154810839512193646804439589382557795096048235159392412856809181253983148280442751106836828767077478502910675291715965426418324395462826337195608826159904332409833532414343087397304684051488024083060971973988667565926401713702437407307790551210783180012029671811979458976709742365579736599681150756374332129237698142054260771585540729412505699671993111094681722253786369180597052805125225748672266569013967025850135765598233721214965171040686884703517711864518647963618102322884373894861238464186441528415873877499307554355231373646804211013770034465627350166153734933786011622475019872581027516832913754790596939102532587063612068091625752995700206528059096165261547017202283116886060219954285939324476288744352486373249118864714420341870384243932900936553074796547571643358129426474424573956572670213304441994994142333208766235762328926816055054634905252931414737971249889745696283503174642385591131856834241724878687870772321902051261453524679758731747154638983677185705464969589189761598154153383380395065347776922242683529305823609958629983678843126221186204478003285765580771286537570893899006127941280337699169761047271395591258462580922460487748761665926731923248227868312659 public exponent: 65537 Validity: [From: Tue May 30 12:48:38 CEST 2000, To: Sat May 30 12:48:38 CEST 2020] Issuer: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE SerialNumber: [ 2766ee56 eb49f38e abd770a2 fc84de22]Certificate Extensions: 7[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=falseAuthorityInfoAccess [ [ accessMethod: ocsp accessLocation: URIName: http://ocsp.usertrust.com]][2]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: AD BD 98 7A 34 B4 26 F7 FA C4 26 54 EF 03 BD E0 ...z4.&...&T....0010: 24 CB 54 1A $.T.]][3]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:true PathLen:2147483647][4]: ObjectId: 2.5.29.31 Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.usertrust.com/AddTrustExternalCARoot.crl]]][5]: ObjectId: 2.5.29.32 Criticality=falseCertificatePolicies [ [CertificatePolicyId: [2.5.29.32.0][] ]][6]: ObjectId: 2.5.29.15 Criticality=trueKeyUsage [ DigitalSignature Key_CertSign Crl_Sign][7]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: BB AF 7E 02 3D FA A6 F1 3C 84 8E AD EE 38 98 EC ....=...<....8..0010: D9 32 32 D4 .22.]]] Algorithm: [SHA384withRSA] Signature:0000: 64 BF 83 F1 5F 9A 85 D0 CD B8 A1 29 57 0D E8 5A d..._......)W..Z0010: F7 D1 E9 3E F2 76 04 6E F1 52 70 BB 1E 3C FF 4D ...>.v.n.Rp..<.M0020: 0D 74 6A CC 81 82 25 D3 C3 A0 2A 5D 4C F5 BA 8B .tj...%...*]L...0030: A1 6D C4 54 09 75 C7 E3 27 0E 5D 84 79 37 40 13 .m.T.u..'.].y7@.0040: 77 F5 B4 AC 1C D0 3B AB 17 12 D6 EF 34 18 7E 2B w.....;.....4..+0050: E9 79 D3 AB 57 45 0C AF 28 FA D0 DB E5 50 95 88 .y..WE..(....P..0060: BB DF 85 57 69 7D 92 D8 52 CA 73 81 BF 1C F3 E6 ...Wi...R.s.....0070: B8 6E 66 11 05 B3 1E 94 2D 7F 91 95 92 59 F1 4C .nf.....-....Y.L0080: CE A3 91 71 4C 7C 47 0C 3B 0B 19 F6 A1 B1 6C 86 ...qL.G.;.....l.0090: 3E 5C AA C4 2E 82 CB F9 07 96 BA 48 4D 90 F2 94 >\.........HM...00A0: C8 A9 73 A2 EB 06 7B 23 9D DE A2 F3 4D 55 9F 7A ..s....#....MU.z00B0: 61 45 98 18 68 C7 5E 40 6B 23 F5 79 7A EF 8C B5 aE..h.^@k#.yz...00C0: 6B 8B B7 6F 46 F4 7B F1 3D 4B 04 D8 93 80 59 5A k..oF...=K....YZ00D0: E0 41 24 1D B2 8F 15 60 58 47 DB EF 6E 46 FD 15 .A$....`XG..nF..00E0: F5 D9 5F 9A B3 DB D8 B8 E4 40 B3 CD 97 39 AE 85 .._......@...9..00F0: BB 1D 8E BC DC 87 9B D1 A6 EF F1 3B 6F 10 38 6F ...........;o.8o]
Jun 8, 2017 14:22:44.457243919 CEST	443	49217	72.21.81.200	192.168.1.81	CN=*.vo.msecnd.net	CN=Microsoft IT SSL SHA2, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US	Tue May 09 20:05:49 CEST 2017	Fri Feb 09 19:05:49 CET 2018	[[ Version: V3 Subject: CN=.vo.msecnd.net Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 2048 bits modulus: 24077274476734318411276736546990489592537887718132911054112092161102347616283624539727907400815643311418631916620051428466005153506370205669212047314396238807452223591680438224136368255058062796503289898220126136637434470293914742186899417675732322457396057316698573865647906819655552394390948999814380479683170766870132274884882157792671460780116034633269590372594172601665545685076409924091840089705920402574649946670494009671912409359848424986715747507696464840231895877760645217485086881402789102697881798623553689113645798478089806864225707423923967056999891642459535304288818044484516124423013500322338996624309 public exponent: 65537 Validity: [From: Tue May 09 20:05:49 CEST 2017, To: Fri Feb 09 19:05:49 CET 2018] Issuer: CN=Microsoft IT SSL SHA2, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US SerialNumber: [ 5a000836 1e5d57dd 3554334c eb000000 08361e]Certificate Extensions: 10[1]: ObjectId: 1.3.6.1.4.1.311.21.10 Criticality=falseExtension unknown: DER encoded OCTET string =0000: 04 1A 30 18 30 0A 06 08 2B 06 01 05 05 07 03 01 ..0.0...+.......0010: 30 0A 06 08 2B 06 01 05 05 07 03 02 0...+.......[2]: ObjectId: 1.3.6.1.4.1.311.21.7 Criticality=falseExtension unknown: DER encoded OCTET string =0000: 04 30 30 2E 06 26 2B 06 01 04 01 82 37 15 08 83 .00..&+.....7...0010: CF 89 4D AD F2 02 85 A1 9F 0C 82 FA CA 7D 81 E1 ..M.............0020: FB 74 81 4F 87 B4 CF 7C 81 CD BA 32 02 01 64 02 .t.O.......2..d.0030: 01 1C ..[3]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=falseAuthorityInfoAccess [ [ accessMethod: caIssuers accessLocation: URIName: http://www.microsoft.com/pki/mscorp/msitwww2.crt, accessMethod: ocsp accessLocation: URIName: http://ocsp.msocsp.com]][4]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: 51 AF 24 26 9C F4 68 22 57 80 26 2B 3B 46 62 15 Q.$&..h"W.&+;Fb.0010: 7B 1E CC A5 ....]][5]: ObjectId: 2.5.29.31 Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://mscrl.microsoft.com/pki/mscorp/crl/msitwww2.crl, URIName: http://crl.microsoft.com/pki/mscorp/crl/msitwww2.crl]]][6]: ObjectId: 2.5.29.32 Criticality=falseCertificatePolicies [ [CertificatePolicyId: [1.3.6.1.4.1.311.42.1][PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 28 68 74 74 70 3A 2F 2F 77 77 77 2E 6D 69 63 .(http://www.mic0010: 72 6F 73 6F 66 74 2E 63 6F 6D 2F 70 6B 69 2F 6D rosoft.com/pki/m0020: 73 63 6F 72 70 2F 63 70 73 00 scorp/cps.]] ]][7]: ObjectId: 2.5.29.37 Criticality=falseExtendedKeyUsages [ serverAuth clientAuth][8]: ObjectId: 2.5.29.15 Criticality=falseKeyUsage [ DigitalSignature Key_Encipherment Data_Encipherment][9]: ObjectId: 2.5.29.17 Criticality=falseSubjectAlternativeName [ DNSName: .vo.msecnd.net DNSName: .adn.azureedge.net DNSName: .ads2.msads.net DNSName: .aspnetcdn.com DNSName: .azurecomcdn.net DNSName: .azureedge.net DNSName: .azureedge-test.net DNSName: .cdn.skype.com DNSName: .cdn.skype.net DNSName: .cmsresources.windowsphone.com DNSName: .cmsresources.windowsphone-int.com DNSName: .dev.skype.com DNSName: .fms.azureedge.net DNSName: .microsoft-sbs-domains.com DNSName: .secure.skypeassets.com DNSName: .secure.skypeassets.net DNSName: .wac.azureedge.net DNSName: .wpc.azureedge.net DNSName: .ec.azureedge.net DNSName: .wpc.ec.azureedge.net DNSName: .wac.ec.azureedge.net DNSName: .adn.ec.azureedge.net DNSName: .fms.ec.azureedge.net DNSName: ajax.microsoft.com DNSName: cdnads.msads.net DNSName: cdn-resources.windowsphone.com DNSName: cdn-resources-beta.windowsphone.com DNSName: ecnads1.msn.com DNSName: iecvlist.microsoft.com DNSName: images-cms-pn.windowsphone-int.com DNSName: images-cms-tst.windowsphone-int.com DNSName: lumiahelptipscdn.microsoft.com DNSName: lumiahelptipscdnqa.microsoft.com DNSName: lumiahelptipsmscdn.microsoft.com DNSName: lumiahelptipsmscdnqa.microsoft.com DNSName: montage.msn.com DNSName: mscrl.microsoft.com DNSName: r20swj13mr.microsoft.com DNSName: .streaming.mediaservices.windows.net DNSName: .origin.mediaservices.windows.net DNSName: download.sysinternals.com DNSName: amp.azure.net DNSName: api.nuget.org DNSName: rt.ms-studiosmedia.com DNSName: gtm.ms-studiosmedia.com DNSName: dist.nuget.org DNSName: .aisvc.visualstudio.com DNSName: .cdn.powerbi.com DNSName: dist.asp.net DNSName: embed.powerbi.com DNSName: msitembed.powerbi.com DNSName: dxtembed.powerbi.com DNSName: .cdn.powerappscdn.net DNSName: downloads.subscriptionsint.tfsallin.net DNSName: download.my.visualstudio.com DNSName: cdn.vsassets.io DNSName: cdnppe.vsassets.io DNSName: stream.microsoft.com DNSName: datafactory.azure.com DNSName: .cortanaanalytics.com DNSName: do.skype.com DNSName: software-download.office.microsoft.com DNSName: software-download.microsoft.com DNSName: prss.centralvalidation.com DNSName: .gallerycdn.vsassets.io DNSName: .gallerycdnppe.vsassets.io DNSName: global.asazure.windows.net DNSName: download.learningdownloadcenter.microsoft.com DNSName: www.videobreakdown.com DNSName: www.breakdown.me DNSName: .gallerycdntest.vsassets.io DNSName: download2.microsoft.com DNSName: cp.dsp.microsoft.com DNSName: agavecdn.o365weve-dev.com DNSName: agavecdn.o365weve-ppe.com DNSName: agavecdn.o365weve.com DNSName: download.visualstudio.com DNSName: .Applicationinsights.net DNSName: .Applicationinsights.io DNSName: .Applicationinsights.microsoft.com DNSName: .sfbassets.com DNSName: .sfbassets.net DNSName: download.mono-project.com DNSName: .streaming.media-test.windows-int.net DNSName: .origin.mediaservices.windows-int.net DNSName: .mp.microsoft.com DNSName: download.visualstudio.microsoft.com DNSName: software-download.coem.microsoft.com DNSName: cdn.wallet.microsoft-ppe.com DNSName: cdn.wallet.microsoft.com DNSName: vi.microsoft.com DNSName: www.videoindexer.ai][10]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: AF CA 5C F7 CE 42 84 AC FD C4 D9 17 B0 58 DC 1C ..\..B.......X..0010: CD CF 3E 2B ..>+]]] Algorithm: [SHA256withRSA] Signature:0000: 38 EE 6F 16 20 44 98 02 C1 75 28 59 21 C1 F8 1E 8.o. D...u(Y!...0010: 9B 68 A8 57 96 89 49 48 B2 EF B0 6D BC 65 F7 5B .h.W..IH...m.e.[0020: B5 C8 7A B2 1A 5D C6 D9 F1 22 9D 36 76 EC 63 4D ..z..]...".6v.cM0030: D2 3B 84 1F 1F 83 F6 B6 C1 C8 F8 91 6D 39 9A C8 .;..........m9..0040: 4C ED 2D E7 E0 87 01 47 24 A5 74 66 37 E7 C6 92 L.-....G$.tf7...0050: 61 0E 11 07 2D A9 0C CB 63 E8 95 23 98 D4 AC DD a...-...c..#....0060: 29 B1 35 44 D2 1E 0D C3 40 EE 39 08 8E 88 B8 1B ).5D....@.9.....0070: 1F 8A F0 66 38 97 C2 30 2A CE 6B 95 73 6D F1 4D ...f8..0.k.sm.M0080: A4 B2 CB B9 47 36 06 1F 8A AB 59 1F 97 0C E3 0B ....G6....Y.....0090: 9B F4 01 66 7A 09 5A 78 88 B1 FD 8B A1 FE A4 1A ...fz.Zx........00A0: E7 53 29 FC 63 C5 D3 BB 4B BB 92 23 DA 01 75 78 .S).c...K..#..ux00B0: 79 3B F8 D6 CB A9 1E 32 DF A1 B4 5A A6 5C 7D A1 y;.....2...Z.\..00C0: B1 53 53 68 40 67 B8 2E EB DE FA B9 0D 23 1B 0C .SSh@g.......#..00D0: 19 DC AD C9 27 B4 29 BA 95 7B 4B BB DF 58 F7 56 ....'.)...K..X.V00E0: B5 1E 75 36 14 46 D8 FF B4 A6 F0 28 DA 3A CA 12 ..u6.F.....(.:..00F0: 94 5E 45 F6 4B 46 1D 6F FF CB F8 B4 44 C0 3D 86 .^E.KF.o....D.=.0100: 0D C0 37 7E FA 57 41 B8 92 1B F7 FA 0D D2 6B DD ..7..WA.......k.0110: C5 80 F1 54 99 8B 14 75 D0 0D D0 4C F7 32 67 13 ...T...u...L.2g.0120: 2D 6B A5 E5 69 3C 16 05 AD 05 8F AE 55 E2 EC 7C -k..i<......U...0130: 4D DE DE 99 82 7D C8 72 50 65 8B 34 ED 3B B8 A1 M......rPe.4.;..0140: A9 C6 01 22 EC 82 7D 05 21 7E DC 74 46 EC 74 9E ..."....!..tF.t.0150: 1D D4 8B 00 3F E4 10 18 D0 EA D8 E8 65 95 FE E9 ....?.......e...0160: 22 41 0A C6 80 3D 75 CF 2D 98 C6 6C 54 EF BE 60 "A...=u.-..lT..`0170: 31 2D 1C 9F A5 0B DE 2A 6D 23 03 15 D0 53 90 E9 1-.....m#...S..0180: 43 C3 AB AB 0F 03 36 9C 3F 62 1B 8A 94 AE CF A4 C.....6.?b......0190: 34 43 AB 56 8E C3 AA 12 D3 7F 45 85 5C D2 DD 23 4C.V......E.\..#01A0: 65 23 FC E3 F6 51 40 F6 D3 0D 4E C5 3F 4C D6 20 e#...Q@...N.?L. 01B0: 0F E1 7C 18 69 31 DB 27 0F D1 E4 A8 8A 48 5F 12 ....i1.'.....H_.01C0: DC 66 BA 8D D7 5A B8 77 32 78 4A 93 0E C3 A6 0E .f...Z.w2xJ.....01D0: 3B 5F F7 0A C5 55 96 AB C4 A5 70 49 9D F3 8B 51 ;_...U....pI...Q01E0: 59 0C 2E 95 0C B7 FE 34 E7 2A D2 2D 5B 98 F8 A0 Y......4..-[...01F0: 8F 4A 38 52 47 75 74 67 23 7F 45 A5 F5 11 F6 CC .J8RGutg#.E.....]
Jun 8, 2017 14:22:44.457243919 CEST	443	49217	72.21.81.200	192.168.1.81	CN=Microsoft IT SSL SHA2, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed May 07 19:04:09 CEST 2014	Mon May 07 19:03:30 CEST 2018	[[ Version: V3 Subject: CN=Microsoft IT SSL SHA2, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 4096 bits modulus: 856346252147681095531487657896208775529392570871270739541547656304946186337150025406692403816841622511911362583630424396793275647141867270866840690817025219347773735765802949433253521575884380009133362973276339871342927778470495975448937806685783429794469131879519348587026317046468956224702428125122647846517114639580465833230798904514497256617415305854488459765292877638489732936291819814011375894387200589578322693347915830480163679659038622705073213697766041497450598739345457839557197242509088964439815610006179823855772962212352661583402987609934239423540839283578918329472154182460688721063338324385558431958134145467846948920756751744859811561978667430438139577369855280292356554256643346678832671994189948875677882282660398559500378142160213322773020338909177908588090796092907176697730272260822320523133406159167663529381896382723524150626204675362984170546028545445590020372056502614209846403986541505644602279203940727512733887581549284738720405498522357365555958542658888010209540372662781747546788764044933068920388441693145503606586017974091513711459186006091170503138182616128360282021248417537850857888968945059405922540236449369081660323465765998905631038654387934655547230298400512461379266062187132090830373431547 public exponent: 65537 Validity: [From: Wed May 07 19:04:09 CEST 2014, To: Mon May 07 19:03:30 CEST 2018] Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE SerialNumber: [ 0727aa47]Certificate Extensions: 8[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=falseAuthorityInfoAccess [ [ accessMethod: ocsp accessLocation: URIName: http://ocsp.omniroot.com/baltimoreroot]][2]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: E5 9D 59 30 82 47 58 CC AC FA 08 54 36 86 7B 3A ..Y0.GX....T6..:0010: B5 04 4D F0 ..M.]][3]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:true PathLen:0][4]: ObjectId: 2.5.29.31 Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://cdp1.public-trust.com/CRL/Omniroot2025.crl]]][5]: ObjectId: 2.5.29.32 Criticality=falseCertificatePolicies [ [CertificatePolicyId: [1.3.6.1.4.1.6334.1.0][PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 2D 68 74 74 70 3A 2F 2F 63 79 62 65 72 74 72 .-http://cybertr0010: 75 73 74 2E 6F 6D 6E 69 72 6F 6F 74 2E 63 6F 6D ust.omniroot.com0020: 2F 72 65 70 6F 73 69 74 6F 72 79 2E 63 66 6D /repository.cfm]] ] [CertificatePolicyId: [1.3.6.1.4.1.311.42.1][] ]][6]: ObjectId: 2.5.29.37 Criticality=falseExtendedKeyUsages [ serverAuth clientAuth OCSPSigning][7]: ObjectId: 2.5.29.15 Criticality=trueKeyUsage [ DigitalSignature Key_CertSign Crl_Sign][8]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: 51 AF 24 26 9C F4 68 22 57 80 26 2B 3B 46 62 15 Q.$&..h"W.&+;Fb.0010: 7B 1E CC A5 ....]]] Algorithm: [SHA256withRSA] Signature:0000: 69 62 F6 84 91 00 C4 6F 82 7B 24 E1 42 A2 A5 8B ib.....o..$.B...0010: 82 5C A7 C5 44 CB E7 52 76 63 D3 76 9E 78 E2 69 .\..D..Rvc.v.x.i0020: 35 B1 38 BA B0 96 C6 1F AC 7B C6 B2 65 77 8B 7D 5.8.........ew..0030: 8D AE 64 B9 A5 8C 17 CA 58 65 C3 AD 82 F5 C5 A2 ..d.....Xe......0040: F5 01 13 93 C6 7E 44 E5 C4 61 FA 03 B6 56 C1 72 ......D..a...V.r0050: E1 C8 28 C5 69 21 8F AC 6E FD 7F 43 83 36 B8 C0 ..(.i!..n..C.6..0060: D6 A0 28 FE 1A 45 BE FD 93 8C 8D A4 64 79 1F 14 ..(..E......dy..0070: DB A1 9F 21 DC C0 4E 7B 17 22 17 B1 B6 3C D3 9B ...!..N.."...<..0080: E2 0A A3 7E 99 B0 C1 AC D8 F4 86 DF 3C DA 7D 14 ............<...0090: 9C 40 C1 7C D2 18 6F F1 4F 26 45 09 95 94 5C DA .@....o.O&E...\.00A0: D0 98 F8 F4 4C 82 96 10 DE AC 30 CB 2B AE F9 92 ....L.....0.+...00B0: EA BF 79 03 FC 1E 3F AC 09 A4 3F 65 FD 91 4F 96 ..y...?...?e..O.00C0: 24 A7 CE B4 4E 6A 96 29 17 AE C0 A8 DF 17 22 F4 $...Nj.)......".00D0: 17 E3 DC 1C 39 06 56 10 EA EA B5 74 17 3C 4E DD ....9.V....t.<N.00E0: 7E 91 0A A8 0B 78 07 A7 31 44 08 31 AB 18 84 0F .....x..1D.1....00F0: 12 9C E7 DE 84 2C E9 6D 93 45 BF A8 C1 3F 34 DC .....,.m.E...?4.]
Jun 8, 2017 14:22:44.457243919 CEST	443	49217	72.21.81.200	192.168.1.81	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Fri May 12 20:46:00 CEST 2000	Tue May 13 01:59:00 CEST 2025	[[ Version: V3 Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5 Key: Sun RSA public key, 2048 bits modulus: 20579176651421167987106471718888186309534186253587759121109122482694167416584428920295678216035822449451639581023765122994089008826314029843654807108803739729565431642116323937940944378450034252354609020536286175863324156219063038927409933070688727356676027216359532593504366119272034244698731524943132462329205729047681997715455240148827523651706429854757422624117805863121520494307655271426986078917217383478420381375139154341613794371303682232583316393601620034638044186782252195438345309455714637508276892061355357785328168602107026282695945834955006612147350315937204256563720794300123948598669913435346712336953 public exponent: 65537 Validity: [From: Fri May 12 20:46:00 CEST 2000, To: Tue May 13 01:59:00 CEST 2025] Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE SerialNumber: [ 020000b9]Certificate Extensions: 3[1]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:true PathLen:3][2]: ObjectId: 2.5.29.15 Criticality=trueKeyUsage [ Key_CertSign Crl_Sign][3]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: E5 9D 59 30 82 47 58 CC AC FA 08 54 36 86 7B 3A ..Y0.GX....T6..:0010: B5 04 4D F0 ..M.]]] Algorithm: [SHA1withRSA] Signature:0000: 85 0C 5D 8E E4 6F 51 68 42 05 A0 DD BB 4F 27 25 ..]..oQhB....O'%0010: 84 03 BD F7 64 FD 2D D7 30 E3 A4 10 17 EB DA 29 ....d.-.0......)0020: 29 B6 79 3F 76 F6 19 13 23 B8 10 0A F9 58 A4 D4 ).y?v...#....X..0030: 61 70 BD 04 61 6A 12 8A 17 D5 0A BD C5 BC 30 7C ap..aj........0.0040: D6 E9 0C 25 8D 86 40 4F EC CC A3 7E 38 C6 37 11 ...%..@O....8.7.0050: 4F ED DD 68 31 8E 4C D2 B3 01 74 EE BE 75 5E 07 O..h1.L...t..u^.0060: 48 1A 7F 70 FF 16 5C 84 C0 79 85 B8 05 FD 7F BE H..p..\..y......0070: 65 11 A3 0F C0 02 B4 F8 52 37 39 04 D5 A9 31 7A e.......R79...1z0080: 18 BF A0 2A F4 12 99 F7 A3 45 82 E3 3C 5E F5 9D ...*.....E..<^..0090: 9E B5 C8 9E 7C 2E C8 A4 9E 4E 08 14 4B 6D FD 70 .........N..Km.p00A0: 6D 6B 1A 63 BD 64 E6 1F B7 CE F0 F2 9F 2E BB 1B mk.c.d..........00B0: B7 F2 50 88 73 92 C2 E2 E3 16 8D 9A 32 02 AB 8E ..P.s.......2...00C0: 18 DD E9 10 11 EE 7E 35 AB 90 AF 3E 30 94 7A D0 .......5...>0.z.00D0: 33 3D A7 65 0F F5 FC 8E 9E 62 CF 47 44 2C 01 5D 3=.e.....b.GD,.]00E0: BB 1D B5 32 D2 47 D2 38 2E D0 FE 81 DC 32 6A 1E ...2.G.8.....2j.00F0: B5 EE 3C D5 FC E7 81 1D 19 C3 24 42 EA 63 39 A9 ..<.......$B.c9.]
Jun 8, 2017 14:22:44.623066902 CEST	443	49218	72.21.81.200	192.168.1.81	CN=*.vo.msecnd.net	CN=Microsoft IT SSL SHA2, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US	Tue May 09 20:05:49 CEST 2017	Fri Feb 09 19:05:49 CET 2018	[[ Version: V3 Subject: CN=.vo.msecnd.net Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 2048 bits modulus: 24077274476734318411276736546990489592537887718132911054112092161102347616283624539727907400815643311418631916620051428466005153506370205669212047314396238807452223591680438224136368255058062796503289898220126136637434470293914742186899417675732322457396057316698573865647906819655552394390948999814380479683170766870132274884882157792671460780116034633269590372594172601665545685076409924091840089705920402574649946670494009671912409359848424986715747507696464840231895877760645217485086881402789102697881798623553689113645798478089806864225707423923967056999891642459535304288818044484516124423013500322338996624309 public exponent: 65537 Validity: [From: Tue May 09 20:05:49 CEST 2017, To: Fri Feb 09 19:05:49 CET 2018] Issuer: CN=Microsoft IT SSL SHA2, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US SerialNumber: [ 5a000836 1e5d57dd 3554334c eb000000 08361e]Certificate Extensions: 10[1]: ObjectId: 1.3.6.1.4.1.311.21.10 Criticality=falseExtension unknown: DER encoded OCTET string =0000: 04 1A 30 18 30 0A 06 08 2B 06 01 05 05 07 03 01 ..0.0...+.......0010: 30 0A 06 08 2B 06 01 05 05 07 03 02 0...+.......[2]: ObjectId: 1.3.6.1.4.1.311.21.7 Criticality=falseExtension unknown: DER encoded OCTET string =0000: 04 30 30 2E 06 26 2B 06 01 04 01 82 37 15 08 83 .00..&+.....7...0010: CF 89 4D AD F2 02 85 A1 9F 0C 82 FA CA 7D 81 E1 ..M.............0020: FB 74 81 4F 87 B4 CF 7C 81 CD BA 32 02 01 64 02 .t.O.......2..d.0030: 01 1C ..[3]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=falseAuthorityInfoAccess [ [ accessMethod: caIssuers accessLocation: URIName: http://www.microsoft.com/pki/mscorp/msitwww2.crt, accessMethod: ocsp accessLocation: URIName: http://ocsp.msocsp.com]][4]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: 51 AF 24 26 9C F4 68 22 57 80 26 2B 3B 46 62 15 Q.$&..h"W.&+;Fb.0010: 7B 1E CC A5 ....]][5]: ObjectId: 2.5.29.31 Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://mscrl.microsoft.com/pki/mscorp/crl/msitwww2.crl, URIName: http://crl.microsoft.com/pki/mscorp/crl/msitwww2.crl]]][6]: ObjectId: 2.5.29.32 Criticality=falseCertificatePolicies [ [CertificatePolicyId: [1.3.6.1.4.1.311.42.1][PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 28 68 74 74 70 3A 2F 2F 77 77 77 2E 6D 69 63 .(http://www.mic0010: 72 6F 73 6F 66 74 2E 63 6F 6D 2F 70 6B 69 2F 6D rosoft.com/pki/m0020: 73 63 6F 72 70 2F 63 70 73 00 scorp/cps.]] ]][7]: ObjectId: 2.5.29.37 Criticality=falseExtendedKeyUsages [ serverAuth clientAuth][8]: ObjectId: 2.5.29.15 Criticality=falseKeyUsage [ DigitalSignature Key_Encipherment Data_Encipherment][9]: ObjectId: 2.5.29.17 Criticality=falseSubjectAlternativeName [ DNSName: .vo.msecnd.net DNSName: .adn.azureedge.net DNSName: .ads2.msads.net DNSName: .aspnetcdn.com DNSName: .azurecomcdn.net DNSName: .azureedge.net DNSName: .azureedge-test.net DNSName: .cdn.skype.com DNSName: .cdn.skype.net DNSName: .cmsresources.windowsphone.com DNSName: .cmsresources.windowsphone-int.com DNSName: .dev.skype.com DNSName: .fms.azureedge.net DNSName: .microsoft-sbs-domains.com DNSName: .secure.skypeassets.com DNSName: .secure.skypeassets.net DNSName: .wac.azureedge.net DNSName: .wpc.azureedge.net DNSName: .ec.azureedge.net DNSName: .wpc.ec.azureedge.net DNSName: .wac.ec.azureedge.net DNSName: .adn.ec.azureedge.net DNSName: .fms.ec.azureedge.net DNSName: ajax.microsoft.com DNSName: cdnads.msads.net DNSName: cdn-resources.windowsphone.com DNSName: cdn-resources-beta.windowsphone.com DNSName: ecnads1.msn.com DNSName: iecvlist.microsoft.com DNSName: images-cms-pn.windowsphone-int.com DNSName: images-cms-tst.windowsphone-int.com DNSName: lumiahelptipscdn.microsoft.com DNSName: lumiahelptipscdnqa.microsoft.com DNSName: lumiahelptipsmscdn.microsoft.com DNSName: lumiahelptipsmscdnqa.microsoft.com DNSName: montage.msn.com DNSName: mscrl.microsoft.com DNSName: r20swj13mr.microsoft.com DNSName: .streaming.mediaservices.windows.net DNSName: .origin.mediaservices.windows.net DNSName: download.sysinternals.com DNSName: amp.azure.net DNSName: api.nuget.org DNSName: rt.ms-studiosmedia.com DNSName: gtm.ms-studiosmedia.com DNSName: dist.nuget.org DNSName: .aisvc.visualstudio.com DNSName: .cdn.powerbi.com DNSName: dist.asp.net DNSName: embed.powerbi.com DNSName: msitembed.powerbi.com DNSName: dxtembed.powerbi.com DNSName: .cdn.powerappscdn.net DNSName: downloads.subscriptionsint.tfsallin.net DNSName: download.my.visualstudio.com DNSName: cdn.vsassets.io DNSName: cdnppe.vsassets.io DNSName: stream.microsoft.com DNSName: datafactory.azure.com DNSName: .cortanaanalytics.com DNSName: do.skype.com DNSName: software-download.office.microsoft.com DNSName: software-download.microsoft.com DNSName: prss.centralvalidation.com DNSName: .gallerycdn.vsassets.io DNSName: .gallerycdnppe.vsassets.io DNSName: global.asazure.windows.net DNSName: download.learningdownloadcenter.microsoft.com DNSName: www.videobreakdown.com DNSName: www.breakdown.me DNSName: .gallerycdntest.vsassets.io DNSName: download2.microsoft.com DNSName: cp.dsp.microsoft.com DNSName: agavecdn.o365weve-dev.com DNSName: agavecdn.o365weve-ppe.com DNSName: agavecdn.o365weve.com DNSName: download.visualstudio.com DNSName: .Applicationinsights.net DNSName: .Applicationinsights.io DNSName: .Applicationinsights.microsoft.com DNSName: .sfbassets.com DNSName: .sfbassets.net DNSName: download.mono-project.com DNSName: .streaming.media-test.windows-int.net DNSName: .origin.mediaservices.windows-int.net DNSName: .mp.microsoft.com DNSName: download.visualstudio.microsoft.com DNSName: software-download.coem.microsoft.com DNSName: cdn.wallet.microsoft-ppe.com DNSName: cdn.wallet.microsoft.com DNSName: vi.microsoft.com DNSName: www.videoindexer.ai][10]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: AF CA 5C F7 CE 42 84 AC FD C4 D9 17 B0 58 DC 1C ..\..B.......X..0010: CD CF 3E 2B ..>+]]] Algorithm: [SHA256withRSA] Signature:0000: 38 EE 6F 16 20 44 98 02 C1 75 28 59 21 C1 F8 1E 8.o. D...u(Y!...0010: 9B 68 A8 57 96 89 49 48 B2 EF B0 6D BC 65 F7 5B .h.W..IH...m.e.[0020: B5 C8 7A B2 1A 5D C6 D9 F1 22 9D 36 76 EC 63 4D ..z..]...".6v.cM0030: D2 3B 84 1F 1F 83 F6 B6 C1 C8 F8 91 6D 39 9A C8 .;..........m9..0040: 4C ED 2D E7 E0 87 01 47 24 A5 74 66 37 E7 C6 92 L.-....G$.tf7...0050: 61 0E 11 07 2D A9 0C CB 63 E8 95 23 98 D4 AC DD a...-...c..#....0060: 29 B1 35 44 D2 1E 0D C3 40 EE 39 08 8E 88 B8 1B ).5D....@.9.....0070: 1F 8A F0 66 38 97 C2 30 2A CE 6B 95 73 6D F1 4D ...f8..0.k.sm.M0080: A4 B2 CB B9 47 36 06 1F 8A AB 59 1F 97 0C E3 0B ....G6....Y.....0090: 9B F4 01 66 7A 09 5A 78 88 B1 FD 8B A1 FE A4 1A ...fz.Zx........00A0: E7 53 29 FC 63 C5 D3 BB 4B BB 92 23 DA 01 75 78 .S).c...K..#..ux00B0: 79 3B F8 D6 CB A9 1E 32 DF A1 B4 5A A6 5C 7D A1 y;.....2...Z.\..00C0: B1 53 53 68 40 67 B8 2E EB DE FA B9 0D 23 1B 0C .SSh@g.......#..00D0: 19 DC AD C9 27 B4 29 BA 95 7B 4B BB DF 58 F7 56 ....'.)...K..X.V00E0: B5 1E 75 36 14 46 D8 FF B4 A6 F0 28 DA 3A CA 12 ..u6.F.....(.:..00F0: 94 5E 45 F6 4B 46 1D 6F FF CB F8 B4 44 C0 3D 86 .^E.KF.o....D.=.0100: 0D C0 37 7E FA 57 41 B8 92 1B F7 FA 0D D2 6B DD ..7..WA.......k.0110: C5 80 F1 54 99 8B 14 75 D0 0D D0 4C F7 32 67 13 ...T...u...L.2g.0120: 2D 6B A5 E5 69 3C 16 05 AD 05 8F AE 55 E2 EC 7C -k..i<......U...0130: 4D DE DE 99 82 7D C8 72 50 65 8B 34 ED 3B B8 A1 M......rPe.4.;..0140: A9 C6 01 22 EC 82 7D 05 21 7E DC 74 46 EC 74 9E ..."....!..tF.t.0150: 1D D4 8B 00 3F E4 10 18 D0 EA D8 E8 65 95 FE E9 ....?.......e...0160: 22 41 0A C6 80 3D 75 CF 2D 98 C6 6C 54 EF BE 60 "A...=u.-..lT..`0170: 31 2D 1C 9F A5 0B DE 2A 6D 23 03 15 D0 53 90 E9 1-.....m#...S..0180: 43 C3 AB AB 0F 03 36 9C 3F 62 1B 8A 94 AE CF A4 C.....6.?b......0190: 34 43 AB 56 8E C3 AA 12 D3 7F 45 85 5C D2 DD 23 4C.V......E.\..#01A0: 65 23 FC E3 F6 51 40 F6 D3 0D 4E C5 3F 4C D6 20 e#...Q@...N.?L. 01B0: 0F E1 7C 18 69 31 DB 27 0F D1 E4 A8 8A 48 5F 12 ....i1.'.....H_.01C0: DC 66 BA 8D D7 5A B8 77 32 78 4A 93 0E C3 A6 0E .f...Z.w2xJ.....01D0: 3B 5F F7 0A C5 55 96 AB C4 A5 70 49 9D F3 8B 51 ;_...U....pI...Q01E0: 59 0C 2E 95 0C B7 FE 34 E7 2A D2 2D 5B 98 F8 A0 Y......4..-[...01F0: 8F 4A 38 52 47 75 74 67 23 7F 45 A5 F5 11 F6 CC .J8RGutg#.E.....]
Jun 8, 2017 14:22:44.623066902 CEST	443	49218	72.21.81.200	192.168.1.81	CN=Microsoft IT SSL SHA2, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed May 07 19:04:09 CEST 2014	Mon May 07 19:03:30 CEST 2018	[[ Version: V3 Subject: CN=Microsoft IT SSL SHA2, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 4096 bits modulus: 856346252147681095531487657896208775529392570871270739541547656304946186337150025406692403816841622511911362583630424396793275647141867270866840690817025219347773735765802949433253521575884380009133362973276339871342927778470495975448937806685783429794469131879519348587026317046468956224702428125122647846517114639580465833230798904514497256617415305854488459765292877638489732936291819814011375894387200589578322693347915830480163679659038622705073213697766041497450598739345457839557197242509088964439815610006179823855772962212352661583402987609934239423540839283578918329472154182460688721063338324385558431958134145467846948920756751744859811561978667430438139577369855280292356554256643346678832671994189948875677882282660398559500378142160213322773020338909177908588090796092907176697730272260822320523133406159167663529381896382723524150626204675362984170546028545445590020372056502614209846403986541505644602279203940727512733887581549284738720405498522357365555958542658888010209540372662781747546788764044933068920388441693145503606586017974091513711459186006091170503138182616128360282021248417537850857888968945059405922540236449369081660323465765998905631038654387934655547230298400512461379266062187132090830373431547 public exponent: 65537 Validity: [From: Wed May 07 19:04:09 CEST 2014, To: Mon May 07 19:03:30 CEST 2018] Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE SerialNumber: [ 0727aa47]Certificate Extensions: 8[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=falseAuthorityInfoAccess [ [ accessMethod: ocsp accessLocation: URIName: http://ocsp.omniroot.com/baltimoreroot]][2]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: E5 9D 59 30 82 47 58 CC AC FA 08 54 36 86 7B 3A ..Y0.GX....T6..:0010: B5 04 4D F0 ..M.]][3]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:true PathLen:0][4]: ObjectId: 2.5.29.31 Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://cdp1.public-trust.com/CRL/Omniroot2025.crl]]][5]: ObjectId: 2.5.29.32 Criticality=falseCertificatePolicies [ [CertificatePolicyId: [1.3.6.1.4.1.6334.1.0][PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 2D 68 74 74 70 3A 2F 2F 63 79 62 65 72 74 72 .-http://cybertr0010: 75 73 74 2E 6F 6D 6E 69 72 6F 6F 74 2E 63 6F 6D ust.omniroot.com0020: 2F 72 65 70 6F 73 69 74 6F 72 79 2E 63 66 6D /repository.cfm]] ] [CertificatePolicyId: [1.3.6.1.4.1.311.42.1][] ]][6]: ObjectId: 2.5.29.37 Criticality=falseExtendedKeyUsages [ serverAuth clientAuth OCSPSigning][7]: ObjectId: 2.5.29.15 Criticality=trueKeyUsage [ DigitalSignature Key_CertSign Crl_Sign][8]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: 51 AF 24 26 9C F4 68 22 57 80 26 2B 3B 46 62 15 Q.$&..h"W.&+;Fb.0010: 7B 1E CC A5 ....]]] Algorithm: [SHA256withRSA] Signature:0000: 69 62 F6 84 91 00 C4 6F 82 7B 24 E1 42 A2 A5 8B ib.....o..$.B...0010: 82 5C A7 C5 44 CB E7 52 76 63 D3 76 9E 78 E2 69 .\..D..Rvc.v.x.i0020: 35 B1 38 BA B0 96 C6 1F AC 7B C6 B2 65 77 8B 7D 5.8.........ew..0030: 8D AE 64 B9 A5 8C 17 CA 58 65 C3 AD 82 F5 C5 A2 ..d.....Xe......0040: F5 01 13 93 C6 7E 44 E5 C4 61 FA 03 B6 56 C1 72 ......D..a...V.r0050: E1 C8 28 C5 69 21 8F AC 6E FD 7F 43 83 36 B8 C0 ..(.i!..n..C.6..0060: D6 A0 28 FE 1A 45 BE FD 93 8C 8D A4 64 79 1F 14 ..(..E......dy..0070: DB A1 9F 21 DC C0 4E 7B 17 22 17 B1 B6 3C D3 9B ...!..N.."...<..0080: E2 0A A3 7E 99 B0 C1 AC D8 F4 86 DF 3C DA 7D 14 ............<...0090: 9C 40 C1 7C D2 18 6F F1 4F 26 45 09 95 94 5C DA .@....o.O&E...\.00A0: D0 98 F8 F4 4C 82 96 10 DE AC 30 CB 2B AE F9 92 ....L.....0.+...00B0: EA BF 79 03 FC 1E 3F AC 09 A4 3F 65 FD 91 4F 96 ..y...?...?e..O.00C0: 24 A7 CE B4 4E 6A 96 29 17 AE C0 A8 DF 17 22 F4 $...Nj.)......".00D0: 17 E3 DC 1C 39 06 56 10 EA EA B5 74 17 3C 4E DD ....9.V....t.<N.00E0: 7E 91 0A A8 0B 78 07 A7 31 44 08 31 AB 18 84 0F .....x..1D.1....00F0: 12 9C E7 DE 84 2C E9 6D 93 45 BF A8 C1 3F 34 DC .....,.m.E...?4.]
Jun 8, 2017 14:22:44.623066902 CEST	443	49218	72.21.81.200	192.168.1.81	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Fri May 12 20:46:00 CEST 2000	Tue May 13 01:59:00 CEST 2025	[[ Version: V3 Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5 Key: Sun RSA public key, 2048 bits modulus: 20579176651421167987106471718888186309534186253587759121109122482694167416584428920295678216035822449451639581023765122994089008826314029843654807108803739729565431642116323937940944378450034252354609020536286175863324156219063038927409933070688727356676027216359532593504366119272034244698731524943132462329205729047681997715455240148827523651706429854757422624117805863121520494307655271426986078917217383478420381375139154341613794371303682232583316393601620034638044186782252195438345309455714637508276892061355357785328168602107026282695945834955006612147350315937204256563720794300123948598669913435346712336953 public exponent: 65537 Validity: [From: Fri May 12 20:46:00 CEST 2000, To: Tue May 13 01:59:00 CEST 2025] Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE SerialNumber: [ 020000b9]Certificate Extensions: 3[1]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:true PathLen:3][2]: ObjectId: 2.5.29.15 Criticality=trueKeyUsage [ Key_CertSign Crl_Sign][3]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: E5 9D 59 30 82 47 58 CC AC FA 08 54 36 86 7B 3A ..Y0.GX....T6..:0010: B5 04 4D F0 ..M.]]] Algorithm: [SHA1withRSA] Signature:0000: 85 0C 5D 8E E4 6F 51 68 42 05 A0 DD BB 4F 27 25 ..]..oQhB....O'%0010: 84 03 BD F7 64 FD 2D D7 30 E3 A4 10 17 EB DA 29 ....d.-.0......)0020: 29 B6 79 3F 76 F6 19 13 23 B8 10 0A F9 58 A4 D4 ).y?v...#....X..0030: 61 70 BD 04 61 6A 12 8A 17 D5 0A BD C5 BC 30 7C ap..aj........0.0040: D6 E9 0C 25 8D 86 40 4F EC CC A3 7E 38 C6 37 11 ...%..@O....8.7.0050: 4F ED DD 68 31 8E 4C D2 B3 01 74 EE BE 75 5E 07 O..h1.L...t..u^.0060: 48 1A 7F 70 FF 16 5C 84 C0 79 85 B8 05 FD 7F BE H..p..\..y......0070: 65 11 A3 0F C0 02 B4 F8 52 37 39 04 D5 A9 31 7A e.......R79...1z0080: 18 BF A0 2A F4 12 99 F7 A3 45 82 E3 3C 5E F5 9D ...*.....E..<^..0090: 9E B5 C8 9E 7C 2E C8 A4 9E 4E 08 14 4B 6D FD 70 .........N..Km.p00A0: 6D 6B 1A 63 BD 64 E6 1F B7 CE F0 F2 9F 2E BB 1B mk.c.d..........00B0: B7 F2 50 88 73 92 C2 E2 E3 16 8D 9A 32 02 AB 8E ..P.s.......2...00C0: 18 DD E9 10 11 EE 7E 35 AB 90 AF 3E 30 94 7A D0 .......5...>0.z.00D0: 33 3D A7 65 0F F5 FC 8E 9E 62 CF 47 44 2C 01 5D 3=.e.....b.GD,.]00E0: BB 1D B5 32 D2 47 D2 38 2E D0 FE 81 DC 32 6A 1E ...2.G.8.....2j.00F0: B5 EE 3C D5 FC E7 81 1D 19 C3 24 42 EA 63 39 A9 ..<.......$B.c9.]
Jun 8, 2017 14:22:44.837447882 CEST	443	49219	72.21.81.200	192.168.1.81	CN=*.vo.msecnd.net	CN=Microsoft IT SSL SHA2, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US	Tue May 09 20:05:49 CEST 2017	Fri Feb 09 19:05:49 CET 2018	[[ Version: V3 Subject: CN=.vo.msecnd.net Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 2048 bits modulus: 24077274476734318411276736546990489592537887718132911054112092161102347616283624539727907400815643311418631916620051428466005153506370205669212047314396238807452223591680438224136368255058062796503289898220126136637434470293914742186899417675732322457396057316698573865647906819655552394390948999814380479683170766870132274884882157792671460780116034633269590372594172601665545685076409924091840089705920402574649946670494009671912409359848424986715747507696464840231895877760645217485086881402789102697881798623553689113645798478089806864225707423923967056999891642459535304288818044484516124423013500322338996624309 public exponent: 65537 Validity: [From: Tue May 09 20:05:49 CEST 2017, To: Fri Feb 09 19:05:49 CET 2018] Issuer: CN=Microsoft IT SSL SHA2, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US SerialNumber: [ 5a000836 1e5d57dd 3554334c eb000000 08361e]Certificate Extensions: 10[1]: ObjectId: 1.3.6.1.4.1.311.21.10 Criticality=falseExtension unknown: DER encoded OCTET string =0000: 04 1A 30 18 30 0A 06 08 2B 06 01 05 05 07 03 01 ..0.0...+.......0010: 30 0A 06 08 2B 06 01 05 05 07 03 02 0...+.......[2]: ObjectId: 1.3.6.1.4.1.311.21.7 Criticality=falseExtension unknown: DER encoded OCTET string =0000: 04 30 30 2E 06 26 2B 06 01 04 01 82 37 15 08 83 .00..&+.....7...0010: CF 89 4D AD F2 02 85 A1 9F 0C 82 FA CA 7D 81 E1 ..M.............0020: FB 74 81 4F 87 B4 CF 7C 81 CD BA 32 02 01 64 02 .t.O.......2..d.0030: 01 1C ..[3]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=falseAuthorityInfoAccess [ [ accessMethod: caIssuers accessLocation: URIName: http://www.microsoft.com/pki/mscorp/msitwww2.crt, accessMethod: ocsp accessLocation: URIName: http://ocsp.msocsp.com]][4]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: 51 AF 24 26 9C F4 68 22 57 80 26 2B 3B 46 62 15 Q.$&..h"W.&+;Fb.0010: 7B 1E CC A5 ....]][5]: ObjectId: 2.5.29.31 Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://mscrl.microsoft.com/pki/mscorp/crl/msitwww2.crl, URIName: http://crl.microsoft.com/pki/mscorp/crl/msitwww2.crl]]][6]: ObjectId: 2.5.29.32 Criticality=falseCertificatePolicies [ [CertificatePolicyId: [1.3.6.1.4.1.311.42.1][PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 28 68 74 74 70 3A 2F 2F 77 77 77 2E 6D 69 63 .(http://www.mic0010: 72 6F 73 6F 66 74 2E 63 6F 6D 2F 70 6B 69 2F 6D rosoft.com/pki/m0020: 73 63 6F 72 70 2F 63 70 73 00 scorp/cps.]] ]][7]: ObjectId: 2.5.29.37 Criticality=falseExtendedKeyUsages [ serverAuth clientAuth][8]: ObjectId: 2.5.29.15 Criticality=falseKeyUsage [ DigitalSignature Key_Encipherment Data_Encipherment][9]: ObjectId: 2.5.29.17 Criticality=falseSubjectAlternativeName [ DNSName: .vo.msecnd.net DNSName: .adn.azureedge.net DNSName: .ads2.msads.net DNSName: .aspnetcdn.com DNSName: .azurecomcdn.net DNSName: .azureedge.net DNSName: .azureedge-test.net DNSName: .cdn.skype.com DNSName: .cdn.skype.net DNSName: .cmsresources.windowsphone.com DNSName: .cmsresources.windowsphone-int.com DNSName: .dev.skype.com DNSName: .fms.azureedge.net DNSName: .microsoft-sbs-domains.com DNSName: .secure.skypeassets.com DNSName: .secure.skypeassets.net DNSName: .wac.azureedge.net DNSName: .wpc.azureedge.net DNSName: .ec.azureedge.net DNSName: .wpc.ec.azureedge.net DNSName: .wac.ec.azureedge.net DNSName: .adn.ec.azureedge.net DNSName: .fms.ec.azureedge.net DNSName: ajax.microsoft.com DNSName: cdnads.msads.net DNSName: cdn-resources.windowsphone.com DNSName: cdn-resources-beta.windowsphone.com DNSName: ecnads1.msn.com DNSName: iecvlist.microsoft.com DNSName: images-cms-pn.windowsphone-int.com DNSName: images-cms-tst.windowsphone-int.com DNSName: lumiahelptipscdn.microsoft.com DNSName: lumiahelptipscdnqa.microsoft.com DNSName: lumiahelptipsmscdn.microsoft.com DNSName: lumiahelptipsmscdnqa.microsoft.com DNSName: montage.msn.com DNSName: mscrl.microsoft.com DNSName: r20swj13mr.microsoft.com DNSName: .streaming.mediaservices.windows.net DNSName: .origin.mediaservices.windows.net DNSName: download.sysinternals.com DNSName: amp.azure.net DNSName: api.nuget.org DNSName: rt.ms-studiosmedia.com DNSName: gtm.ms-studiosmedia.com DNSName: dist.nuget.org DNSName: .aisvc.visualstudio.com DNSName: .cdn.powerbi.com DNSName: dist.asp.net DNSName: embed.powerbi.com DNSName: msitembed.powerbi.com DNSName: dxtembed.powerbi.com DNSName: .cdn.powerappscdn.net DNSName: downloads.subscriptionsint.tfsallin.net DNSName: download.my.visualstudio.com DNSName: cdn.vsassets.io DNSName: cdnppe.vsassets.io DNSName: stream.microsoft.com DNSName: datafactory.azure.com DNSName: .cortanaanalytics.com DNSName: do.skype.com DNSName: software-download.office.microsoft.com DNSName: software-download.microsoft.com DNSName: prss.centralvalidation.com DNSName: .gallerycdn.vsassets.io DNSName: .gallerycdnppe.vsassets.io DNSName: global.asazure.windows.net DNSName: download.learningdownloadcenter.microsoft.com DNSName: www.videobreakdown.com DNSName: www.breakdown.me DNSName: .gallerycdntest.vsassets.io DNSName: download2.microsoft.com DNSName: cp.dsp.microsoft.com DNSName: agavecdn.o365weve-dev.com DNSName: agavecdn.o365weve-ppe.com DNSName: agavecdn.o365weve.com DNSName: download.visualstudio.com DNSName: .Applicationinsights.net DNSName: .Applicationinsights.io DNSName: .Applicationinsights.microsoft.com DNSName: .sfbassets.com DNSName: .sfbassets.net DNSName: download.mono-project.com DNSName: .streaming.media-test.windows-int.net DNSName: .origin.mediaservices.windows-int.net DNSName: .mp.microsoft.com DNSName: download.visualstudio.microsoft.com DNSName: software-download.coem.microsoft.com DNSName: cdn.wallet.microsoft-ppe.com DNSName: cdn.wallet.microsoft.com DNSName: vi.microsoft.com DNSName: www.videoindexer.ai][10]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: AF CA 5C F7 CE 42 84 AC FD C4 D9 17 B0 58 DC 1C ..\..B.......X..0010: CD CF 3E 2B ..>+]]] Algorithm: [SHA256withRSA] Signature:0000: 38 EE 6F 16 20 44 98 02 C1 75 28 59 21 C1 F8 1E 8.o. D...u(Y!...0010: 9B 68 A8 57 96 89 49 48 B2 EF B0 6D BC 65 F7 5B .h.W..IH...m.e.[0020: B5 C8 7A B2 1A 5D C6 D9 F1 22 9D 36 76 EC 63 4D ..z..]...".6v.cM0030: D2 3B 84 1F 1F 83 F6 B6 C1 C8 F8 91 6D 39 9A C8 .;..........m9..0040: 4C ED 2D E7 E0 87 01 47 24 A5 74 66 37 E7 C6 92 L.-....G$.tf7...0050: 61 0E 11 07 2D A9 0C CB 63 E8 95 23 98 D4 AC DD a...-...c..#....0060: 29 B1 35 44 D2 1E 0D C3 40 EE 39 08 8E 88 B8 1B ).5D....@.9.....0070: 1F 8A F0 66 38 97 C2 30 2A CE 6B 95 73 6D F1 4D ...f8..0.k.sm.M0080: A4 B2 CB B9 47 36 06 1F 8A AB 59 1F 97 0C E3 0B ....G6....Y.....0090: 9B F4 01 66 7A 09 5A 78 88 B1 FD 8B A1 FE A4 1A ...fz.Zx........00A0: E7 53 29 FC 63 C5 D3 BB 4B BB 92 23 DA 01 75 78 .S).c...K..#..ux00B0: 79 3B F8 D6 CB A9 1E 32 DF A1 B4 5A A6 5C 7D A1 y;.....2...Z.\..00C0: B1 53 53 68 40 67 B8 2E EB DE FA B9 0D 23 1B 0C .SSh@g.......#..00D0: 19 DC AD C9 27 B4 29 BA 95 7B 4B BB DF 58 F7 56 ....'.)...K..X.V00E0: B5 1E 75 36 14 46 D8 FF B4 A6 F0 28 DA 3A CA 12 ..u6.F.....(.:..00F0: 94 5E 45 F6 4B 46 1D 6F FF CB F8 B4 44 C0 3D 86 .^E.KF.o....D.=.0100: 0D C0 37 7E FA 57 41 B8 92 1B F7 FA 0D D2 6B DD ..7..WA.......k.0110: C5 80 F1 54 99 8B 14 75 D0 0D D0 4C F7 32 67 13 ...T...u...L.2g.0120: 2D 6B A5 E5 69 3C 16 05 AD 05 8F AE 55 E2 EC 7C -k..i<......U...0130: 4D DE DE 99 82 7D C8 72 50 65 8B 34 ED 3B B8 A1 M......rPe.4.;..0140: A9 C6 01 22 EC 82 7D 05 21 7E DC 74 46 EC 74 9E ..."....!..tF.t.0150: 1D D4 8B 00 3F E4 10 18 D0 EA D8 E8 65 95 FE E9 ....?.......e...0160: 22 41 0A C6 80 3D 75 CF 2D 98 C6 6C 54 EF BE 60 "A...=u.-..lT..`0170: 31 2D 1C 9F A5 0B DE 2A 6D 23 03 15 D0 53 90 E9 1-.....m#...S..0180: 43 C3 AB AB 0F 03 36 9C 3F 62 1B 8A 94 AE CF A4 C.....6.?b......0190: 34 43 AB 56 8E C3 AA 12 D3 7F 45 85 5C D2 DD 23 4C.V......E.\..#01A0: 65 23 FC E3 F6 51 40 F6 D3 0D 4E C5 3F 4C D6 20 e#...Q@...N.?L. 01B0: 0F E1 7C 18 69 31 DB 27 0F D1 E4 A8 8A 48 5F 12 ....i1.'.....H_.01C0: DC 66 BA 8D D7 5A B8 77 32 78 4A 93 0E C3 A6 0E .f...Z.w2xJ.....01D0: 3B 5F F7 0A C5 55 96 AB C4 A5 70 49 9D F3 8B 51 ;_...U....pI...Q01E0: 59 0C 2E 95 0C B7 FE 34 E7 2A D2 2D 5B 98 F8 A0 Y......4..-[...01F0: 8F 4A 38 52 47 75 74 67 23 7F 45 A5 F5 11 F6 CC .J8RGutg#.E.....]
Jun 8, 2017 14:22:44.837447882 CEST	443	49219	72.21.81.200	192.168.1.81	CN=Microsoft IT SSL SHA2, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed May 07 19:04:09 CEST 2014	Mon May 07 19:03:30 CEST 2018	[[ Version: V3 Subject: CN=Microsoft IT SSL SHA2, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 4096 bits modulus: 856346252147681095531487657896208775529392570871270739541547656304946186337150025406692403816841622511911362583630424396793275647141867270866840690817025219347773735765802949433253521575884380009133362973276339871342927778470495975448937806685783429794469131879519348587026317046468956224702428125122647846517114639580465833230798904514497256617415305854488459765292877638489732936291819814011375894387200589578322693347915830480163679659038622705073213697766041497450598739345457839557197242509088964439815610006179823855772962212352661583402987609934239423540839283578918329472154182460688721063338324385558431958134145467846948920756751744859811561978667430438139577369855280292356554256643346678832671994189948875677882282660398559500378142160213322773020338909177908588090796092907176697730272260822320523133406159167663529381896382723524150626204675362984170546028545445590020372056502614209846403986541505644602279203940727512733887581549284738720405498522357365555958542658888010209540372662781747546788764044933068920388441693145503606586017974091513711459186006091170503138182616128360282021248417537850857888968945059405922540236449369081660323465765998905631038654387934655547230298400512461379266062187132090830373431547 public exponent: 65537 Validity: [From: Wed May 07 19:04:09 CEST 2014, To: Mon May 07 19:03:30 CEST 2018] Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE SerialNumber: [ 0727aa47]Certificate Extensions: 8[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=falseAuthorityInfoAccess [ [ accessMethod: ocsp accessLocation: URIName: http://ocsp.omniroot.com/baltimoreroot]][2]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: E5 9D 59 30 82 47 58 CC AC FA 08 54 36 86 7B 3A ..Y0.GX....T6..:0010: B5 04 4D F0 ..M.]][3]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:true PathLen:0][4]: ObjectId: 2.5.29.31 Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://cdp1.public-trust.com/CRL/Omniroot2025.crl]]][5]: ObjectId: 2.5.29.32 Criticality=falseCertificatePolicies [ [CertificatePolicyId: [1.3.6.1.4.1.6334.1.0][PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 2D 68 74 74 70 3A 2F 2F 63 79 62 65 72 74 72 .-http://cybertr0010: 75 73 74 2E 6F 6D 6E 69 72 6F 6F 74 2E 63 6F 6D ust.omniroot.com0020: 2F 72 65 70 6F 73 69 74 6F 72 79 2E 63 66 6D /repository.cfm]] ] [CertificatePolicyId: [1.3.6.1.4.1.311.42.1][] ]][6]: ObjectId: 2.5.29.37 Criticality=falseExtendedKeyUsages [ serverAuth clientAuth OCSPSigning][7]: ObjectId: 2.5.29.15 Criticality=trueKeyUsage [ DigitalSignature Key_CertSign Crl_Sign][8]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: 51 AF 24 26 9C F4 68 22 57 80 26 2B 3B 46 62 15 Q.$&..h"W.&+;Fb.0010: 7B 1E CC A5 ....]]] Algorithm: [SHA256withRSA] Signature:0000: 69 62 F6 84 91 00 C4 6F 82 7B 24 E1 42 A2 A5 8B ib.....o..$.B...0010: 82 5C A7 C5 44 CB E7 52 76 63 D3 76 9E 78 E2 69 .\..D..Rvc.v.x.i0020: 35 B1 38 BA B0 96 C6 1F AC 7B C6 B2 65 77 8B 7D 5.8.........ew..0030: 8D AE 64 B9 A5 8C 17 CA 58 65 C3 AD 82 F5 C5 A2 ..d.....Xe......0040: F5 01 13 93 C6 7E 44 E5 C4 61 FA 03 B6 56 C1 72 ......D..a...V.r0050: E1 C8 28 C5 69 21 8F AC 6E FD 7F 43 83 36 B8 C0 ..(.i!..n..C.6..0060: D6 A0 28 FE 1A 45 BE FD 93 8C 8D A4 64 79 1F 14 ..(..E......dy..0070: DB A1 9F 21 DC C0 4E 7B 17 22 17 B1 B6 3C D3 9B ...!..N.."...<..0080: E2 0A A3 7E 99 B0 C1 AC D8 F4 86 DF 3C DA 7D 14 ............<...0090: 9C 40 C1 7C D2 18 6F F1 4F 26 45 09 95 94 5C DA .@....o.O&E...\.00A0: D0 98 F8 F4 4C 82 96 10 DE AC 30 CB 2B AE F9 92 ....L.....0.+...00B0: EA BF 79 03 FC 1E 3F AC 09 A4 3F 65 FD 91 4F 96 ..y...?...?e..O.00C0: 24 A7 CE B4 4E 6A 96 29 17 AE C0 A8 DF 17 22 F4 $...Nj.)......".00D0: 17 E3 DC 1C 39 06 56 10 EA EA B5 74 17 3C 4E DD ....9.V....t.<N.00E0: 7E 91 0A A8 0B 78 07 A7 31 44 08 31 AB 18 84 0F .....x..1D.1....00F0: 12 9C E7 DE 84 2C E9 6D 93 45 BF A8 C1 3F 34 DC .....,.m.E...?4.]
Jun 8, 2017 14:22:44.837447882 CEST	443	49219	72.21.81.200	192.168.1.81	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Fri May 12 20:46:00 CEST 2000	Tue May 13 01:59:00 CEST 2025	[[ Version: V3 Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5 Key: Sun RSA public key, 2048 bits modulus: 20579176651421167987106471718888186309534186253587759121109122482694167416584428920295678216035822449451639581023765122994089008826314029843654807108803739729565431642116323937940944378450034252354609020536286175863324156219063038927409933070688727356676027216359532593504366119272034244698731524943132462329205729047681997715455240148827523651706429854757422624117805863121520494307655271426986078917217383478420381375139154341613794371303682232583316393601620034638044186782252195438345309455714637508276892061355357785328168602107026282695945834955006612147350315937204256563720794300123948598669913435346712336953 public exponent: 65537 Validity: [From: Fri May 12 20:46:00 CEST 2000, To: Tue May 13 01:59:00 CEST 2025] Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE SerialNumber: [ 020000b9]Certificate Extensions: 3[1]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:true PathLen:3][2]: ObjectId: 2.5.29.15 Criticality=trueKeyUsage [ Key_CertSign Crl_Sign][3]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: E5 9D 59 30 82 47 58 CC AC FA 08 54 36 86 7B 3A ..Y0.GX....T6..:0010: B5 04 4D F0 ..M.]]] Algorithm: [SHA1withRSA] Signature:0000: 85 0C 5D 8E E4 6F 51 68 42 05 A0 DD BB 4F 27 25 ..]..oQhB....O'%0010: 84 03 BD F7 64 FD 2D D7 30 E3 A4 10 17 EB DA 29 ....d.-.0......)0020: 29 B6 79 3F 76 F6 19 13 23 B8 10 0A F9 58 A4 D4 ).y?v...#....X..0030: 61 70 BD 04 61 6A 12 8A 17 D5 0A BD C5 BC 30 7C ap..aj........0.0040: D6 E9 0C 25 8D 86 40 4F EC CC A3 7E 38 C6 37 11 ...%..@O....8.7.0050: 4F ED DD 68 31 8E 4C D2 B3 01 74 EE BE 75 5E 07 O..h1.L...t..u^.0060: 48 1A 7F 70 FF 16 5C 84 C0 79 85 B8 05 FD 7F BE H..p..\..y......0070: 65 11 A3 0F C0 02 B4 F8 52 37 39 04 D5 A9 31 7A e.......R79...1z0080: 18 BF A0 2A F4 12 99 F7 A3 45 82 E3 3C 5E F5 9D ...*.....E..<^..0090: 9E B5 C8 9E 7C 2E C8 A4 9E 4E 08 14 4B 6D FD 70 .........N..Km.p00A0: 6D 6B 1A 63 BD 64 E6 1F B7 CE F0 F2 9F 2E BB 1B mk.c.d..........00B0: B7 F2 50 88 73 92 C2 E2 E3 16 8D 9A 32 02 AB 8E ..P.s.......2...00C0: 18 DD E9 10 11 EE 7E 35 AB 90 AF 3E 30 94 7A D0 .......5...>0.z.00D0: 33 3D A7 65 0F F5 FC 8E 9E 62 CF 47 44 2C 01 5D 3=.e.....b.GD,.]00E0: BB 1D B5 32 D2 47 D2 38 2E D0 FE 81 DC 32 6A 1E ...2.G.8.....2j.00F0: B5 EE 3C D5 FC E7 81 1D 19 C3 24 42 EA 63 39 A9 ..<.......$B.c9.]

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 3028 Parent PID: 540

General

Start time:	14:21:38
Start date:	08/06/2017
Path:	C:\Program Files\Internet Explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x3f0000
File size:	815312 bytes
MD5 hash:	EE79D654A04333F566DF07EBDE217928
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: iexplore.exe PID: 3076 Parent PID: 3028

General

Start time:	14:21:39
Start date:	08/06/2017
Path:	C:\Program Files\Internet Explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' SCODEF:3028 CREDAT:275457 /prefetch:2
Imagebase:	0x6b1f0000
File size:	815312 bytes
MD5 hash:	EE79D654A04333F566DF07EBDE217928
Programmed in:	C, C++ or other language

Chronological Activities

Disassembly

Code Analysis

Reset < >

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report

Overview

General Information

Detection

Confidence

Classification

Analysis Advice

Signature Overview

Phishing:

Networking:

System Summary:

Anti Debugging:

Behavior Graph

Yara Overview

Screenshot

Startup

Created / dropped Files

Contacted Domains/Contacted IPs

Contacted Domains

Contacted IPs

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Packets

Code Manipulations

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: iexplore.exe PID: 3028 Parent PID: 540

General

Chronological Activities

Analysis Process: iexplore.exe PID: 3076 Parent PID: 3028

General

Chronological Activities

Disassembly

Code Analysis